这个问题特定于 Flawfinder 报告的模式:
代码段
unsigned char child_report;
...
auto readlen = read(pipefd[0], (void *) &child_report, sizeof(child_report));
if(readlen == -1 || readlen != sizeof(child_report)) {
_ret.failure = execute_result::PREIO ; // set some flags to report to the caller
close(pipefd[0]);
return _ret;
}
...
int sec_read = read(pipefd[0], (void *) &child_report, sizeof(child_report));
child_report = 0; // we are not using the read data at all
// we just want to know if the read is successful or not
if (sec_read != 0 && sec_read != -1) { // if success
_ret.failure = execute_result::EXEC; // it means that the child is not able to exec
close(pipefd[0]); // as we set the close-on-exec flag
return _ret; // and we do write after exec in the child
}
我原来Codacy(因此是探伤者(在两个阅读中都报告了此类问题:
Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20).
我不明白。
- 没有循环。
- 在第二种情况下,我们根本不使用读取的数据
- 这不是典型的 C 字符串,我们不依赖于结尾 '\0'
代码中是否有任何我不知道的缺陷?
我最终得出结论,这应该是一个误报。我检查了 Flawfinder 的代码,似乎它基本上是在进行模式匹配。
https://github.com/david-a-wheeler/flawfinder/blob/293ca17d8212905c7788aca1df7837d4716bd456/flawfinder#L1057