Flawfinder Failfinder报告了一个缺陷,但我没有';我不认为这有道理
该问题特定于Failfinder报告的模式: 片段Flawfinder Failfinder报告了一个缺陷,但我没有';我不认为这有道理,flawfinder,Flawfinder,该问题特定于Failfinder报告的模式: 片段 unsigned char child_report; ... auto readlen = read(pipefd[0], (void *) &child_report, sizeof(child_report)); if(readlen == -1 || readlen != sizeof(child_report)) { _ret.failure = execute_result::PR
unsigned char child_report;
...
auto readlen = read(pipefd[0], (void *) &child_report, sizeof(child_report));
if(readlen == -1 || readlen != sizeof(child_report)) {
_ret.failure = execute_result::PREIO ; // set some flags to report to the caller
close(pipefd[0]);
return _ret;
}
...
int sec_read = read(pipefd[0], (void *) &child_report, sizeof(child_report));
child_report = 0; // we are not using the read data at all
// we just want to know if the read is successful or not
if (sec_read != 0 && sec_read != -1) { // if success
_ret.failure = execute_result::EXEC; // it means that the child is not able to exec
close(pipefd[0]); // as we set the close-on-exec flag
return _ret; // and we do write after exec in the child
}
我发现Codacy(因此是“缺陷发现者”)在以下两个方面都报告了此类问题:
如果在包含递归循环(CWE-120、CWE-20)的循环中使用,请检查缓冲区边界。
我不明白
代码中是否有我不知道的缺陷?我最后得出结论,这应该是误报。我检查了Failfinder的代码,似乎它基本上是在进行模式匹配