Closed Bug 173795 Opened 22 years ago Closed 18 years ago

flawfinder warnings in xpcom

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME
Milestone:
Future

People

(Reporter: morse, Unassigned)

References

Details

Attachments

(1 file)

flawfinder warnings
79.75 KB, text/html
Details 
Heikki ran flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1 
branch.

flawfinder found 204 warnings in xpcom code (2211-2231 and 2237-419). Go through
that list and for each warning:

* If it is false positive, comment here why it is not an issue
* If it is a real issue, make patch for it here and let's get them checked in

In addition to checking the branch, also check the trunk.

I will attach an excerpt of the log.
Attached file flawfinder warnings 

    
  
Blocks: 148251

    
    

    
  
7 more flawfinder warnings in addtion to the 204 that are attached

3945) xpcom/io/nsFileSpecBeOS.cpp:391 [5] (race) chmod: this accepts filename
arguments; if an attacker can move those files, a race condition results. . Use
fchmod( ) instead.

3946) xpcom/io/nsFileSpecUnix.cpp:447 [5] (race) chmod: this accepts filename
arguments; if an attacker can move those files, a race condition results. . Use
fchmod( ) instead.

3947) xpcom/io/nsLocalFileOS2.cpp:1422 [5] (race) chmod: this accepts filename
arguments; if an attacker can move those files, a race condition results. . Use
fchmod( ) instead.

3948) xpcom/io/nsLocalFileOS2.cpp:1437 [5] (race) chmod: this accepts filename
arguments; if an attacker can move those files, a race condition results. . Use
fchmod( ) instead.

3949) xpcom/io/nsLocalFileUnix.cpp:1030 [5] (race) chmod: this accepts filename
arguments; if an attacker can move those files, a race condition results. . Use
fchmod( ) instead.

3950) xpcom/io/nsLocalFileWin.cpp:1416 [5] (race) chmod: this accepts filename
arguments; if an attacker can move those files, a race condition results. . Use
fchmod( ) instead.

3951) xpcom/io/nsLocalFileWin.cpp:1431 [5] (race) chmod: this accepts filename
arguments; if an attacker can move those files, a race condition results. . Use
fchmod( ) instead.



    
  
Target Milestone: --- → Future
Assignee: dougt → nobody
QA Contact: scc → xpcom

    
    

    
  
Closing all open flawfinder bugs as WORKSFORME because we now have much better tools that do the same (well, better) kind of analysis (Coverity, Klocwork).
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: