Login
Username:

Password:

Remember me



Lost Password?

Register now!

Sections

Who's Online
79 user(s) are online (55 user(s) are browsing Forums)

Members: 3
Guests: 76

daveyw, salass00, Futaura, more...

Headlines

 
  Register To Post
« 1 (2)

Re: flawfinder for AmigaOS 4
Amigans Defender
Amigans Defender


See User information
Just compiled

Resized Image


That's why I told you that you are mixing the libraries.
However it is using fork/waitpid to execute tests. How did you replace the functions?

i'm really tired...
Go to top
Re: flawfinder for AmigaOS 4
Just can't stay away
Just can't stay away


See User information
@afxgroup

For whatever reason it's definitely using the wrong libstdc++.a (newlib version) for walkero. The clib2 version should be in a clib2 sub-directory from where the newlib one is.

Go to top
Re: flawfinder for AmigaOS 4
Just can't stay away
Just can't stay away


See User information
@trixie

Quote:

and second, what other method does the Flawfinder author recommend if not strlen()?


There is the strnlen() function which is like strlen() but allows to limit how far the function will go to look for a '\0' character.

Go to top
Re: flawfinder for AmigaOS 4
Site Builder
Site Builder


See User information
@afxgroup and @salass00
Yeah, I was compiling with the wrong libstdc++. You are both right.
I just compiled it with the right one and the linker worked fine, but not the binary. I had some crashes and I am going to test it further.

Go to top
Re: flawfinder for AmigaOS 4
Just popping in
Just popping in


See User information
@LiveForIt

Quote:
well strlen() is not used to write strings into buffer ... memcpy is not meant for string operating in general, as the name suggest meant for copy memory.

True, it would be silly to use strlen() and then memcpy() when strcpy() would do the same thing more efficiently. But Flawfinder still considers strlen() a potential security flaw, so I was trying to give a simple example to demonstrate why. A little too simple, perhaps.

Quote:
Strncpy should be used instead, like sprintf is unsafe, while snprintf is safe.

Unfortunately, the standard C library does not have a good length-limited string copy. strncpy() sounds like it is, but if the source string is longer than the specified length then the destination string is not NUL-terminated. That keeps the destination buffer from overflowing, but results in an unterminated string, which rightly earns strncpy() a warning from Flawfinder.

Depending on how portable you want your code to be, there are non-standard alternatives such as strnlen() and strlcpy(). Both newlib and clib2 have these, but other C libraries may not.

Go to top
Re: flawfinder for AmigaOS 4
Home away from home
Home away from home


See User information
@walkero

python seems broken here...

Quote:

Python 2.5.6

flawfinder test/
Traceback (most recent call last):
File "flawfinder", line 44, in <module>
import functools
File "SYS:System/Python/Lib/functools.py", line 10, in <module>
from _functools import partial
ImportError: No module named _functools


Help

People are dying.
Entire ecosystems are collapsing.
We are in the beginning of a mass extinction.
And all you can talk about is money and fairytales of eternal economic growth.
How dare you!
– Greta Thunberg
Go to top
Re: flawfinder for AmigaOS 4
Site Builder
Site Builder


See User information
@Raziel
As much as I know this should come with the the OS and the updates. I would recommend you have a look at the AmigaOS 4.1 FE CD and the updates. If you can't find it, please let me know.

Go to top
Re: flawfinder for AmigaOS 4
Site Builder
Site Builder


See User information
Today I released the cppcheck tool for everyone to use and test your code with.

You can find info at https://ko-fi.com/post/cppcheck-for-AmigaOS-4-released-F1F5F7C7T

You can download it from my personal Git repo at https://git.walkero.gr/walkero/cppcheck/releases and soon from OS4Depot.

Hope it will be useful for you.

Go to top

  Register To Post
« 1 (2)

 




Currently Active Users Viewing This Thread: 1 ( 0 members and 1 Anonymous Users )




Powered by XOOPS 2.0 © 2001-2016 The XOOPS Project