You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, while packaging qat-zstd-plugin we've run openscanhub source code analyser and it found a couple of issues in this code. They are all for the test/test.c file, so not that much important, I believe. Still, could you please look into adding a couple of checks the analyzer warns about? Please, see an issue example:
Error: OVERRUN [CWE-119] [important]
QAT-ZSTD-Plugin-0.2.0/test/test.c:85:5: return_constant: Function call "lseek(inputFile, 0L, 2)" may return -1.
QAT-ZSTD-Plugin-0.2.0/test/test.c:85:5: assignment: Assigning: "inputFileSize" = "lseek(inputFile, 0L, 2)". The value of "inputFileSize" is now -1.
QAT-ZSTD-Plugin-0.2.0/test/test.c:94:5: overrun-buffer-arg: Calling "read" with "srcBuffer" and "inputFileSize" is suspicious because of the very large index, 18446744073709551615. The index may be due to a negative parameter being interpreted as unsigned.
# 92| assert(dstBuffer != NULL);
# 93|
# 94|-> bytesRead = read(inputFile, srcBuffer, inputFileSize);
Hi, while packaging qat-zstd-plugin we've run openscanhub source code analyser and it found a couple of issues in this code. They are all for the test/test.c file, so not that much important, I believe. Still, could you please look into adding a couple of checks the analyzer warns about? Please, see an issue example:
I'm attaching full results tar-gzipped html file: scan-results-imp.tar.gz. Thank you!
The text was updated successfully, but these errors were encountered: