search

symisc / sod

An Embedded Computer Vision & Machine Learning Library (CPU Optimized & IoT Capable)
https://sod.pixlab.io
Other
1.75k stars 213 forks source link

Fix unbounded write of sscanf() #36

Closed szsam closed 1 year ago

szsam commented 1 year ago

Buffer write operations that do not control the length of data written may overflow.

Machiry commented 8 months ago

Hello @symisc and @timgates42 ,

My name is Aravind Machiry, Assistant Professor at Purdue's ECE Department.

Thank you for considering this pull request. This pull request was the result of our on-going research work (along with @szsam) to improve the security and quality of open-source embedded projects.

In addition to scanning codebases with CodeQL, we are also doing a short (~4 minutes) survey to understand the use of static analysis tools like gcc -Wall and CodeQL in embedded software projects.

It would greatly benefit our research if you could fill this anonymous survey: https://purdue.ca1.qualtrics.com/jfe/form/SV_0OnXfr5plPe1QCa

Thank you, Aravind