Skip to content

ref: Address CWE-676 use of potentially dangerous functions#7549

Draft
philprime wants to merge 2 commits intomainfrom
ref/cwe-676-dangerous-functions
Draft

ref: Address CWE-676 use of potentially dangerous functions#7549
philprime wants to merge 2 commits intomainfrom
ref/cwe-676-dangerous-functions

Conversation

@philprime
Copy link
Copy Markdown
Member

@philprime philprime commented Feb 27, 2026

Address CWE-676 (use of potentially dangerous functions) reported by customer security tools. Replaces sscanf with strtoull/strtod in the report store and JSON codec so we avoid flagged APIs; scanf_s is not available on Apple platforms. Adds CWE-676 safety comments at all memcpy, strlen, and calloc sites documenting bounds or null-termination guarantees. Keeps calloc for zero-initialization and adds overflow guards where count*size could overflow (dirContents, image renderer). Adds unit tests for report ID parsing and floating-point decode.

Fixes #2785

@philprime
ref: Address CWE-676 use of potentially dangerous functions
638f899 
Replace sscanf with strtoull/strtod in report store and JSON codec to
avoid CWE-676 flagged APIs on Apple platforms (scanf_s is unavailable).
Add CWE-676 safety comments at all memcpy, strlen, and calloc sites
documenting bounds or null-termination guarantees. Keep calloc for
zero-initialization; add overflow guards where count*size could
overflow (dirContents, image renderer). Add unit tests for report ID
parsing and floating-point decode.

Fixes #2785
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 27, 2026
edited
Loading

Semver Impact of This PR

🟢 Patch (bug fixes)

📋 Changelog Preview

This is how your changes will appear in the changelog.
Entries from this PR are highlighted with a left border (blockquote style).

Internal Changes 🔧

Samples

  • Restructure iOS-Swift sample by philprime in #7654
  • Restructure samples and revert to sample-specific target names by philprime in #7659
  • Restructure iOS-Swift6 sample by philprime in #7656

Other

  • (deps) Update clang-format version by github-actions in #7675
  • Address CWE-676 use of potentially dangerous functions by philprime in #7549

🤖 This preview updates automatically when you update the PR.

@philprime philprime self-assigned this Feb 27, 2026
@philprime
Copy link
Copy Markdown
Member Author

philprime commented Feb 27, 2026

@sentry review

philprime
philprime commented Feb 27, 2026
View reviewed changes
Sources/SentryCrash/Recording/Tools/SentryCrashJSONCodec.c
// Parses a floating point number from the string buffer into value using %lg format
// %lg uses shortest decimal representation and removes trailing zeros
sscanf(context->stringBuffer, "%lg", &value);
value = strtod(context->stringBuffer, NULL);
Copy link
Copy Markdown
Member Author

@philprime philprime Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to double-check if this is truly the same

@codecov
Copy link
Copy Markdown

codecov bot commented Feb 27, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 70.96774% with 9 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.241%. Comparing base (d4416bc) to head (eb59e2f).
⚠️ Report is 10 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
...ools/ViewCapture/SentryGraphicsImageRenderer.swift 50.000% 4 Missing ⚠️
...ces/SentryCrash/Recording/SentryCrashReportStore.c 82.352% 3 Missing ⚠️
...SentryCrash/Recording/Tools/SentryCrashFileUtils.c 33.333% 2 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@              Coverage Diff              @@
##              main     #7549       +/-   ##
=============================================
- Coverage   85.268%   85.241%   -0.028%     
=============================================
  Files          485       485               
  Lines        28837     28852       +15     
  Branches     12525     12528        +3     
=============================================
+ Hits         24589     24594        +5     
- Misses        4200      4211       +11     
+ Partials        48        47        -1
Files with missing lines Coverage Δ
Sources/Sentry/SentryAsyncSafeLog.c 100.000% <ø> (ø)
Sources/Sentry/SentrySessionReplaySyncC.c 67.241% <ø> (ø)
Sources/SentryCrash/Recording/SentryCrash.m 80.753% <ø> (ø)
...rces/SentryCrash/Recording/SentryCrashCachedData.c 84.800% <ø> (ø)
Sources/SentryCrash/Recording/SentryCrashReport.c 54.140% <ø> (ø)
...ces/SentryCrash/Recording/SentryCrashReportFixer.c 83.471% <100.000%> (ø)
...Crash/Recording/Tools/SentryCrashCxaThrowSwapper.c 80.729% <ø> (ø)
...SentryCrash/Recording/Tools/SentryCrashJSONCodec.c 89.398% <100.000%> (ø)
...yCrash/Recording/Tools/SentryCrashMachineContext.c 79.487% <ø> (ø)
...rces/SentryCrash/Recording/Tools/SentryCrashObjC.c 57.536% <100.000%> (+0.068%) ⬆️
... and 4 more

