velox icon indicating copy to clipboard operation
velox copied to clipboard

Published 20 hours ago verified publisher icon facebookincubator

Fix security vulnerabilities

Open majetideepak opened this issue 1 year ago • 4 comments

IBM code scan found a few issues.

  • Use of uninitialized variables: It is always safe to initialize variables. Most instances fixed in the PR get initialized in a function but depending on a function is unsafe.
  • Detect and handle memory allocation errors
  • Bitwise operations (~, <<, >>, &, ^ and |) and their combinations with assign operator (<<=, >>=, &=, ^= and |=) are not normally meaningful on signed integers. Bitwise operators should be used only with unsigned integer operands, as the result of bitwise operations on signed integers are implementation-defined.

majetideepak avatar Oct 15 '24 16:10 majetideepak

Deploy Preview for meta-velox canceled.

Name Link
Latest commit b404ab5830393086a85cfdf28f712be9f69aec72
Latest deploy log https://app.netlify.com/sites/meta-velox/deploys/67115d2c35a5df000899dcac

netlify[bot] avatar Oct 15 '24 16:10 netlify[bot]

Thanks @majetideepak ! Is it possible to add what cve's this fixes ?

kgpai avatar Oct 15 '24 16:10 kgpai

@kgpai I updated the description. Thanks!

majetideepak avatar Oct 15 '24 18:10 majetideepak

@kgpai has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

facebook-github-bot avatar Oct 18 '24 22:10 facebook-github-bot

@kgpai merged this pull request in facebookincubator/velox@878388f706e56abd3da6df6727e5496bdc577411.

facebook-github-bot avatar Oct 28 '24 18:10 facebook-github-bot

Conbench analyzed the 1 benchmark run on commit 878388f7.

There were no benchmark performance regressions. 🎉

The full Conbench report has more details.

conbench-facebook[bot] avatar Oct 28 '24 18:10 conbench-facebook[bot]