CMFSUPPORT-3891 : COVERITY TEST. DO NOT MERGE#38
Conversation
There was a problem hiding this comment.
Pull request overview
This PR appears intended as a Coverity/static-analysis test change in the hotspotfd component, and the metadata explicitly indicates it should not be merged.
Changes:
- Adds a debug
print(...)call inTunnelStatus_GetStringHandler. - Disables treating format warnings as errors for
hotspotfdby adding-Wno-error=format.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| source/hotspotfd/hotspotfd.c | Adds a debug print statement in the RBUS get handler. |
| source/hotspotfd/Makefile.am | Suppresses format warnings being promoted to errors during compilation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| AM_CFLAGS += -I$(top_srcdir)/source/hotspotfd/include | ||
| AM_CFLAGS += -I$(top_srcdir)/source/HotspotApi | ||
| AM_CFLAGS += -I${PKG_CONFIG_SYSROOT_DIR}$(includedir)/rbus | ||
| AM_CFLAGS += -Wno-error=format |
There was a problem hiding this comment.
Adding -Wno-error=format masks format-string problems project-wide for this component, including real bugs that would otherwise be caught at build time. Since the introduced format issue should be fixed at the call site, please drop this flag and keep format warnings as errors.
| AM_CFLAGS += -Wno-error=format |
source/hotspotfd/hotspotfd.c
Outdated
| rbusProperty_SetValue(property, val); | ||
| rbusValue_Release(val); | ||
|
|
||
| print("Test coverity flow, %s") |
There was a problem hiding this comment.
The added print("Test coverity flow, %s") line will not compile as written: print is not a standard C API in this codebase, the statement is missing a trailing semicolon, and the format string contains %s without a corresponding argument. Please remove this debug line or replace it with an existing logging/printf facility and provide the correct format arguments (or drop %s).
| print("Test coverity flow, %s") |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| rbusProperty_SetValue(property, val); | ||
| rbusValue_Release(val); | ||
|
|
||
| printf("Test coverity flow, %s"); |
Check warning
Code scanning / CodeQL
Too few arguments to formatting function Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 days ago
In general, to fix "too few arguments to formatting function" issues, you must ensure that the number and types of arguments passed to functions like printf match the format specifiers in the format string. Either (a) add the missing arguments corresponding to each specifier, or (b) remove or adjust the specifiers so that the format string no longer expects arguments that are not provided.
For this specific case in TunnelStatus_GetStringHandler in source/hotspotfd/hotspotfd.c, line 379 calls printf("Test coverity flow, %s"); with a %s specifier and no string argument. The function does not naturally have an appropriate string to print there (and appears to be a simple test message). The least intrusive correction that does not alter existing behavior is to remove the %s from the format string, turning it into a plain string literal: printf("Test coverity flow\n"); (optionally adding a newline for cleanliness). This preserves the intent—a simple test print—without changing program logic, while eliminating the undefined behavior. No new methods, imports, or definitions are required, and no other parts of the file need changes.
| @@ -376,7 +376,7 @@ | ||
| rbusProperty_SetValue(property, val); | ||
| rbusValue_Release(val); | ||
|
|
||
| printf("Test coverity flow, %s"); | ||
| printf("Test coverity flow\n"); | ||
| return RBUS_ERROR_SUCCESS; | ||
| } | ||
|
|
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| AM_CFLAGS += -I$(top_srcdir)/source/hotspotfd/include | ||
| AM_CFLAGS += -I$(top_srcdir)/source/HotspotApi | ||
| AM_CFLAGS += -I${PKG_CONFIG_SYSROOT_DIR}$(includedir)/rbus | ||
| AM_CFLAGS += -Wno-error=format |
There was a problem hiding this comment.
Adding -Wno-error=format suppresses format string warnings and errors for the entire build. This flag appears to be added to enable the problematic printf statement on line 379 of hotspotfd.c, which has a format string security vulnerability. Instead of suppressing these important security warnings, the underlying format string issue should be fixed. Format string vulnerabilities can lead to information disclosure or code execution.
| AM_CFLAGS += -Wno-error=format |
| rbusProperty_SetValue(property, val); | ||
| rbusValue_Release(val); | ||
|
|
||
| printf("Test coverity flow, %s"); |
There was a problem hiding this comment.
Coverity Issue - Printf arg count mismatch
the format string requires additional arguments
Medium Impact, CWE-685
PW.TOO_FEW_PRINTF_ARGS
| rbusProperty_SetValue(property, val); | ||
| rbusValue_Release(val); | ||
|
|
||
| printf("Test coverity flow, %s"); |
There was a problem hiding this comment.
Coverity Issue - Missing argument to printf format specifier
No argument for format specifier "%s".
Medium Impact, CWE-685
PRINTF_ARGS
|
Close PR |
DO NOT MERGE