Skip to content

OVAL/XCCDF/DS/source: fix memory-corruption bugs on malformed input#2363

Merged
jan-cerny merged 1 commit into
OpenSCAP:mainfrom
edznux-dd:fix/memory-corruption
Jun 12, 2026
Merged

OVAL/XCCDF/DS/source: fix memory-corruption bugs on malformed input#2363
jan-cerny merged 1 commit into
OpenSCAP:mainfrom
edznux-dd:fix/memory-corruption

OVAL/XCCDF/DS/source: fix memory-corruption bugs on malformed input

25716e6
Select commit
Loading
Failed to load commit list.
SonarQubeCloud / SonarCloud Code Analysis succeeded Jun 3, 2026 in 54s

Quality Gate passed

Issues
3 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Annotations

Check failure on line 500 in src/DS/sds.c

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Refactor this function to reduce its Cognitive Complexity from 28 to the 25 allowed. 

See more on https://sonarcloud.io/project/issues?id=OpenSCAP_openscap&issues=AZ6M4EHAml3SeofRgYys&open=AZ6M4EHAml3SeofRgYys&pullRequest=2363

Check failure on line 233 in src/XCCDF/resolve.c

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Refactor this code to not nest more than 3 if|for|do|while|switch statements. 

See more on https://sonarcloud.io/project/issues?id=OpenSCAP_openscap&issues=AZ6M4EJ8ml3SeofRgYyt&open=AZ6M4EJ8ml3SeofRgYyt&pullRequest=2363

Check warning on line 227 in src/XCCDF/resolve.c

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

Make the type of this variable a pointer-to-const. The current type of "parent_text" is "struct oscap_text *". 

See more on https://sonarcloud.io/project/issues?id=OpenSCAP_openscap&issues=AZ6M4EJ8ml3SeofRgYyu&open=AZ6M4EJ8ml3SeofRgYyu&pullRequest=2363
View more details on SonarQubeCloud