You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello! I checked the source code of e2fsprogs using a static analyzer and found a couple of suspicious places.
Here they are:
misc/e4crypt.c file, 225 line.
The memset() call will be deleted by compiler in release build and sensitive data won`t be deleted.
misc/badblocks.c file, 806 line.
If I understand correctly, this loop is never executed because of num_saved=0 in 786 line. It is an old code, so I assume it works correctly, but it looks strange to me and I decided to mention it.
Thank you in advance for the answer, and I apologize for bothering you if I'm wrong.
The text was updated successfully, but these errors were encountered:
Hello! I checked the source code of e2fsprogs using a static analyzer and found a couple of suspicious places.
Here they are:
misc/e4crypt.c file, 225 line.
The memset() call will be deleted by compiler in release build and sensitive data won`t be deleted.
misc/badblocks.c file, 806 line.
If I understand correctly, this loop is never executed because of num_saved=0 in 786 line. It is an old code, so I assume it works correctly, but it looks strange to me and I decided to mention it.
Thank you in advance for the answer, and I apologize for bothering you if I'm wrong.
The text was updated successfully, but these errors were encountered: