public inbox for bzip2-devel@sourceware.org
 help / color / mirror / Atom feed
* call to ‘fprintf’ from within signal handler [CWE-479]
@ 2020-07-16  8:49 Jeffrey Walton
  2020-07-16 13:55 ` Mark Wielaard
  0 siblings, 1 reply; 3+ messages in thread
From: Jeffrey Walton @ 2020-07-16  8:49 UTC (permalink / raw)
  To: bzip2-devel

Hi Everyone,

I'm testing a build with the GCC 10 analyzer. Add -fanalyzer to
CFLAGS. If you need GCC 10, then you can find it on Fedora 32.

The Analyzer is producing a finding:

bzip2.c:677:4: warning: call to ‘fprintf’ from within signal handler
[CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
  677 |    fprintf (
      |    ^~~~~~~~~
  678 |       stderr,
      |       ~~~~~~~
  679 |       "\tInput file = %s, output file = %s\n",
      |       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  680 |       inName, outName
      |       ~~~~~~~~~~~~~~~
  681 |    );

There are two additional findings that are similar.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2020-07-16 15:04 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-16  8:49 call to ‘fprintf’ from within signal handler [CWE-479] Jeffrey Walton
2020-07-16 13:55 ` Mark Wielaard
2020-07-16 15:03   ` Jeffrey Walton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).