[Bug 3452] Potential Software vulnerabilities detected using ESBMC-WR tool

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Jun 27 09:31:51 AEST 2022


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Most of these are completely obvious false positives. E.g.

> State 6 file sshkey.c line 1081 function fingerprint_bubblebabble thread 0
> ----------------------------------------------------
> Violated property:
> file sshkey.c line 1081 function fingerprint_bubblebabble
> dereference failure: array bounds violated

The array is allocated to be sufficiently sized literally in the
previous line.

Please forgive my bluntness, but low quality reports like this do
nothing but waste our time - there is no discernable signal among the

Please do not submit more unless they have been assessed by a human.

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list