Мы используем куки, чтобы пользоваться сайтом было удобно.
Хорошо
to the top

Вебинар: Использование статических анализаторов кода при разработке безопасного ПО - 19.12

>
>
>
Примеры ошибок, обнаруженных с помощью …

Примеры ошибок, обнаруженных с помощью диагностики V618

V618. Dangerous call of 'Foo' function. The passed line may contain format specification. Example of safe code: printf("%s", str);


TortoiseSVN

V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); pofile.cpp 158


BOOL CPOFile::ParseFile(....)
{
  ....
  printf(File.getloc().name().c_str());
  ....
}

"file%s%i%s.txt" - The file name that will ruin everything.


Source Engine SDK

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Vice vice.cpp 52


static void Exit(const char *msg)
{
  fprintf( stderr, msg );
  Pause();
  exit( -1 );
}

Similar errors can be found in some other places:

  • V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Captioncompiler captioncompiler.cpp 94
  • V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); Vtf2tga vtf2tga.cpp 40

CryEngine 3 SDK

V618 It's dangerous to call the 'sprintf_s' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); gamephysicssettings.cpp 174


void CGamePhysicsSettings::Debug(....) const
{
  ....
  sprintf_s(buf, bufLen, pEntity->GetName());
  ....
}

WinSCP

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); asyncsslsocketlayer.cpp 2247


bool CAsyncSslSocketLayer::CreateSslCertificate(....)
{
  ....
  char buffer[1001];
  int len;
  while ((len = pBIO_read(bio, buffer, 1000)) > 0)
  {
    buffer[len] = 0;
    fprintf(file, buffer);
  }
  ....
}

Miranda NG

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); NewXstatusNotify utils.cpp 92


void LogToFile(TCHAR *stzText)
{
  FILE *fp = _tfopen(opt.LogFilePath, _T("a+b, ccs=UTF-8"));
  if (fp) {
    char *encodedText = mir_utf8encodeT(stzText);
    if (encodedText) {
      fprintf(fp, encodedText);
      mir_free(encodedText);
    }
    fclose(fp);
  }
}

LibreOffice

V618 It's dangerous to call the 'fprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); unoapploader.c 405


void writeError( const char* errstr )
{
  FILE* ferr = getErrorFile( 1 );
  if ( ferr != NULL )
  {
    fprintf( ferr, errstr );
    fflush( ferr );
  }
}

Similar errors can be found in some other places:

  • V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); climaker_app.cxx 261
  • V618 It's dangerous to call the 'printf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); climaker_app.cxx 313

Apple II emulator

V618 It's dangerous to call the 'sprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debug.cpp 733


Update_t CmdProfile (int nArgs)
{
  ....
  sprintf( g_aArgs[ 1 ].sArg,
           g_aParameters[ PARAM_RESET ].m_sName );
  ....
}

Similar errors can be found in some other places:

  • V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 129
  • V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 672
  • V618 It's dangerous to call the 'wsprintfA' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); debugger_help.cpp 675
  • And 17 additional diagnostic messages.

Tizen

V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); ise-stt-mode.cpp 802


void ise_show_stt_mode(Evas_Object *win)
{
  ....
  snprintf(buf, BUF_LEN, gettext("IDS_ST_SK_CANCEL"));
  ....
}

Similar errors can be found in some other places:

  • V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); app_tracker.c 459
  • V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); screen_reader_system.c 443
  • V618 It's dangerous to call the 'snprintf' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); screen_reader_system.c 447
  • And 2 additional diagnostic messages.

close form

Заполните форму в два простых шага ниже:

Ваши контактные данные:

Шаг 1
Поздравляем! У вас есть промокод!

Тип желаемой лицензии:

Шаг 2
Team license
Enterprise license
** Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности
close form
Запросите информацию о ценах
Новая лицензия
Продление лицензии
--Выберите валюту--
USD
EUR
RUB
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
Бесплатная лицензия PVS‑Studio для специалистов Microsoft MVP
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
Для получения лицензии для вашего открытого
проекта заполните, пожалуйста, эту форму
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
Мне интересно попробовать плагин на:
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
check circle
Ваше сообщение отправлено.

Мы ответим вам на


Если вы так и не получили ответ, пожалуйста, проверьте, отфильтровано ли письмо в одну из следующих стандартных папок:

  • Промоакции
  • Оповещения
  • Спам