Checkmarx static analysis reports a CPPBufferOverflow / ImproperNullTermination on zf_log.c on line 953

wonder-mice / zf_log

Core logging library for C/ObjC/C++

MIT License

196 stars 51 forks source link

Closed bdurant closed 1 year ago

bdurant commented 1 year ago

Checkmarx static analysis reports a CPPBufferOverflow / ImproperNullTermination on zf_log.c on line 953:

Screen Shot 2022-11-14 at 7 19 41 PM

wonder-mice commented 1 year ago

False positive, null termination is done later and range is checked above. Also there are a lot of unit tests that test overflow scenario.

bdurant commented 1 year ago

Thank you for taking a look and verifying that it is a false positive.