Potential bug CWE-197 Numeric Truncation Error found during static co… #5906
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…de analysis in webkitbrowser-plugin.
Below warning is raised during Static Code Analysis (SCA) using PVS-Studio in webkitbrowser-plugin component at https://github.com/rdkcentral/rdkservices/blob/sprint/24Q4/WebKitBrowser/WebKitBrowser.cpp#L57
_skipURL = _service->WebPrefix().length();
[CWE-197] V1029: Numeric Truncation Error. Return value of the 'length' function is written to the 8-bit variable.
In https://github.com/rdkcentral/rdkservices/blob/sprint/24Q4/WebKitBrowser/WebKitBrowser.h#L277 _skipURL is declared as uint8_t datatype which is an unsigned int of 8 bits that can store a value ranging from 0 to 255.
uint8_t _skipURL;
_skipURL value is received from the length of the string returned by _service->WebPrefix() method:
_skipURL = _service->WebPrefix().length();
As per the code WebPrefix contains the string "/Service/WebKitBrowser" and the values of _skipURL and WebPrefix().length are 22 which is within the range value of uint8_t.
Probably we would never reach more than 255 value here but in theory service->WebPrefix().length() could return something higher when length() is size_t . If the string length exceeds 255 in the future, it could lead to truncation or unexpected behaviour.
So wanted to address this warning with fix.