[Python-bugs-list] [ python-Bugs-429084 ] Results of running Flawfinder
noreply@sourceforge.net
noreply@sourceforge.net
Thu, 31 May 2001 10:31:03 -0700
Bugs item #429084, was updated on 2001-05-31 10:31
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=429084&group_id=5470
Category: Python Interpreter Core
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Itamar Shtull-Trauring (itamar)
Assigned to: Nobody/Anonymous (nobody)
Summary: Results of running Flawfinder
Initial Comment:
I tried running Flawfinder
(http://www.dwheeler.com/flawfinder/) on the Python
source code. SInce I'm not nasty I won't paste *all* of
the errors found, but here some:
/usr/src/python-cvs/Modules/flmodule.c:373 [2] (buffer)
sprintf: does not check for buffer overflows. Use
snprintf or vsnprintf. Risk is low because the source
has a constant maximum length
/usr/src/python-cvs/Modules/posixmodule.c:4191 [3]
(tmpfile) tempnam: temporary file race condition. .
/usr/src/python-cvs/Modules/posixmodule.c:4237 [3]
(tmpfile) tmpnam: temporary file race condition. .
/usr/src/python-cvs/Modules/_weakref.c:141 [4] (buffer)
sprintf: does not check for buffer overflows. Use
snprintf or vsnprintf.
/usr/src/python-cvs/Modules/almodule.c:51 [4] (format)
vsprintf: Potential format string problem. Make Format
string constant.
/usr/src/python-cvs/Modules/getpath.c:169 [4] (buffer)
strcat: does not check for buffer overflows. Consider
using strncat or strlcat.
There were lots more - try it and see.
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=429084&group_id=5470