83295 – flawfinder misreports line numbers

Bug 83295 - flawfinder misreports line numbers

Summary: flawfinder misreports line numbers

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All All

Importance:	High normal (vote)
Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-02-25 06:19 UTC by rob holland (RETIRED)
Modified:	2006-02-06 02:11 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
source code from sendmail (main.c,101.39 KB, text/plain) 2005-02-25 06:21 UTC, rob holland (RETIRED)	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description rob holland (RETIRED) gentoo-dev

2005-02-25 06:19:40 UTC

scanning the C file attached flawfinder misreports line numbers for some possible problems.

example:

main.c:923:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
					i = strlen(p) + 1;

Line 923 of main.c is actually just:

                        {

Comment 1 rob holland (RETIRED) gentoo-dev

2005-02-25 06:21:20 UTC

Created attachment 52119 [details]
source code from sendmail

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-02-25 08:04:19 UTC

This is a bug, not a vulnerability. 

Reassigning to maintainer... oops... no metadata.xml... so reassigning to bug-wranglers :)

Comment 3 Jakub Moc (RETIRED) gentoo-dev

2005-11-11 09:44:39 UTC

Re-assign.

Comment 4 Harald van Dijk (RETIRED) gentoo-dev

2006-02-06 02:11:52 UTC

Added a patch, flawfinder-1.26-r1 shows the correct line numbers now. Also e-mailed the author about this.