Closed Bug 173997 Opened 22 years ago Closed 22 years ago

flawfinder warnings in mail database

Categories

(MailNews Core :: Database, defect)

Product:
MailNews Core
Component:
Database
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: morse, Assigned: Bienvenu)

References

Details

Heikki ran flawfinder (http://www.dwheeler.com/flawfinder) on Mozilla 1.0.1 
branch.

flawfinder found 1 warning in mailnews database code (3741). Go through
that list and for each warning:

* If it is false positive, comment here why it is not an issue
* If it is a real issue, make patch for it here and let's get them checked in

In addition to checking the branch, also check the trunk.

3741) mailnews/db/msgdb/src/nsMsgDatabase.cpp:894 [4] (buffer) strcpy: does not 
check for buffer overflows. Consider using strncpy or strlcpy.
Blocks: 148251
This instance of strcpy is safe for the following reason:

dst = result which is dimensioned 2 more than the length of src = ioPath
so we have room for the terminating zero, and room for one more char besides 
src is then possibly reduced by 1, which makes things even safer
dst is then possibly increased by 1, but we had room for one extra character

therefore scrcpy(dst,src) is safe in this case

Closing this report out as invalid.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.