Skip to content

[pull] master from microsoft:master#42

Merged
pull[bot] merged 2 commits into
cgallred:masterfrom
microsoft:master
Sep 24, 2025
Merged

[pull] master from microsoft:master#42
pull[bot] merged 2 commits into
cgallred:masterfrom
microsoft:master

Conversation

@pull
Copy link
Copy Markdown

@pull pull Bot commented Sep 24, 2025
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

dscho and others added 2 commits September 24, 2025 16:56
@dscho
ReadObjectHook: suppress false positive
92c2b32 
Currently, CodeQL mis-identifies a couple instances of the
usually-legitimate "User-controlled data may not be null terminated"
problem.

In these instances, CodeQL thinks that `packet_txt_read()` fails to
NUL-terminate (not actually "null"... tsk, tsk) the string. But it
totally does! Here is the current definition of that function:

	size_t packet_txt_read(char *buf, size_t count, FILE *stream)
	{
		size_t len;

		len = packet_bin_read(buf, count, stream);
		if (len && buf[len - 1] == '\n')
		{
			len--;
		}

		buf[len] = 0;
		return len;
	}

The `buf[len] = 0` statement guarantees that the string is
NUL-terminated.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
@dscho
Merge pull request #1874 from microsoft/suppress-codeql-false-positive
4bd1703 
ReadObjectHook: suppress false positive
@pull pull Bot locked and limited conversation to collaborators Sep 24, 2025
@pull pull Bot added the ⤵️ pull label Sep 24, 2025
@pull pull Bot merged commit 4bd1703 into cgallred:master Sep 24, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dscho