fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
security(CWE-134): fix format string injections + add CI check fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps fix(db): sqlite cleanup on failures, sqlite3_close_v2 fix(xmpp): queued_messages loop, barejid leak perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys refactor(ui): CLAMP macro in _check_subwin_width test: XEP-0012 and XEP-0045 functional tests Author: jabber.developer2 Closes #58, #85
This commit is contained in:
@@ -144,6 +144,16 @@ scan-build make
|
||||
scan-view ...
|
||||
```
|
||||
|
||||
### Security checks
|
||||
|
||||
We have a static analyzer `check-cwe134.sh` that detects CWE-134 format string vulnerabilities. It runs automatically in CI but you can also run it locally:
|
||||
|
||||
```bash
|
||||
./check-cwe134.sh
|
||||
```
|
||||
|
||||
This checks for unsafe patterns where data could be passed directly as a format string to functions like `printf`, `cons_show`, etc. Never pass a raw string for formatting; use `"%s"` format specifier instead.
|
||||
|
||||
### Finding typos
|
||||
|
||||
We include a `.codespellrc` configuration file for `codespell` in the root directory.
|
||||
|
||||
Reference in New Issue
Block a user