osh code security scanner reports a number of warnings for qatlib 25.08 #114
Description
hi, openscanhub code security scanner reports a number of issues in qatlib 25.08:
$ cat scan-results-summary.txt
5 OVERRUN overrun-buffer-val
3 RESOURCE_LEAK leaked_handle
5 RESOURCE_LEAK leaked_storage
5 UNINIT uninit_use_in_call
1 VARARGS missing_va_end
some of them look like non-issue or false-positive to me. like the uninit_use_in_call: Using uninitialized value "namelist" when calling "scandir" one. i believe this one can be ignored or just updated to struct dirent **namelist = NULL; to silence the scanner.
the missing_va_end: "va_end" was not called for "args" is easily fixed just by adding va_end() call.
but overrun-buffer-val: Overrunning array "valStr" of 64 bytes, leaked_storage and leaked_handle is worth looking into, i believe. i cannot determine if they are real issues unfortunately. they all can be a low-impact, but still i would like to share security scanner findings.
please, see "scan-results.html" or "scan-results.err" for the plain-text report in the attached report archive: qatlib-25.08-vs-24.02.tar.gz
thank you!