While examining the odpi source in preparation for creating an IPS packaged version, I came across the test suite's TestSuiteRunner.c file, which contains these lines:
98 // run executable and return success only if all tests pass
99 result = system(executableName);
While examining the odpi source in preparation for creating an IPS packaged version, I came across the test suite's TestSuiteRunner.c file, which contains these lines:
This violates https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=2130132, aka " ENV33-C. Do not call system()".
The posix_spawn() function (see http://pubs.opengroup.org/onlinepubs/009695399/functions/posix_spawn.html) is available on Linux, Mac osx, Solaris and other UNIX-like systems. For MS Windows, one of the functions noted at https://en.wikipedia.org/wiki/Spawn_(computing) would be preferable.