Flawfinder报告的一个缺陷，但我觉得没有道理

Question

这个问题是Flawfinder报告的模式特有的：

小片段

    unsigned char child_report;
    ...
    auto readlen = read(pipefd[0], (void *) &child_report, sizeof(child_report));
    if(readlen == -1 || readlen != sizeof(child_report)) {
      _ret.failure = execute_result::PREIO ; // set some flags to report to the caller
      close(pipefd[0]);
      return _ret;
    }
    ...
    int sec_read = read(pipefd[0], (void *) &child_report, sizeof(child_report));
    child_report = 0; // we are not using the read data at all
                      // we just want to know if the read is successful or not
    if (sec_read != 0 && sec_read != -1) { // if success
      _ret.failure = execute_result::EXEC; // it means that the child is not able to exec
      close(pipefd[0]);                    // as we set the close-on-exec flag
      return _ret;                         // and we do write after exec in the child 
    }

我发现Codacy (因此是完美无瑕者)报告了这两个问题：

Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20).

我不明白。

1. 没有循环。在第二种情况下，我们没有在
2. 中使用读取的数据--这不是典型的C字符串，我们不依赖于结尾的'\0'

代码中有没有我不知道的缺陷？

Answer 1

我最后得出结论，这应该是个假阳性。我检查Flawfinder的代码，它似乎基本上是在做模式匹配。

https://github.com/david-a-wheeler/flawfinder/blob/293ca17d8212905c7788aca1df7837d4716bd456/flawfinder#L1057