CodeQL warnings #19
Comments
|
Unfortunately the issue link above is now returning a 404. Can you either provide an updated link or at least describe the warning you're receiving? Also, I notice you're not using our original repos for SSKR or Shamir, but if you do have a simple code fix for any warnings you're receiving, we'd love it if you could file a PR on the original repos! |
|
Hi @wolfmcnally, The links above seem to still work fine for me so I think github may be blocking public access to security warnings generated by Code QL. I have added you as a colaborator on the app-sskr-check repo so hopefully the links work now. The gist of the warnings are that In a loop condition, comparison of a value of a narrow type with a value of a wide type may result in unexpected behavior if the wider value is sufficiently large (or small). This is because the narrower value may overflow. This can lead to an infinite loop. i.e. a uint8_t being compared to a size_t in a loop condition in line 385 of A simple fix would be to cast |
Yes, I just copied the latest version of bc-shamir and bc-sskr. There has been very minor change to the original.
|
Hi,
I am using bc-sskr in an application I am writing to generate SSKR shares on Ledger hardware wallet devices: SSKR Check
CodeQL is giving a warning about bc-sskr which maybe you would like to be aware of.
See here:
https://github.com/aido/app-sskr-check/security/code-scanning/13
or here:
https://codeql.github.com/codeql-query-help/cpp/cpp-comparison-with-wider-type/
bc-sskr/src/encoding.c
Line 385 in 84e1e76
The text was updated successfully, but these errors were encountered: