Defects found in static analysis
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libfcgi (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
I am using libfcgi-2.4.0 armhf version in my application. Which is available here https:/
We run Coverity Scan on code and we have found the following defects:
1. File os_unix.c
line 295 and 398
defect : Copy into fixed size buffer. The string operation will write past the end of the fixed-size
2. File fcgiapp.c
line 600
defect : Out-of-bounds access. Access of memory not owned by this buffer may cause crashes or incorrect
3. File fcgiapp.c
line 1471
defect : Dereference null return value. If the function actually returns a null value, a null pointer
4. File fcgio.cpp
line 157 and 165
defect : Operands don't affect result. The expression's value does not depend on the operands; often,
this represents an inadvertent logic error. result_
Please let me know if these issues will be getting fixed in coming versions.
Hello
Thanks for taking the time to report this bug; this kind of analysis is probably best fed back to the actual upstream project, rather than to a distribution. Upstream development happens here:
https:/ /github. com/FastCGI- Archives/ fcgi2
Marking this bug as a won't fix for Ubuntu.