Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix few vulnerabilities found by Cppcheck
While performing SAST scanning using Cppcheck against source code of commit 8119646, several code vulnerabilities were found. Fix following issues: 1. Parameters of `snprintf` function are incorrect. Cppcheck error: client/mysql_plugin.c:1228: error: snprintf format string requires 6 parameters but only 5 are given. It is due to commit 630d722 introduced option `--lc-messages-dir` in the bootstrap command. However the parameter was not even given in the `snprintf` after changing the format string. Fix: Restructure the code logic and correct the function parameters for `snprintf`. 2. Null pointer is used in a `snprintf` which could cause a crash. Cppcheck error: extra/mariabackup/xbcloud.cc:2534: error: Null pointer dereference The code intended to print the swift_project name, if the opt_swift_project_id is NULL but opt_swift_project is not NULL. However the parameter of `snprintf` was mistakenly using `opt_swift_project_id`. Fix: Change to use the correct string from `opt_swift_project`. 3. Potential double release of a memory Cppcheck error: plugin/auth_pam/testing/pam_mariadb_mtr.c:69: error: Memory pointed to by 'resp' is freed twice. A pointer `resp` is reused and allocated new memory after it has been freed. However, `resp` was not set to NULL after freed. Potential double release of the same pointer if the call back function doesn't allocate new memory for `resp` pointer. Fix: Set the `resp` pointer to NULL after the first free() to make sure the same address is not freed twice. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.
- Loading branch information
1 parent
acfb5df
commit 7bdd878
Showing
3 changed files
with
54 additions
and
61 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters