On Fri, Jul 25, 2014 at 9:50 AM, Yunjiao Xue wrote:
> To whom it may concern,
>
> We are using SQLite 3.7.13 with an amalgamation version of sqlite3.c. We
> discovered a type mismatch security issue with a recent Fortify scan. The
> problem is on lines 22407, 51807, 63005, 93150 of sqlite3.c.
>
Thank you for reporting compiler warnings. All of the warnings above are
completely benign and harmless.
>
> For example, the function strHash() in sqlite3.c is declared to return an
> unsigned value on line 22400, but on line 22407 it returns a signed value.
> This would cause a type mismatch security issue (
> http://www.hpenterprisesecurity.com/vulncat/en/vulncat/cpp/type_mismatch_signed_to_unsigned.html
> ).
>
Hype and bluster. Please see also:
http://www.sqlite.org/mark/testing.html?Static+analysis+has*static+analysis.#staticanalysis
http://www.sqlite.org/faq.html#q17
>
> We are not sure if the problem still exists in the latest version but most
> probably it's still there. It would be much appreciated if you could fix it.
>
> Thanks,
>
> Jay Xue
>
> ___
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>
--
D. Richard Hipp
d...@sqlite.org
___
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
