CodeQL之CWE-401(3)
请输入密码查看.若无反应.请使用firefox浏览器
阅读更多CWE-252: Unchecked Return Value
The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
顾名思义,Unchecked Return Value,就是在实际代码中缺少了对返回值的检查,在实际代码中,对错误返回值的检查尤为重要,因为需要进入到相应的错误处理环节中去,否则会影响程序的正常运行。比如我们常见的对malloc返回值的检查等等,和CWE-252相关的还有CWE-754、CWE-273、CWE-476
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.