... and 3 files with indirect coverage changes

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d4416bc...eb59e2f. Read the comment docs.

@philprime philprime added the ready-to-merge Use this label to trigger all PR workflows label Mar 13, 2026
@philprime
Copy link
Copy Markdown
Member Author

philprime commented Mar 13, 2026

@sentry review

@sentry
Copy link
Copy Markdown

sentry bot commented Mar 13, 2026

Sentry Build Distribution

App Name App ID Version Configuration Install Page
SDK-Size io.sentry.sample.SDK-Size 9.7.0 (1) Release Install Build

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 13, 2026

Performance metrics 🚀

  Plain With Sentry Diff
Startup time 1222.10 ms 1257.23 ms 35.13 ms
Size 24.14 KiB 1.12 MiB 1.10 MiB

Baseline results on branch: main

Startup times

Revision Plain With Sentry Diff
142ed2c 1210.67 ms 1234.21 ms 23.54 ms
d8d010b 1219.43 ms 1246.61 ms 27.19 ms
c9976e2 1219.31 ms 1245.44 ms 26.13 ms
b87b34f 1203.00 ms 1237.17 ms 34.17 ms
2b4e787 1226.06 ms 1258.65 ms 32.59 ms
6de4555 1196.67 ms 1223.98 ms 27.31 ms
69a0c94 1217.85 ms 1246.98 ms 29.13 ms
7c58690 1221.85 ms 1230.54 ms 8.69 ms
45eb835 1216.00 ms 1248.48 ms 32.48 ms
164f67b 1220.88 ms 1248.00 ms 27.12 ms

App size

Revision Plain With Sentry Diff
142ed2c 24.14 KiB 1.10 MiB 1.08 MiB
d8d010b 24.14 KiB 1.12 MiB 1.10 MiB
c9976e2 24.14 KiB 1.11 MiB 1.09 MiB
b87b34f 24.14 KiB 1.06 MiB 1.04 MiB
2b4e787 24.14 KiB 1.07 MiB 1.04 MiB
6de4555 24.14 KiB 1.11 MiB 1.09 MiB
69a0c94 24.14 KiB 1.11 MiB 1.09 MiB
7c58690 24.14 KiB 1.08 MiB 1.06 MiB
45eb835 24.14 KiB 1.07 MiB 1.04 MiB
164f67b 24.14 KiB 1.12 MiB 1.10 MiB

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@philipphofmann philipphofmann Awaiting requested review from philipphofmann philipphofmann will be requested when the pull request is marked ready for review philipphofmann is a code owner

@noahsmartin noahsmartin Awaiting requested review from noahsmartin noahsmartin will be requested when the pull request is marked ready for review noahsmartin is a code owner

@itaybre itaybre Awaiting requested review from itaybre itaybre will be requested when the pull request is marked ready for review itaybre is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@philprime philprime

Labels

ready-to-merge Use this label to trigger all PR workflows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Use of potentially dangerous functions

1 participant

@philprime