Can you create an issue for this on https://github.com/google/protobuf ?
On Wed, Nov 15, 2017 at 6:26 AM, <[email protected]> wrote: > Tho following 3 issues were flagged by a security scan where we use > Protobuf v3.4.0. Will these be resolved in an upcoming version? > > > 1. Unchecked CString Convertion > > The element Param at line 273 of /Protobuf/objectivec/ > GPBCodedOutputStream.m contains a C-String that was converted from a > CFString object. The length of Param was not checked after conversion. > > Method: (void) writeStringNoTag:(const NSString *) value > > Line: 294 > > result = [value getBytes:state_.bytes + state_.position > > > 2. Unchecked CString Convertion > > The element CFStringGetCStringPtr at line 273 of /Protobuf/objectivec/ > GPBCodedOutputStream.m contains a C-String that was converted from a > CFString object. The length of CFStringGetCStringPtr was not checked after > conversion. > > > Method: (void) writeStringNoTag:(const NSString *) value > > Line: 281 > > CFStringGetCStringPtr((CFStringRef)value, kCFStringEncodingUTF8); > > > 3. Improper Resource Shutdown or Release > > The application's - method in /Pods/Protobuf/objectivec/ > GPBCodedOutputStream.m defines and initializes the output object at 173. > This object encapsulates a limited computing resource, such as open file > streams, database connections, or network streams. This resource is not > properly closed and released in all situations. > > Method: (instancetype)initWithOutputStream:(NSOutputStream *)output > > Line: 177 > > [output open]; > > -- > You received this message because you are subscribed to the Google Groups > "Protocol Buffers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/protobuf. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Protocol Buffers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/protobuf. For more options, visit https://groups.google.com/d/optout.
