| Issue |
89710
|
| Summary |
lldb/source/Host/linux/Host.cpp:94: Possible missing field width in scanf %s ?
|
| Labels |
lldb,
code-quality
|
| Assignees |
|
| Reporter |
dcb314
|
Static analyser cppcheck says:
lldb/source/Host/linux/Host.cpp:94:7: warning: sscanf() without field width limits can crash with huge input data. [invalidscanf]
Source code is
if (sscanf(Rest.data(),
"%d %s %c %d %d %d %d %d %u %lu %lu %lu %lu %lu %lu %ld %ld",
&stat_fields.pid, stat_fields.comm, &stat_fields.state,
&stat_fields.ppid, &stat_fields.pgrp, &stat_fields.session,
&stat_fields.tty_nr, &stat_fields.tpgid, &stat_fields.flags,
&stat_fields.minflt, &stat_fields.cminflt, &stat_fields.majflt,
&stat_fields.cmajflt, &stat_fields.utime, &stat_fields.stime,
&stat_fields.cutime, &stat_fields.cstime) < 0) {
but
char comm[task_comm_len];
and
constexpr int task_comm_len = 16;
Might there be some value in adding the string maximum length to the %s ?
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
