call to ‘fprintf’ from within signal handler [CWE-479]
Jeffrey Walton
noloader@gmail.com
Thu Jul 16 08:49:45 GMT 2020
Hi Everyone,
I'm testing a build with the GCC 10 analyzer. Add -fanalyzer to
CFLAGS. If you need GCC 10, then you can find it on Fedora 32.
The Analyzer is producing a finding:
bzip2.c:677:4: warning: call to ‘fprintf’ from within signal handler
[CWE-479] [-Wanalyzer-unsafe-call-within-signal-handler]
677 | fprintf (
| ^~~~~~~~~
678 | stderr,
| ~~~~~~~
679 | "\tInput file = %s, output file = %s\n",
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
680 | inName, outName
| ~~~~~~~~~~~~~~~
681 | );
There are two additional findings that are similar.
More information about the Bzip2-devel
mailing list