On Fri, Jul 25, 2014 at 9:50 AM, Yunjiao Xue <[email protected]> wrote:
> To whom it may concern, > > We are using SQLite 3.7.13 with an amalgamation version of sqlite3.c. We > discovered a type mismatch security issue with a recent Fortify scan. The > problem is on lines 22407, 51807, 63005, 93150 of sqlite3.c. > Thank you for reporting compiler warnings. All of the warnings above are completely benign and harmless. > > For example, the function strHash() in sqlite3.c is declared to return an > unsigned value on line 22400, but on line 22407 it returns a signed value. > This would cause a type mismatch security issue ( > http://www.hpenterprisesecurity.com/vulncat/en/vulncat/cpp/type_mismatch_signed_to_unsigned.html > ). > Hype and bluster. Please see also: http://www.sqlite.org/mark/testing.html?Static+analysis+has*static+analysis.#staticanalysis http://www.sqlite.org/faq.html#q17 > > We are not sure if the problem still exists in the latest version but most > probably it's still there. It would be much appreciated if you could fix it. > > Thanks, > > Jay Xue > > _______________________________________________ > sqlite-users mailing list > [email protected] > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > -- D. Richard Hipp [email protected] _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
