alexgarbarev
commented
4 years ago Hi. Yes, we used low-level C techniques because lacking of other options to do the same thing and/or because of performance optimizations.
I reviewed the code and couldn't find potential problems with the code. If you can find potential security issue with the code, please share your arguments why it's insecure and how to fix it.
These pieces of code are battle tested through years and I can't remember any problems with it.
Meanwhile, about "using malloc = security bugs" and other generalities: https://stackoverflow.com/questions/2840940/is-it-secure-to-use-malloc
jasperblues
Currently, we are using Typhon as DI in our app. After a statical code analysis of our app, the use of malloc and memcpy were reported as security bugs. Has anybody else reported this before? We want to know if you already have an explanation for this usage or if there is a plan of changing the method in a future version.
The problem was detected in following classes:
malloc Source/Factory/Internal/NSInvocation+TCFWrapValues.m Source/Factory/Internal/NSInvocation+TCFInstanceBuilder.m
memcpy Source/Utils/TyphoonIntrospectionUtils.m