added simple chroot support instead of dropping privilages · Soviet-Linux/libspm@3c6a27f

Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11

src/install.c:93:9 [clang-analyzer-unix.Malloc]: src/install.c#L93

Potential leak of memory pointed to by 'env_path'

src/install.c:97:9 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]: src/install.c#L97

Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11

src/install.c:99:15 [cppcoreguidelines-init-variables]: src/install.c#L99

variable 'env_file' is not initialized

src/install.c:100:18 [clang-analyzer-unix.Malloc]: src/install.c#L100

Potential leak of memory pointed to by 'env_path'

src/install.c:119:17 [clang-analyzer-core.NonNullParamChecker]: src/install.c#L119

Null pointer passed to 2nd parameter expecting 'nonnull'

src/install.c:160:8 [clang-analyzer-core.NonNullParamChecker]: src/install.c#L160

Null pointer passed to 1st parameter expecting 'nonnull'

src/install.c:182:13 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]: src/install.c#L182

Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'sprintf_s' in case of C11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

added simple chroot support instead of dropping privilages #185

Summary

added simple chroot support instead of dropping privilages #185

Jobs

Run details

c-lint.yml

Annotations