Skip to content
Quality Assurance new

fix: buffer overflow in multipart body proc #175

Sign in to view logs

fix: buffer overflow in multipart body proc

fix: buffer overflow in multipart body proc #175

Triggered via pull request April 19, 2026 14:03
@airweenairween
synchronize #3546
airween:v3/multipartbofix
Status Success
Total duration 15m 12s
Artifacts

ci_new.yml

on: pull_request
Static analysis (cppcheck)
15m 4s
Static analysis (cppcheck)
Static analysis (cppcheck, Linux, debian:sid)
15m 8s
Static analysis (cppcheck, Linux, debian:sid)
Matrix: build-linux
Matrix: build-macos
Matrix: build-windows
Fit to window
Zoom out
Zoom in

Annotations

60 warnings
Windows (x64, full): others/libinjection/src/libinjection_html5.c#L585
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, full): others/libinjection/src/libinjection_html5.c#L560
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, full): others/libinjection/src/libinjection_html5.c#L342
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, full): others/libinjection/src/libinjection_html5.c#L290
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, full): others/libinjection/src/libinjection_html5.c#L245
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, full): others/libinjection/src/libinjection_html5.c#L209
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, full)
'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\pocod34a433e1d8a8\b\build\NetSSL_OpenSSL\NetSSL.vcxproj]
Windows (x64, full)
'argument': conversion from 'std::streamoff' to 'DWORD', possible loss of data [C:\Users\runneradmin\.conan2\p\b\pocod34a433e1d8a8\b\build\Net\Net.vcxproj]
Windows (x64, full)
'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\pocod34a433e1d8a8\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]
Windows (x64, full)
'=': conversion from 'Poco::Int64' to 'long', possible loss of data [C:\Users\runneradmin\.conan2\p\b\pocod34a433e1d8a8\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]
Windows (x64, without lua): others/libinjection/src/libinjection_html5.c#L585
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without lua): others/libinjection/src/libinjection_html5.c#L560
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without lua): others/libinjection/src/libinjection_html5.c#L342
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without lua): others/libinjection/src/libinjection_html5.c#L290
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without lua): others/libinjection/src/libinjection_html5.c#L245
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without lua): others/libinjection/src/libinjection_html5.c#L209
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without lua)
'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\poco976313cd4c039\b\build\NetSSL_OpenSSL\NetSSL.vcxproj]
Windows (x64, without lua)
'argument': conversion from 'std::streamoff' to 'DWORD', possible loss of data [C:\Users\runneradmin\.conan2\p\b\poco976313cd4c039\b\build\Net\Net.vcxproj]
Windows (x64, without lua)
'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\poco976313cd4c039\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]
Windows (x64, without lua)
'=': conversion from 'Poco::Int64' to 'long', possible loss of data [C:\Users\runneradmin\.conan2\p\b\poco976313cd4c039\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]
Windows (x64, with lmdb): others/libinjection/src/libinjection_html5.c#L585
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, with lmdb): others/libinjection/src/libinjection_html5.c#L560
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, with lmdb): others/libinjection/src/libinjection_html5.c#L342
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, with lmdb): others/libinjection/src/libinjection_html5.c#L290
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, with lmdb): others/libinjection/src/libinjection_html5.c#L245
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, with lmdb): others/libinjection/src/libinjection_html5.c#L209
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, with lmdb)
'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\poco6aa5d0e96331d\b\build\NetSSL_OpenSSL\NetSSL.vcxproj]
Windows (x64, with lmdb)
'argument': conversion from 'std::streamoff' to 'DWORD', possible loss of data [C:\Users\runneradmin\.conan2\p\b\poco6aa5d0e96331d\b\build\Net\Net.vcxproj]
Windows (x64, with lmdb)
'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\poco6aa5d0e96331d\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]
Windows (x64, with lmdb)
'=': conversion from 'Poco::Int64' to 'long', possible loss of data [C:\Users\runneradmin\.conan2\p\b\poco6aa5d0e96331d\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]
Windows (x64, without maxmind): others/libinjection/src/libinjection_html5.c#L585
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without maxmind): others/libinjection/src/libinjection_html5.c#L560
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without maxmind): others/libinjection/src/libinjection_html5.c#L342
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without maxmind): others/libinjection/src/libinjection_html5.c#L290
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without maxmind): others/libinjection/src/libinjection_html5.c#L245
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without maxmind): others/libinjection/src/libinjection_html5.c#L209
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without maxmind)
'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\poco1989121ce8474\b\build\NetSSL_OpenSSL\NetSSL.vcxproj]
Windows (x64, without maxmind)
'argument': conversion from 'std::streamoff' to 'DWORD', possible loss of data [C:\Users\runneradmin\.conan2\p\b\poco1989121ce8474\b\build\Net\Net.vcxproj]
Windows (x64, without maxmind)
'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\poco1989121ce8474\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]
Windows (x64, without maxmind)
'=': conversion from 'Poco::Int64' to 'long', possible loss of data [C:\Users\runneradmin\.conan2\p\b\poco1989121ce8474\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]
Windows (x64, without curl): others/libinjection/src/libinjection_html5.c#L585
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without curl): others/libinjection/src/libinjection_html5.c#L560
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without curl): others/libinjection/src/libinjection_html5.c#L342
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without curl): others/libinjection/src/libinjection_html5.c#L290
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without curl): others/libinjection/src/libinjection_html5.c#L245
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without curl): others/libinjection/src/libinjection_html5.c#L209
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without curl)
'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\pocoa2003b4b98224\b\build\NetSSL_OpenSSL\NetSSL.vcxproj]
Windows (x64, without curl)
'argument': conversion from 'std::streamoff' to 'DWORD', possible loss of data [C:\Users\runneradmin\.conan2\p\b\pocoa2003b4b98224\b\build\Net\Net.vcxproj]
Windows (x64, without curl)
'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\pocoa2003b4b98224\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]
Windows (x64, without curl)
'=': conversion from 'Poco::Int64' to 'long', possible loss of data [C:\Users\runneradmin\.conan2\p\b\pocoa2003b4b98224\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]
Windows (x64, without libxml): others/libinjection/src/libinjection_html5.c#L585
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without libxml): others/libinjection/src/libinjection_html5.c#L560
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without libxml): others/libinjection/src/libinjection_html5.c#L342
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without libxml): others/libinjection/src/libinjection_html5.c#L290
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without libxml): others/libinjection/src/libinjection_html5.c#L245
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without libxml): others/libinjection/src/libinjection_html5.c#L209
'=': incompatible types - from 'injection_result_t (__cdecl *)(h5_state_t *)' to 'ptr_html5_state' [D:\a\ModSecurity\ModSecurity\build\win32\build\libinjection.vcxproj]
Windows (x64, without libxml)
'fopen': This function or variable may be unsafe. Consider using fopen_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\pocof54db52c3b2a5\b\build\NetSSL_OpenSSL\NetSSL.vcxproj]
Windows (x64, without libxml)
'argument': conversion from 'std::streamoff' to 'DWORD', possible loss of data [C:\Users\runneradmin\.conan2\p\b\pocof54db52c3b2a5\b\build\Net\Net.vcxproj]
Windows (x64, without libxml)
'strncpy': This function or variable may be unsafe. Consider using strncpy_s instead. To disable deprecation, use _CRT_SECURE_NO_WARNINGS. See online help for details. [C:\Users\runneradmin\.conan2\p\b\pocof54db52c3b2a5\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]
Windows (x64, without libxml)
'=': conversion from 'Poco::Int64' to 'long', possible loss of data [C:\Users\runneradmin\.conan2\p\b\pocof54db52c3b2a5\b\build\Data\PostgreSQL\DataPostgreSQL.vcxproj]