[ https://issues.apache.org/jira/browse/MESOS-1355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13999881#comment-13999881 ]
Timothy St. Clair commented on MESOS-1355: ------------------------------------------ False positive imho, let me know if you think otherwise. > Use of untrusted string value in jvm.cpp > ---------------------------------------- > > Key: MESOS-1355 > URL: https://issues.apache.org/jira/browse/MESOS-1355 > Project: Mesos > Issue Type: Technical task > Reporter: Niklas Quarfot Nielsen > Assignee: Timothy St. Clair > > ________________________________________________________________________________________________________ > *** CID 1213892: Use of untrusted string value (TAINTED_STRING) > /src/jvm/jvm.cpp: 66 in Jvm::create(const std::vector<std::basic_string<char, > std::char_traits<char>, std::allocator<char>>, > std::allocator<std::basic_string<char, std::char_traits<char>, > std::allocator<char>>>> &, JNI::Version, bool)() > 60 std::string libJvmPath = os::getenv("JAVA_JVM_LIBRARY", false); > 61 > 62 if (libJvmPath.empty()) { > 63 libJvmPath = mesos::internal::build::JAVA_JVM_LIBRARY; > 64 } > 65 > >>> CID 1213892: Use of untrusted string value (TAINTED_STRING) > >>> Passing tainted string "libJvmPath.c_str()" to "dlopen(char const *, > >>> int)", which cannot accept tainted data. > 66 void* handle = dlopen(libJvmPath.c_str(), RTLD_NOW); > 67 > 68 if (handle == NULL) { > 69 return Error(dlerror()); > 70 } > 71 -- This message was sent by Atlassian JIRA (v6.2#6252)