Tho following 3 issues were flagged by a security scan where we use Protobuf v3.4.0. Will these be resolved in an upcoming version?
1. Unchecked CString Convertion The element Param at line 273 of /Protobuf/objectivec/GPBCodedOutputStream.m contains a C-String that was converted from a CFString object. The length of Param was not checked after conversion. Method: (void) writeStringNoTag:(const NSString *) value Line: 294 result = [value getBytes:state_.bytes + state_.position 2. Unchecked CString Convertion The element CFStringGetCStringPtr at line 273 of /Protobuf/objectivec/GPBCodedOutputStream.m contains a C-String that was converted from a CFString object. The length of CFStringGetCStringPtr was not checked after conversion. Method: (void) writeStringNoTag:(const NSString *) value Line: 281 CFStringGetCStringPtr((CFStringRef)value, kCFStringEncodingUTF8); 3. Improper Resource Shutdown or Release The application's - method in /Pods/Protobuf/objectivec/GPBCodedOutputStream.m defines and initializes the output object at 173. This object encapsulates a limited computing resource, such as open file streams, database connections, or network streams. This resource is not properly closed and released in all situations. Method: (instancetype)initWithOutputStream:(NSOutputStream *)output Line: 177 [output open]; -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/protobuf. For more options, visit https://groups.google.com/d/optout.
