From 2e40c869df425738ef06e7159a16adf5bf82c548 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 10 Sep 2014 15:57:26 -0400 Subject: [PATCH 08/18] Try to avoid covscan freaking out about sscanf with %n. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit covscan says: 5. efibootmgr-0.8.0/src/lib/disk.c:96:tainted_data_argument – Calling function "fgets(char * restrict, int, FILE * restrict)" taints argument "line". 10. efibootmgr-0.8.0/src/lib/disk.c:103:vararg_transitive – Call to "sscanf(char const * restrict, char const * restrict, ...)" with tainted argument "line" taints "major". 11. efibootmgr-0.8.0/src/lib/disk.c:103:vararg_transitive – Call to "sscanf(char const * restrict, char const * restrict, ...)" with tainted argument "line" taints "scanned". 13. efibootmgr-0.8.0/src/lib/disk.c:103:tainted_data – Using tainted variable "scanned" as an index into an array "line". I *think* that's really complaining that if sscanf fails before processing %n, then "scanned" is indeterminate here. So I've assigned it to 0. Either way, if any of that goes wrong, the code's going to completely fail. Signed-off-by: Peter Jones --- src/lib/disk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/disk.c b/src/lib/disk.c index 904010b..4536a67 100644 --- a/src/lib/disk.c +++ b/src/lib/disk.c @@ -56,7 +56,7 @@ get_virtblk_major(void) } while (fgets(line, sizeof line, f) != NULL) { size_t len = strlen(line); - int major, scanned; + int major, scanned = 0; if (len == 0 || line[len - 1] != '\n') { break; @@ -95,7 +95,7 @@ get_nvme_major(void) } while (fgets(line, sizeof line, f) != NULL) { size_t len = strlen(line); - int major, scanned; + int major, scanned = 0; if (len == 0 || line[len - 1] != '\n') { break; -- 1.9.3