You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When we use CodeQL (GitHub's own static code analysis tool) to analyze the project, it has reported some errors from code that may cause breakdown. And we found that these potential errors tend to exist in the project for a relatively long time. In this issue we will provide the errors form a single file third_party/rtklib/rtkcmn.c, including their names and locations. Hopefully they will get your attention, and we are looking forward to further communication.
System information
OS Platform and Distribution: Linux Ubuntu 18.04
Apollo installed from: source
Apollo version: 9.0, but some appears in a much earlier version like 6.0
Output of apollo.sh config if on master branch: no output can be given because the analysis was run just after standard installation
Steps to reproduce the issue:
Prepare everything by following the guidance of official docs before running './apollo.sh build'
Then use CodeQL create database command to establish database and set '--command = './apollo.sh build'', it looks like: codeql database create new-database --language=<language> --command='./apollo.sh build'
Please note that the process needs a clean build and may take a long time to finish. Using clean command and parallelization techniques based on your hardware environment may help you make it faster
Because of the limit of GitHub, we cannot attach the original file directly. You can contact us by email to obtain it: 2654209843@qq.com
**Here are some errors' information that were reported as the most important, they are focused on overrunning-write-with-float: Buffer write operations that do not control the length of data written may overflow when floating point inputs take extreme values, which is related to CWE-20:
Line: 3708, 3710, 3712, 3714, 3716, 3718, 3720:
This 'call to sprintf' operation may require 311 bytes because of float conversions, but the target is only 64 bytes.
The text was updated successfully, but these errors were encountered:
Dear developers,
When we use CodeQL (GitHub's own static code analysis tool) to analyze the project, it has reported some errors from code that may cause breakdown. And we found that these potential errors tend to exist in the project for a relatively long time. In this issue we will provide the errors form a single file
third_party/rtklib/rtkcmn.c
, including their names and locations. Hopefully they will get your attention, and we are looking forward to further communication.System information
apollo.sh config
if onmaster
branch: no output can be given because the analysis was run just after standard installationSteps to reproduce the issue:
codeql database create new-database --language=<language> --command='./apollo.sh build'
Supporting materials (screenshots, command lines, code/script snippets):
overrunning-write-with-float
: Buffer write operations that do not control the length of data written may overflow when floating point inputs take extreme values, which is related toCWE-20
:Line: 3708, 3710, 3712, 3714, 3716, 3718, 3720:
![image](https://private-user-images.githubusercontent.com/130832095/312279305-5e022ea1-3d59-4cf1-8d7e-3def2b1c3ee1.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk2NDIyMjAsIm5iZiI6MTcxOTY0MTkyMCwicGF0aCI6Ii8xMzA4MzIwOTUvMzEyMjc5MzA1LTVlMDIyZWExLTNkNTktNGNmMS04ZDdlLTNkZWYyYjFjM2VlMS5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNjI5JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDYyOVQwNjE4NDBaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT02MzcwZjE0YzYwZmNlOWQ0MzBmYjEzZDE1YTY5YTE3OTc2NmJkYzZmZGNlMDI3NmEzY2Y1ZDNmMzk0MzZkZDk1JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.Usdf6UCOsOIdWrv5vcfHpN15l9xGWvdo8yXwWr2p3vY)
This 'call to sprintf' operation may require 311 bytes because of float conversions, but the target is only 64 bytes.
The text was updated successfully, but these errors were encountered: