What were you trying to do that didn't work?
Error: SNYK_CODE_WARNING (CWE-125): dnsmasq-2.85/src/cache.c:1730:17: error[cpp/NegativeIndex]: The value from sprintf, a standard library function that can return a negative value is used as an index. A negative array index can lead to reading or writing outside the bounds of the array. Ensure the value of the index used is within bounds before use. # 1728| { # 1729| int targetlen = cache->addr.srv.targetlen; # 1730|-> ssize_t len = sprintf(a, ""%u %u %u "", cache->addr.srv.priority, # 1731| cache->addr.srv.weight, cache->addr.srv.srvport); # 1732|
Please provide the package NVR for which bug is seen:
dnsmasq-2.85-14.el9
How reproducible:
Steps to reproduce
Expected results
Used just during cache dump. Trivial format on preallocated buffer is unlikely to fail. Should be fixed, but not likely attack vector