[
https://issues.apache.org/jira/browse/MESOS-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13999881#comment-13999881
]
Timothy St. Clair commented on MESOS-1355:
------------------------------------------
False positive imho, let me know if you think otherwise.
> Use of untrusted string value in jvm.cpp
> ----------------------------------------
>
> Key: MESOS-1355
> URL: https://issues.apache.org/jira/browse/MESOS-1355
> Project: Mesos
> Issue Type: Technical task
> Reporter: Niklas Quarfot Nielsen
> Assignee: Timothy St. Clair
>
> ________________________________________________________________________________________________________
> *** CID 1213892: Use of untrusted string value (TAINTED_STRING)
> /src/jvm/jvm.cpp: 66 in Jvm::create(const std::vector<std::basic_string<char,
> std::char_traits<char>, std::allocator<char>>,
> std::allocator<std::basic_string<char, std::char_traits<char>,
> std::allocator<char>>>> &, JNI::Version, bool)()
> 60 std::string libJvmPath = os::getenv("JAVA_JVM_LIBRARY", false);
> 61
> 62 if (libJvmPath.empty()) {
> 63 libJvmPath = mesos::internal::build::JAVA_JVM_LIBRARY;
> 64 }
> 65
> >>> CID 1213892: Use of untrusted string value (TAINTED_STRING)
> >>> Passing tainted string "libJvmPath.c_str()" to "dlopen(char const *,
> >>> int)", which cannot accept tainted data.
> 66 void* handle = dlopen(libJvmPath.c_str(), RTLD_NOW);
> 67
> 68 if (handle == NULL) {
> 69 return Error(dlerror());
> 70 }
> 71
--
This message was sent by Atlassian JIRA
(v6.2#6252)
