-
Notifications
You must be signed in to change notification settings - Fork 292
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
linenoise update #2307
base: devel
Are you sure you want to change the base?
linenoise update #2307
Conversation
} else { | ||
full_path = malloc((int)(ptr - hint) + FILENAME_MAX + 1); | ||
++ptr; | ||
sprintf(full_path, "%.*s", (int)(ptr - hint), hint); |
Check failure
Code scanning / CodeQL
Unbounded write Critical
buffer read by read
This 'call to sprintf' with input from
buffer read by read
This 'call to sprintf' with input from
buffer read by read
This 'call to sprintf' with input from
buffer read by read
This 'call to sprintf' with input from
string read by fgets
This 'call to sprintf' with input from
string read by fgets
This 'call to sprintf' with input from
buffer read by read
This 'call to sprintf' with input from
buffer read by read
This 'call to sprintf' with input from
buffer read by read
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like a false-positive to me.
if (fp == NULL) return -1; | ||
chmod(filename,S_IRUSR|S_IWUSR); |
Check failure
Code scanning / CodeQL
Time-of-check time-of-use filesystem race condition High
filename
checked
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like a false-positive to me.
f586fc1
to
c5d05b8
Compare
The linenoise source code has been updated to commit d895173 from antirez/linenoise repository. So when you use the diff tool, you'll see bugfixes and customizations for yanglint needs.
The source code of linenoise was modified according to a fork from the yhirose/linenoise repository, commit b35616d.
c292a7f
to
8dbd8f9
Compare
Had to add a new 'cli' command to yanglint in interactive mode. Although the Multiline is more suitable for interactive mode, it creates a problem for tcl tests because it often adds ANSI escape codes. So at the beginning of the tcl tests, multiline is turned off.
I expect alerts from Coverity Scan for
linenoise.c
orutf-8.c