Re: [brlcad-devel] mged fails regesssion on trunk
Open Source Solid Modeling CAD
Brought to you by:
brlcad
Menu
▾
▴
Re: [brlcad-devel] mged fails regesssion on trunk
|
From: Tom B. <tom...@gm...> - 2012-04-08 16:27:37
|
On Sun, Apr 8, 2012 at 10:19, Clifford Yapp <cli...@gm...> wrote: > > On Sun, Apr 8, 2012 at 8:59 AM, Tom Browder <tom...@gm...> wrote: >> >> On Sun, Apr 8, 2012 at 07:48, Tom Browder <tom...@gm...> wrote: >> > On Sat, Apr 7, 2012 at 21:53, Clifford Yapp <cli...@gm...> wrote: >> ... >> > I'm still investigating... >> >> All works with an autotools build--perhaps a cmake problem with the tcl >> stuff? > > > Conceivable. What are the details of the errors? For one thing, I just noticed that "make" env | grepp with autotools removes the regress/CMakeLists.txt, that is confusing the issue! Okay, I just found a disconnect with the tcl library version--cured that with an install BEFORE the regress check (did tcl bump a patch number recently?). Now regression failure has changed to this for both builds: ERROR: relos does not exist! Output: invalid command name "relos" But, for cmake, the regression fails at that point. For autotools, there is another regression failure: /bin/sh ../regress/flawfinder.sh .. running flawfinder... Error: File ended while in string. Error: File ended while in string. Error: File ended while in comment. Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler. Number of dangerous functions in C/C++ ruleset: 160 ../src/other/jove/jove_io.c:564: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchown( ) instead. ../src/other/libz/contrib/untgz/untgz.c:32: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/libz/contrib/untgz/untgz.c:277: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/libz/examples/gun.c:526: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/libz/examples/gun.c:529: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchown( ) instead. ../src/other/openNURBS/opennurbs_object.cpp:856: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add). Consider strlcat or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. ../src/other/step/src/clprobe-ui/stepenteditor.cc:166: [5] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add). Consider strlcat or automatically resizing strings. Risk is high; the length parameter appears to be a constant, instead of computing the number of characters left. ../src/other/step/src/exppp/exppp.c:270: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:457: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach. ../src/other/tcl/unix/tclUnixFCmd.c:840: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:872: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:1268: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:1270: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:1489: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchown( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:1553: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchown( ) instead. ../src/other/tcl/unix/tclUnixFCmd.c:1645: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/unix/tclUnixFile.c:788: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach. ../src/other/tcl/unix/tclUnixFile.c:959: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach. ../src/other/tcl/unix/tclUnixTest.c:730: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. ../src/other/tcl/win/tclWinFile.c:1898: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. Reconsider approach. ../src/other/tcl/win/tclWinTest.c:777: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. . Use fchmod( ) instead. Hits = 21 Lines analyzed = 2377147 in 54.61 seconds (43934 lines/second) Physical Source Lines of Code (SLOC) = 1646674 Hits@level = [0] 0 [1] 0 [2] 0 [3] 0 [4] 0 [5] 21 Hits@level+ = [0+] 21 [1+] 21 [2+] 21 [3+] 21 [4+] 21 [5+] 21 Hits/KSLOC@level+ = [0+] 0.012753 [1+] 0.012753 [2+] 0.012753 [3+] 0.012753 [4+] 0.012753 [5+] 0.012753 Minimum risk level = 5 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! -> flawfinder.sh FAILED For both builds, mged is working again. Thanks, Cliff. Best, -Tom |
