flawfinder for AmigaOS 4

	Bottom Previous Topic Next Topic
Register To Post

« 1 (2)

afxgroup

Re: flawfinder for AmigaOS 4

Posted on: 2022/7/30 16:31 #21

Amigans Defender

Just compiled

Resized Image

That's why I told you that you are mixing the libraries.
However it is using fork/waitpid to execute tests. How did you replace the functions?

i'm really tired...

salass00

Re: flawfinder for AmigaOS 4

Posted on: 2022/7/30 19:55 #22

Just can't stay away

@afxgroup

For whatever reason it's definitely using the wrong libstdc++.a (newlib version) for walkero. The clib2 version should be in a clib2 sub-directory from where the newlib one is.

salass00

Re: flawfinder for AmigaOS 4

Posted on: 2022/7/30 20:00 #23

Just can't stay away

@trixie

Quote:

and second, what other method does the Flawfinder author recommend if not strlen()?

There is the strnlen() function which is like strlen() but allows to limit how far the function will go to look for a '\0' character.

walkero

Re: flawfinder for AmigaOS 4

Posted on: 2022/7/30 20:05 #24

Site Builder

@afxgroup and @salass00
Yeah, I was compiling with the wrong libstdc++. You are both right.
I just compiled it with the right one and the linker worked fine, but not the binary. I had some crashes and I am going to test it further.

Follow me on
Ko-fi, Twitter, YouTube, Twitch

msteed

Re: flawfinder for AmigaOS 4

Posted on: 2022/7/31 3:08 #25

Just popping in

@LiveForIt

Quote:

well strlen() is not used to write strings into buffer ... memcpy is not meant for string operating in general, as the name suggest meant for copy memory.

True, it would be silly to use strlen() and then memcpy() when strcpy() would do the same thing more efficiently. But Flawfinder still considers strlen() a potential security flaw, so I was trying to give a simple example to demonstrate why. A little too simple, perhaps.

Quote:

Strncpy should be used instead, like sprintf is unsafe, while snprintf is safe.

Unfortunately, the standard C library does not have a good length-limited string copy. strncpy() sounds like it is, but if the source string is longer than the specified length then the destination string is not NUL-terminated. That keeps the destination buffer from overflowing, but results in an unterminated string, which rightly earns strncpy() a warning from Flawfinder.

Depending on how portable you want your code to be, there are non-standard alternatives such as strnlen() and strlcpy(). Both newlib and clib2 have these, but other C libraries may not.

Raziel

Re: flawfinder for AmigaOS 4

Posted on: 2022/7/31 12:09 #26

Home away from home

@walkero

python seems broken here...

Quote:

Python 2.5.6

flawfinder test/
Traceback (most recent call last):
File "flawfinder", line 44, in <module>
import functools
File "SYS:System/Python/Lib/functools.py", line 10, in <module>
from _functools import partial
ImportError: No module named _functools

Help

--

game box/art scans
scummvm infrequent builds

walkero

Re: flawfinder for AmigaOS 4

Posted on: 2022/7/31 14:34 #27

Site Builder

@Raziel
As much as I know this should come with the the OS and the updates. I would recommend you have a look at the AmigaOS 4.1 FE CD and the updates. If you can't find it, please let me know.

Follow me on
Ko-fi, Twitter, YouTube, Twitch

walkero

Re: flawfinder for AmigaOS 4

Posted on: 2022/9/22 22:14 #28

Site Builder

Today I released the cppcheck tool for everyone to use and test your code with.

You can find info at https://ko-fi.com/post/cppcheck-for-AmigaOS-4-released-F1F5F7C7T

You can download it from my personal Git repo at https://git.walkero.gr/walkero/cppcheck/releases and soon from OS4Depot.

Hope it will be useful for you.

Follow me on
Ko-fi, Twitter, YouTube, Twitch

Register To Post	« 1 (2)
	Top Previous Topic Next Topic

Currently Active Users Viewing This Thread: 1 ( 0 members and 1 Anonymous Users )