Skip to content

Commit

Permalink
DO NOT MERGE: introduce codeQL issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@TimoSairiala
TimoSairiala committed Apr 24, 2024
1 parent c5c188b commit 9514ce4
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
9 changes: 9 additions & 0 deletions libs/libc/stdio/lib_libvsprintf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,6 +159,15 @@ static int vsprintf_internal(FAR struct lib_outstream_s *stream,
FAR struct arg_s *arglist, int numargs,
FAR const IPTR char *fmt, va_list ap)
{
// DO NOT MERGE:

Check failure on line 162 in libs/libc/stdio/lib_libvsprintf.c

View workflow job for this annotation

GitHub Actions / check 

C++ style comment
int test_int = 0;
uint8_t test_uint8_t = 0;

if ( test_int < test_uint8_t ) {

Check failure on line 166 in libs/libc/stdio/lib_libvsprintf.c

View workflow job for this annotation

GitHub Actions / check 

Space follows left parenthesis

Check failure on line 166 in libs/libc/stdio/lib_libvsprintf.c

View workflow job for this annotation

GitHub Actions / check 

Space precedes right parenthesis

Check failure on line 166 in libs/libc/stdio/lib_libvsprintf.c

View workflow job for this annotation

GitHub Actions / check 

Left bracket not on separate line
test_uint8_t = test_int;
}

Check failure on line 168 in libs/libc/stdio/lib_libvsprintf.c

View workflow job for this annotation

GitHub Actions / check 

Bad right brace alignment


Check failure on line 170 in libs/libc/stdio/lib_libvsprintf.c

View workflow job for this annotation

GitHub Actions / check 

Too many blank lines
unsigned char c; /* Holds a char from the format string */
uint16_t flags;
int width;
Expand Down
2 changes: 2 additions & 0 deletions tools/mkdeps.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -794,6 +794,8 @@ static void do_dependency(const char *file)
cmdlen++;
g_command[cmdlen] = '\0';

ret = system(g_command);

Check failure

Code scanning / CodeQL

Uncontrolled data used in OS command Critical

This argument to an OS command is derived from
user input (a command-line argument)
Loading
, dangerously concatenated into
snprintf output argument
Loading
, and then passed to system(cmd).
This argument to an OS command is derived from
user input (a command-line argument)
Loading
, dangerously concatenated into
snprintf output argument
Loading
, and then passed to system(cmd).
This argument to an OS command is derived from
user input (a command-line argument)
Loading
, dangerously concatenated into
strcat output argument
Loading
, and then passed to system(cmd).
This argument to an OS command is derived from
user input (a command-line argument)
Loading
, dangerously concatenated into
strcat output argument
Loading
, and then passed to system(cmd).
This argument to an OS command is derived from
user input (a command-line argument)
Loading
, dangerously concatenated into
snprintf output argument
Loading
, and then passed to system(cmd).

Check failure on line 798 in tools/mkdeps.c

View workflow job for this annotation

GitHub Actions / check 

Blank line contains whitespace
/* Make a copy of g_altpath. We need to do this because at least the
* version of strtok_r above does modify it.
*/
Expand Down

0 comments on commit 9514ce4

Please sign in to comment.