Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#77 Unchecked error conditions in qrdectxt.c

latest_mercurial
open
nobody
None
5
2013-06-25
2013-06-25
Robert S
No

A Veracode scan of code which includes the 1.2 iOS SDK reports the following static analysis flaws:

qrdectxt.c line 58:
Attack Vector: calloc
Description: The result of this call to calloc() is not checked for success before being used. This can result in application instability or crashing if memory is not available.
Remediation: Be sure to check the result and make sure it is correct before use. Some functions return a pointer which should be validated as not NULL before use. Other functions return integers or Boolean values that must either be zero or non-zero for the results of the function to be used. Consult the API documentation to determine what a correct result is from the function call.

qrdectxt.c line 347:
Attack Vector: realloc
Description: The result of this call to realloc() is not checked for success before being used. This can result in application instability or crashing if memory is not available.
Remediation: Be sure to check the result and make sure it is correct before use. Some functions return a pointer which should be validated as not NULL before use. Other functions return integers or Boolean values that must either be zero or non-zero for the results of the function to be used. Consult the API documentation to determine what a correct result is from the function call.

qrdectxt.c line 136:
Attack Vector: malloc
Description: The result of this call to malloc() is not checked for success before being used. This can result in application instability or crashing if memory is not available.
Remediation: Be sure to check the result and make sure it is correct before use. Some functions return a pointer which should be validated as not NULL before use. Other functions return integers or Boolean values that must either be zero or non-zero for the results of the function to be used. Consult the API documentation to determine what a correct result is from the function call.

Discussion