Closed
Bug 173795
Opened 22 years ago
Closed 18 years ago
flawfinder warnings in xpcom
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
WORKSFORME
Future
People
(Reporter: morse, Unassigned)
References
Details
Attachments
(1 file)
79.75 KB,
text/html
|
Details |
Heikki ran flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1 branch. flawfinder found 204 warnings in xpcom code (2211-2231 and 2237-419). Go through that list and for each warning: * If it is false positive, comment here why it is not an issue * If it is a real issue, make patch for it here and let's get them checked in In addition to checking the branch, also check the trunk. I will attach an excerpt of the log.
Reporter | ||
Comment 1•22 years ago
|
||
Reporter | ||
Comment 2•22 years ago
|
||
7 more flawfinder warnings in addtion to the 204 that are attached 3945) xpcom/io/nsFileSpecBeOS.cpp:391 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. 3946) xpcom/io/nsFileSpecUnix.cpp:447 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. 3947) xpcom/io/nsLocalFileOS2.cpp:1422 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. 3948) xpcom/io/nsLocalFileOS2.cpp:1437 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. 3949) xpcom/io/nsLocalFileUnix.cpp:1030 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. 3950) xpcom/io/nsLocalFileWin.cpp:1416 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. 3951) xpcom/io/nsLocalFileWin.cpp:1431 [5] (race) chmod: this accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead.
Updated•22 years ago
|
Target Milestone: --- → Future
Updated•18 years ago
|
Assignee: dougt → nobody
QA Contact: scc → xpcom
Closing all open flawfinder bugs as WORKSFORME because we now have much better tools that do the same (well, better) kind of analysis (Coverity, Klocwork).
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•