On Fri, Jul 25, 2014 at 9:50 AM, Yunjiao Xue <yunjiao...@hotmail.com> wrote:

> To whom it may concern,
>
> We are using SQLite 3.7.13 with an amalgamation version of sqlite3.c. We
> discovered a type mismatch security issue with a recent Fortify scan. The
> problem is on lines 22407, 51807, 63005, 93150 of sqlite3.c.
>

Thank you for reporting compiler warnings.  All of the warnings above are
completely benign and harmless.


>
> For example, the function strHash() in sqlite3.c is declared to return an
> unsigned value on line 22400, but on line 22407 it returns a signed value.
> This would cause a type mismatch security issue (
> http://www.hpenterprisesecurity.com/vulncat/en/vulncat/cpp/type_mismatch_signed_to_unsigned.html
> ).
>

Hype and bluster.  Please see also:


http://www.sqlite.org/mark/testing.html?Static+analysis+has*static+analysis.#staticanalysis
     http://www.sqlite.org/faq.html#q17


>
> We are not sure if the problem still exists in the latest version but most
> probably it's still there. It would be much appreciated if you could fix it.
>
> Thanks,
>
> Jay Xue
>
> _______________________________________________
> sqlite-users mailing list
> sqlite-users@sqlite.org
> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
>



-- 
D. Richard Hipp
d...@sqlite.org
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to