我无法解决Flawfinder发现的这两个警告。你能用一个正确代码的例子回答我吗?
最终结果:
flawfinder_exercise_old_SAL_syntax.cpp:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.<br>
flawfinder_exercise_old_SAL_syntax.cpp:36: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.*
这是第48行:
int execute(char *buf) {
return system(buf); // pass buf as command to be executed by the OS
}
这是第36行:
void copy_data(char *buf1,
char *buf2) {
memcpy(buf2,buf1,STR_SIZE);
buf2[STR_SIZE-1] = NULL; // null terminate, just in case
}