Mingjie Shen issues

Results 47 issues of


                                            Mingjie Shen

Fix undefined behavior of signed integer overflow

Testing for overflow by adding a value to a variable to see if it "wraps around" works only for unsigned integer values. Signed integer overflow is undefined behavior in C...

[HAL] fix unbounded write in sscanf

check return value of malloc() for null

Add return statements in thread start routines

All functions that are not void should return a value on every exit path.

Use snprintf() instead of strcat() to concat strings

snprintf() is both safer and more efficient than strcat() when concatenating many strings into one.

Fix integer overflow in calculating do_alloc() size

Fix comparing unsigned difference against zero

Unsigned subtraction can never be negative.

Two missing null check for return values of searchAttributeNyName()

The result of these calls to searchAttributeNyName is not checked for null, but 92% of calls to searchAttributeNyName check for null. https://github.com/alrevuelta/cONNXr/blob/7108b7b9003b3614afd1a80b8e0ea8337a9c3a89/src/operators/ai.onnx/Constant/12/prepare_operator__ai_onnx__constant__12.c#L19 https://github.com/alrevuelta/cONNXr/blob/7108b7b9003b3614afd1a80b8e0ea8337a9c3a89/src/operators/ai.onnx/MaxPool/12/prepare_operator__ai_onnx__maxpool__12.c#L26

[os] [tpl_os_timeobj_kernel] Uninitialized variable

https://github.com/TrampolineRTOS/trampoline/blob/7ac178b0f67268735e8f9084cac49efe545ae80c/os/tpl_os_timeobj_kernel.c#L231 The variable last_to may not be initialized at this access.

ucm: fix TOCTOU race condition

Separately checking the state of a file before operating on it may allow an attacker to modify the file between the two operations. Fix by calling readlink first. If that...