Skip to content

CMFSUPPORT-3863. COVERITY TEST. DO NOT MERGE#58

Closed
scthunderbolt wants to merge 1 commit intodevelopfrom
feature/test-workflow1
Closed

CMFSUPPORT-3863. COVERITY TEST. DO NOT MERGE#58
scthunderbolt wants to merge 1 commit intodevelopfrom
feature/test-workflow1

Conversation

@scthunderbolt
Copy link
Copy Markdown
Contributor

@scthunderbolt scthunderbolt commented Apr 2, 2026

No description provided.

Copilot AI review requested due to automatic review settings April 2, 2026 18:08
@scthunderbolt scthunderbolt requested review from a team as code owners April 2, 2026 18:08
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 2, 2026
View reviewed changes
source/AdvSecurityDml/cosa_adv_security_internal.c
if ((file = fopen(fpath, "w")))
{
fprintf(file,"%s",str);
fprintf(file,"%s%s",str);

Check warning

Code scanning / CodeQL

Too few arguments to formatting function Medium

Format for fprintf expects 2 arguments but given 1

Copilot Autofix

AI 4 days ago

In general, to fix “too few arguments to formatting function” issues, you must ensure that the number and types of arguments after the format string match the format specifiers inside it. Either remove unused format specifiers or add the missing arguments.

For this specific case in source/AdvSecurityDml/cosa_adv_security_internal.c, in advsec_write_to_file, the code is:

if ((file = fopen(fpath, "w")))
{
    fprintf(file,"%s%s",str);
    fclose(file);
    return 1;
}

The function takes a single string str to be written to the file, and there is no second string available or needed. The extra %s in the format string is therefore erroneous. To fix this without changing existing functionality, change the fprintf format string from "%s%s" to "%s", which correctly matches the single str argument and preserves the intended behavior of writing exactly str to the file.

No new methods, imports, or definitions are needed; only this one-line format string change is required.

Suggested changeset 1
source/AdvSecurityDml/cosa_adv_security_internal.c

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/source/AdvSecurityDml/cosa_adv_security_internal.c b/source/AdvSecurityDml/cosa_adv_security_internal.c
--- a/source/AdvSecurityDml/cosa_adv_security_internal.c
+++ b/source/AdvSecurityDml/cosa_adv_security_internal.c
@@ -294,7 +294,7 @@
 
     if ((file = fopen(fpath, "w")))
     {
-        fprintf(file,"%s%s",str);
+        fprintf(file, "%s", str);
         fclose(file);
         return 1;
     }
EOF
@@ -294,7 +294,7 @@

if ((file = fopen(fpath, "w")))
{
fprintf(file,"%s%s",str);
fprintf(file, "%s", str);
fclose(file);
return 1;
}
Copilot is powered by AI and may make mistakes. Always verify output.
Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modifies the internal helper used to write strings to a file in the Advanced Security DML component.

Changes:

  • Updates the fprintf format string used by advsec_write_to_file().

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

source/AdvSecurityDml/cosa_adv_security_internal.c
Comment on lines +297 to 299
fprintf(file,"%s%s",str);
fclose(file);
return 1;
Copy link

Copilot AI Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fprintf(file, "%s%s", str); is undefined behavior because the format string expects two %s arguments but only one is provided. This can crash or leak stack data. Use a single %s (or add the intended second string argument, e.g., a newline/terminator) and consider checking fprintf’s return value if write failures matter here.

Suggested change
fprintf(file,"%s%s",str);
fclose(file);
return 1;
int written = fprintf(file, "%s", str);
fclose(file);
return (written >= 0) ? 1 : 0;

Copilot uses AI. Check for mistakes.
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 2, 2026
View reviewed changes
source/AdvSecurityDml/cosa_adv_security_internal.c
if ((file = fopen(fpath, "w")))
{
fprintf(file,"%s",str);
fprintf(file,"%s%s",str);

Check failure

Code scanning / Coverity

Missing argument to printf format specifier High

PRINTF_ARGS: No argument for format specifier "%s".
source/AdvSecurityDml/cosa_adv_security_internal.c
if ((file = fopen(fpath, "w")))
{
fprintf(file,"%s",str);
fprintf(file,"%s%s",str);

Check notice

Code scanning / Coverity

Printf arg count mismatch Low

PW.TOO_FEW_PRINTF_ARGS: the format string requires additional arguments
@scthunderbolt scthunderbolt deleted the feature/test-workflow1 branch April 2, 2026 18:31
@github-actions github-actions bot locked and limited conversation to collaborators Apr 2, 2026
@scthunderbolt scthunderbolt added the invalid This doesn't seem right label Apr 3, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

invalid This doesn't seem right

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@scthunderbolt @github-advanced-security