该问题特定于Flawfinder报告的模式:
摘要
unsigned char child_report;
...
auto readlen = read(pipefd[0], (void *) &child_report, sizeof(child_report));
if(readlen == -1 || readlen != sizeof(child_report)) {
_ret.failure = execute_result::PREIO ; // set some flags to report to the caller
close(pipefd[0]);
return _ret;
}
...
int sec_read = read(pipefd[0], (void *) &child_report, sizeof(child_report));
child_report = 0; // we are not using the read data at all
// we just want to know if the read is successful or not
if (sec_read != 0 && sec_read != -1) { // if success
_ret.failure = execute_result::EXEC; // it means that the child is not able to exec
close(pipefd[0]); // as we set the close-on-exec flag
return _ret; // and we do write after exec in the child
}
我发现Codacy(因此发现了缺陷)在这两个方面均报告了此类问题:
Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20).
我不明白。
代码中是否存在我不知道的任何缺陷?
答案 0 :(得分:0)
我最后得出结论,这应该是假阳性。我检查了Flawfinder的代码,看来它基本上是在进行模式匹配。