Potential security issue in lib/sendf.c: Unchecked return from initialization function #5413
What is a Conditionally Uninitialized Variable? The return value of a function that is potentially used to initialize a local variable is not checked. Therefore, reading the local variable may result in undefined behavior.
1 instance of this defect were found in the following locations:
size_t len; char error[CURL_ERROR_SIZE + 2]; va_start(ap, fmt); mvsnprintf(error, CURL_ERROR_SIZE, fmt, ap); <------ HERE len = strlen(error);
How can I fix it?
size_t len; char print_buffer[2048 + 1]; va_start(ap, fmt); len = mvsnprintf(print_buffer, sizeof(print_buffer), fmt, ap); <------ HERE /* * Indicate truncation of the input by replacing the last 3 characters
The text was updated successfully, but these errors were encountered:
bagder added a commit that referenced this issue
May 18, 2020
... and avoid a strlen() call. Fixes a MonocleAI warning. Reported-by: MonocleAI Fixes #5413