- Move slow hooks (mypy, pylint, bandit, pytest, prettier) to pre-push stage - Remove redundant autoflake (ruff covers F401/F841) - Fix shellcheck OOM by batching files with xargs -n 40 - Remove tracked .o, .wav, .pyc binaries from git - Move pomodoro wav files to ../testsAndMisc_binaries/ with symlinks - Add *.o, *.so, *.a to .gitignore - Refactor hltb._pick_best_hltb_entry to fix C901/PLR0911/SIM102 - Fix SC2034 warnings in gif_to_square.sh and upgrade.sh - Add disk_cleanup_check.sh script - Various test and code improvements across screen_locker, steam_backlog_enforcer, word_frequency, moviepy_showcase
2.9 KiB
Security Notes for ImageViewer
Static Analysis Warnings
The imageviewer project uses secure coding practices with proper bounds checking. However, clang-analyzer may report warnings about "insecure" functions like memcpy and snprintf. These warnings are related to the clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling check.
Why These Warnings Appear
The static analyzer flags standard C library functions like:
memcpy()- suggests usingmemcpy_s()snprintf()- suggests usingsnprintf_s()strncpy()- suggests usingstrncpy_s()
Why These Are Safe in Our Code
- Proper Bounds Checking: All string operations include explicit length validation before copying
- Buffer Size Validation: We check that destination buffers are large enough
- Null Termination: All strings are properly null-terminated
- Return Value Checking: We validate snprintf return values for buffer overflow detection
Example of Secure Usage
// We validate length before copying
size_t filename_len = strlen(filename);
size_t copy_len = (filename_len < MAX_PATH_LEN - 1) ? filename_len : MAX_PATH_LEN - 1;
memcpy(viewer->current_file, filename, copy_len);
viewer->current_file[copy_len] = '\0'; // Always null-terminate
// We check snprintf return value
int ret = snprintf(full_path, sizeof(full_path), "%s/%s", path, entry->d_name);
if (ret < 0 || ret >= sizeof(full_path)) {
continue; // Skip if path is too long
}
Microsoft-Specific _s Functions
The suggested _s functions (like memcpy_s, snprintf_s) are:
- Microsoft-specific extensions
- Not part of standard C
- Not portable to Linux/Unix systems
- Not available in our build environment
Security Assessment
Status: ✅ SECURE
The current implementation is secure because:
- All buffer operations are bounds-checked
- No user input is directly copied without validation
- File paths are validated for maximum length
- Memory allocation is checked for success
- All arrays have defined maximum sizes
Suppressing Warnings
For development, these specific warnings can be suppressed since the code has been manually reviewed for security:
# Suppress in clang-tidy configuration
-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling
Or use NOLINT comments for specific lines:
memcpy(dest, src, len); // NOLINT(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
Verification
To verify security:
- ✅ All string operations use explicit length checking
- ✅ Buffer overflow conditions are detected and handled
- ✅ No direct user input to buffer operations
- ✅ Static buffers have sufficient size for all use cases
- ✅ Dynamic memory is properly allocated and freed
This codebase follows secure coding practices and the static analysis warnings are false positives due to the analyzer's conservative approach to C library functions.