Thanks Christopher, did you find any valid cases as such detected by Veracode…

 

From: Boost-users [mailto:boost-users-bounces@lists.boost.org] On Behalf Of Christopher Pisz via Boost-users
Sent: 02 May 2018 19:14
To: boost-users@lists.boost.org
Cc: Christopher Pisz <christopherpisz@gmail.com>
Subject: Re: [Boost-users] Veracode Scan

 

Yes. Vericode is gives false positivies all the time.

I had a scan fail my application and complainging about boost::asio::endpoint. I traced the line it was complaining about and it didn't like a memcpy with 16 bytes passed in as a param, with a destination field that was 16 bytes. Vericode called that a stack based buffer overrun. There is nothing wrong with boost::asio::endpoint that I can see.

 

On Wed, May 2, 2018 at 2:08 AM, Abhijit Dutta via Boost-users <boost-users@lists.boost.org> wrote:

Hi There,

 

As part of release practice in our org., we have run Veracode (static) scan on our application which uses BOOST. We got good amount of error pointing to the BOOST libraries.  Detecting the false positives and fixing the code will be a tedious task.

 

So, want to know if anyone in the community has faced such situations and want to share their experience on resolving those.

 

~Thanx

Abhijit


_______________________________________________
Boost-users mailing list
Boost-users@lists.boost.org
https://lists.boost.org/mailman/listinfo.cgi/boost-users