You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AirSim Version/#commit: latest, but it appears in much earlier version like v1.6.0-linux
UE/Unity version: 4.27
N/A
OS Version: Linux Ubuntu 18.04
What's the issue you encountered?
Dear developers,
When we use CodeQL (GitHub's own static code analysis tool) to analyze the project, it has reported an error from code that may cause breakdown. And we found that this potential error tend to exist in the project for a relatively long time. In this issue we will provide the error form a single file DroneShell/include/linenoise.hpp, including its name, location and analysis steps (code data flow). Hopefully it will get your attention, and we are looking forward to further communication.
Settings
We use default settings.
How can the issue be reproduced?
Prepare everything by following the guidance of official docs of Build AirSim on Linux before running './build.sh'
Then use CodeQL create database command to establish database and set '--command = './build.sh'', it looks like: codeql database create new-database --language=<language> --command='./build.sh'
Please note that the process needs a clean build and may take a long time to finish. Using clean command and parallelization techniques based on your hardware environment may help you make it faster
Include full error message in text form
Because of the limit of GitHub, we cannot attach the original file directly. You can contact us by email to obtain it: 2654209843@qq.com
Here is its information that were reported as the most important, they are focused on unbounded-write: Buffer write operations that do not control the length of data written may overflow, which is related to CWE-190. The <number:number> pattern means the specific location of code (e.g. read output argument novatel.c 2001:13, 'fread output argument' is code, '2001:13' is detailed location) in code file and it helps you to detect code data flow in program:
Bug report
What's the issue you encountered?
Dear developers,
When we use CodeQL (GitHub's own static code analysis tool) to analyze the project, it has reported an error from code that may cause breakdown. And we found that this potential error tend to exist in the project for a relatively long time. In this issue we will provide the error form a single file
DroneShell/include/linenoise.hpp, including its name, location and analysis steps (code data flow). Hopefully it will get your attention, and we are looking forward to further communication.Settings
We use default settings.
How can the issue be reproduced?
codeql database create new-database --language=<language> --command='./build.sh'Include full error message in text form
unbounded-write: Buffer write operations that do not control the length of data written may overflow, which is related toCWE-190. The<number:number>pattern means the specific location of code(e.g. read output argument novatel.c 2001:13, 'fread output argument' is code, '2001:13' is detailed location)in code file and it helps you to detect code data flow in program:This 'call to strcpy' with input from (buffer read by read) may overflow the destination:
read output argument linenoise.hpp 3018:29 unicodeReadUTF8Char output argument linenoise.hpp 3646:44 *cbuf linenoise.hpp 3761:41 *cbuf linenoise.hpp 3464:70 memcpy output argument linenoise.hpp 3468:20 *l [post update] [*buf] linenoise.hpp 3468:21 linenoiseEditInsert output argument [*buf] linenoise.hpp 3761:37 *& ... [*buf] linenoise.hpp 3699:38 *l [*buf] linenoise.hpp 3534:61 *l [*buf] linenoise.hpp 3539:58 *buf linenoise.hpp 3539:58 *__s string 897:73 assign output argument string 897:86 operator= output argument linenoise.hpp 3539:16 *call to c_str linenoise.hpp 3551:700000000000021What's better than filing an issue? Filing a pull request :).+
The text was updated successfully, but these errors were encountered: