Skip to content

CWE-479 in CRT.c #1563

New issue
New issue
Open
#1570
Open
CWE-479 in CRT.c#1563
#1570
Labels
code quality ♻️Code quality enhancementgood first issue 🥇Good for newcomers
@BenBE

Description

@BenBE
BenBE
opened on Nov 15, 2024

While compiling I noticed the following warning for CWE-479 from GCC 14:

depbase=`echo CRT.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc-14 -DHAVE_CONFIG_H -I.  -DNDEBUG  -std=c99 -pedantic -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600  -I/usr/include/libnl3 -Wall -Wcast-align -Wcast-qual -Wextra -Wfloat-equal -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-noreturn -Wmissing-prototypes -Wpointer-arith -Wshadow -Wstrict-prototypes -Wundef -Wunused -Wwrite-strings -Wnull-dereference -D_XOPEN_SOURCE_EXTENDED -DSYSCONFDIR="\"/usr/local/etc\"" -I"./linux" -fanalyzer -MT CRT.o -MD -MP -MF $depbase.Tpo -c -o CRT.o CRT.c &&\
mv -f $depbase.Tpo $depbase.Po
CRT.c: In function ‘CRT_handleSIGTERM’:
CRT.c:846:4: warning: call to ‘snprintf’ from within signal handler [CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
  846 |    snprintf(err_buf, sizeof(err_buf),
      |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  847 |            "A signal %d (%s) was received, exiting without persisting settings to htoprc.\n",
      |            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  848 |            sgn, signal_str);
      |            ~~~~~~~~~~~~~~~~
  ‘CRT_installSignalHandlers’: events 1-2
    |
    |  952 | static void CRT_installSignalHandlers(void) {
    |      |             ^~~~~~~~~~~~~~~~~~~~~~~~~
    |      |             |
    |      |             (1) entry to ‘CRT_installSignalHandlers’
    |......
    |  966 |    signal(SIGINT, CRT_handleSIGTERM);
    |      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    |      |    |
    |      |    (2) registering ‘CRT_handleSIGTERM’ as signal handler
    |
  event 3
    |
    |cc1:
    | (3): later on, when the signal is delivered to the process
    |
    +--> ‘CRT_handleSIGTERM’: events 4-7
           |
           |  835 | static void CRT_handleSIGTERM(int sgn) {
           |      |             ^~~~~~~~~~~~~~~~~
           |      |             |
           |      |             (4) entry to ‘CRT_handleSIGTERM’
           |......
           |  838 |    if (!CRT_settings->changed)
           |      |       ~      
           |      |       |
           |      |       (5) following ‘false’ branch...
           |......
           |  841 |    const char* signal_str = strsignal(sgn);
           |      |                             ~~~~~~~~~~~~~~
           |      |                             |
           |      |                             (6) ...to here
           |......
           |  846 |    snprintf(err_buf, sizeof(err_buf),
           |      |    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |      |    |
           |      |    (7) call to ‘snprintf’ from within signal handler
           |  847 |            "A signal %d (%s) was received, exiting without persisting settings to htoprc.\n",
           |      |            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           |  848 |            sgn, signal_str);
           |      |            ~~~~~~~~~~~~~~~~
           |

Metadata

Metadata

Assignees

No one assigned

    Labels

    code quality ♻️Code quality enhancementgood first issue 🥇Good for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions