Anders Broman wrote:
Wireshark/
Error: Found prohibited APIs in capture-pcap-util.c: free
allocated by winpcap
That one's been brought up on the winpcap-users mailing list - in
Windowsland, apparently, you can have a library built with one version
of the C support library and an application built with another version,
and stuff allocated by the library can't be freed in the application.
It's probably pcap_list_datalinks() that's allocating the list, in
get_pcap_linktype_list().
There needs to be a pcap_free_datalinks() routine, so that the
allocation and free are done in libpcap/WinPcap. The WinPcap developers
are planning to add that, although, at the time, cvs.tcpdump.org wasn't
working so they weren't able to check it into the main libpcap CVS
repository.
I'd leave it alone for now, as I don't think it's caused any crashes,
and, when it appears in WinPcap, arrange to use it if it's available (on
UN*X or Windows) and use free() otherwise.
Error: Found prohibited APIs in file.c: sprintf
That use is probably safe, as it allocates a buffer that's big enough,
but we should probably use g_snprintf() in any case.
Error: Found prohibited APIs in inet_ntop.c: strcpy
Again, probably safe, but that should probably be rewritten to directly
g_snprintf() into the buffer.
Error: Found prohibited APIs in strcasecmp.c: strcasecmp do we
still need this?
It's still used in dfilter_compile() to check for deprecated tokens. I
suspect g_ascii_strcasecmp() would be more correct there.
Error: Found prohibited APIs in strncasecmp.c: strncasecmp do we
still need this?
Error: Found prohibited APIs in strptime.c: strncasecmp
Apparently so; there are platforms that don't have strptime() (I don't
think Windows has it). g_ascii_strncasecmp() *might* be more correct,
although it's probably comparing strings for month names, so you might
actually want strncasecmp() (or g_strncasecmp()) in that case.
Wirershark/gtk
Error: Found prohibited APIs in follow_stream.c: tmpnam
We probably want mkstemp() or mktemp() - or the routines in tempfile.c.
Error: Found prohibited APIs in progress_dlg.c: strncpy
That one's probably safe, but it should probably be done by checking the
title length before calling g_strdup() and, if it's too long, doing
something such as
item_title_dup = g_strdup_printf("%.100s...", item_title);
Error: Found prohibited APIs in funnel_stat.c: free
The script might be confused by calls to "cbd->free()".
Wireshark/epan
...
Error: Found prohibited APIs in filesystem.c: strncpy,strncat
strncpy() could perhaps be done with g_strdup_printf() or some other way
of getting the first N characters of a string. Something similar might
be doable for strncat().
