You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I ran into a case where clang-tidy produces the following warnings:
/__w/idf-extra-components/idf-extra-components/freetype/freetype/src/base/ftbitmap.c:123:9: warning: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11 [clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling]
123 | FT_MEM_COPY( target->buffer, source->buffer,
| ^
/__w/idf-extra-components/idf-extra-components/freetype/freetype/include/freetype/internal/ftmemory.h:238:11: note: expanded from macro 'FT_MEM_COPY'
238 | ft_memcpy( dest, source, (FT_Offset)(count) )
| ^~~~~~~~~
/__w/idf-extra-components/idf-extra-components/freetype/freetype/include/freetype/config/ftstdlib.h:92:21: note: expanded from macro 'ft_memcpy'
92 | #define ft_memcpy memcpy
| ^~~~~~
/__w/idf-extra-components/idf-extra-components/freetype/freetype/src/base/ftbitmap.c:123:9: note: Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard. Replace with analogous functions that support length arguments or provides boundary checks such as 'memcpy_s' in case of C11
123 | FT_MEM_COPY( target->buffer, source->buffer,
| ^
/__w/idf-extra-components/idf-extra-components/freetype/freetype/include/freetype/internal/ftmemory.h:238:11: note: expanded from macro 'FT_MEM_COPY'
238 | ft_memcpy( dest, source, (FT_Offset)(count) )
| ^~~~~~~~~
/__w/idf-extra-components/idf-extra-components/freetype/freetype/include/freetype/config/ftstdlib.h:92:21: note: expanded from macro 'ft_memcpy'
92 | #define ft_memcpy memcpy
| ^~~~~~
When we convert this clang-tidy output into SARIF using clang-tidy-sarif and try to upload the resulting SARIF file to Github CodeQL, Github SARIF linter complains that:
Unable to upload "results.sarif" as it is not valid SARIF:
- instance.runs[0].results[7].relatedLocations contains duplicate item
...
which makes sense, since there are two notes for ftmemory.h:238:11 location.
Clang-tidy output looks quite odd here, I don't understand why it repeats the original message (Call to function 'memcpy' is insecure) as a note. However, there might be more cases where there could be more than one note pointing to the same line.
I guess we need to combine or deduplicate note messages pointing to the same location.
I'll try to find time to submit a PR, but for now I am just opening the issue to not forget about this problem.
The text was updated successfully, but these errors were encountered:
This is probably an issue I introduced in #406.
I ran into a case where clang-tidy produces the following warnings:
When we convert this clang-tidy output into SARIF using clang-tidy-sarif and try to upload the resulting SARIF file to Github CodeQL, Github SARIF linter complains that:
which makes sense, since there are two notes for
ftmemory.h:238:11
location.Clang-tidy output looks quite odd here, I don't understand why it repeats the original message (
Call to function 'memcpy' is insecure
) as a note. However, there might be more cases where there could be more than one note pointing to the same line.I guess we need to combine or deduplicate note messages pointing to the same location.
I'll try to find time to submit a PR, but for now I am just opening the issue to not forget about this problem.
The text was updated successfully, but these errors were encountered: