Recently the OpenSSL 3.0.0 library was released. We decided to look at the project’s code quality and checked it with the PVS-Studio static analyzer. The code quality is excellent. Thus, we cannot write a long article about errors, as we usually do. However, there was one beautiful mistake, and I couldn’t ignore it.Continue reading
The fragment is taken from the OpenSSL library. The error is detected by the following diagnostic: V666 Consider inspecting the third argument of the function ‘strncmp’. It is possible that the value does not correspond with the length of a string which was passed with the second argument.