Yes. Vericode is gives false positivies all the time.

I had a scan fail my application and complainging about boost::asio::endpoint. I traced the line it was complaining about and it didn't like a memcpy with 16 bytes passed in as a param, with a destination field that was 16 bytes. Vericode called that a stack based buffer overrun. There is nothing wrong with boost::asio::endpoint that I can see.



On Wed, May 2, 2018 at 2:08 AM, Abhijit Dutta via Boost-users <boost-users@lists.boost.org> wrote:

Hi There,

 

As part of release practice in our org., we have run Veracode (static) scan on our application which uses BOOST. We got good amount of error pointing to the BOOST libraries.  Detecting the false positives and fixing the code will be a tedious task.

 

So, want to know if anyone in the community has faced such situations and want to share their experience on resolving those.

 

~Thanx

Abhijit


_______________________________________________
Boost-users mailing list
Boost-users@lists.boost.org
https://lists.boost.org/mailman/listinfo.cgi/boost-users