#2 string idx out of range line 1303

[Axel Naumann]

Hi,

I believe I've found a flaw in flawfinder. Running on a file that ends on a space instead of a newline will cause flawfinder 1.27 to bail out with
Traceback (most recent call last):
File "/build/axel/flawfinder/flawfinder-1.27/flawfinder", line 1863, in ?
flawfind()
File "/build/axel/flawfinder/flawfinder-1.27/flawfinder", line 1857, in flawfind
if process_files():
File "/build/axel/flawfinder/flawfinder-1.27/flawfinder", line 1713, in process_files
process_file_args(files, patch_infos)
File "/build/axel/flawfinder/flawfinder-1.27/flawfinder", line 1517, in process_file_args
process_c_file(f, patch_infos)
File "/build/axel/flawfinder/flawfinder-1.27/flawfinder", line 1303, in process_c_file
c = text[i]
IndexError: string index out of range
Reproduce with
echo -n ' ' > test2.c; flawfinder test2.c

Real world case is in freetype-2.1.9's src/otlayout/otljstf.c

Cheers, Axel.

[Alexis Wilke]

Logged In: YES
user_id=554061
Originator: NO

Hi there,

Indeed, our normal editors don't allow us to not have a newline at the end of a file. 8-)

I have a patch here. I did not see a way to load an attachment however... Maybe because I'm not the owner of this bug...

Alexis
--------------

1303c1303,1306
< c = text[i]
---
> if i >= len(text):
> c = ''
> else:
> c = text[i]
1439c1442
< print '(C) 2001-2004 <a href="http://www.dwheeler.com">David A. Wheeler</a>.'
---
> print '(C) 2001-2007 <a href="http://www.dwheeler.com">David A. Wheeler</a>.'
1441c1444
< print "Flawfinder version %s, (C) 2001-2004 David A. Wheeler." % version
---
> print "Flawfinder version %s, (C) 2001-2007 David A. Wheeler." % version

[Alexis Wilke]

Logged In: YES
user_id=554061
Originator: NO

I actually posted the patch here:

http://sourceforge.net/tracker/index.php?func=detail&aid=1676972&group_id=186989&atid=919501

[David A. Wheeler]

Fixed. Dup of separate issue.