Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Compiler V3 #39

Merged
merged 53 commits into from
Dec 23, 2024

fix: final fixes

f99bc8a
Select commit
Loading
Failed to load commit list.
Merged

Compiler V3 #39

fix: final fixes
f99bc8a
Select commit
Loading
Failed to load commit list.
Codacy Production / Codacy Static Code Analysis required action Dec 23, 2024 in 0s

6 new issues (0 max.) of at least minor severity.

Annotations

Check notice on line 130 in src/cli/main.c

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

src/cli/main.c#L130

Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362).  

Check warning on line 130 in src/cli/main.c

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

src/cli/main.c#L130

Usage of the `open` family of functions may hint at a potential Time Of Check Time Of Use (TOCTOU) vulnerability.

Check notice on line 55 in src/compiler/pe/pe.c

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

src/compiler/pe/pe.c#L55

Does not check for buffer overflows when copying to destination (CWE-120).  Make sure destination can always hold the source data. 

Check failure on line 55 in src/compiler/pe/pe.c

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

src/compiler/pe/pe.c#L55

The `memcpy` family of functions require the developer to validate that the destination buffer is the same size or larger than the source buffer.

Check notice on line 50 in src/compiler/utils.c

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

src/compiler/utils.c#L50

Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126).  

Check failure on line 50 in src/compiler/utils.c

See this annotation in the file changed.

@codacy-production codacy-production / Codacy Static Code Analysis

src/compiler/utils.c#L50

The `strlen` family of functions does not handle strings that are not null terminated.