Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code assumption failed to pass static analyzer #157

Open
zicofish opened this issue Mar 3, 2022 · 1 comment
Open

Code assumption failed to pass static analyzer #157

zicofish opened this issue Mar 3, 2022 · 1 comment

Comments

@zicofish
Copy link
Contributor

zicofish commented Mar 3, 2022

The PRG code won't pass some strict static analyzer (warning as error), pointing to a potential vulnerability here:

emp-tool/emp-tool/utils/prg.h

Line 85 in 44b1dde

memcpy(data, tmp, nbytes);

There seems to be an assumption about the execution condition of the second branch: nbytes <= 32, which might be ensured by the call to std::align. Perhaps this should be made more explicit in the code?
@wangxiao1254
Copy link
Member

Let me think about how to make it explicit. If you can paste the precise complaints from the static analyzer, that would be helpful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wangxiao1254 @zicofish