CWE-686 in tools/elf2uf2/main.cpp:132

raspberrypi / pico-sdk

BSD 3-Clause "New" or "Revised" License

3.67k stars 913 forks source link

CWE-686 in tools/elf2uf2/main.cpp:132 #1584

Closed tjko closed 4 months ago

tjko commented 9 months ago

Github code scanning is flagging CWE-686 in tools/elf2uf2/main.cpp:132

This argument should be of type 'void *' but is of type 'unsigned int'.
CodeQL

geurtv commented 9 months ago

The type unsigned int is correct, the %p in the format string is what's wrong. Should probably be 0x%08x instead.

tjko commented 9 months ago

Looking the other other similar calls, I updated the pull request to use %08x as that seems to match how addresses are printed in the surrounding code...

kilograham commented 4 months ago

merged into develop