Ngemva kweminyaka emithathu yokuthuthukiswa, insiza ye-GNU cflow 1.7 isikhishiwe, eklanyelwe ukwakha igrafu ebonakalayo yezingcingo ezisebenzayo ezinhlelweni ze-C, ezingasetshenziswa ukwenza lula ukufundwa kwe-logic yesicelo. Igrafu yakhiwe ngokusekelwe kuphela ekuhlaziyweni kwemibhalo yemithombo, ngaphandle kwesidingo sokwenza uhlelo. Ukwenziwa kwakho kokubili kokugeleza kwamagrafu okuya phambili nangemuva kuyasekelwa, kanye nokukhiqizwa kohlu lwezithenjwa eziphambene zamafayela ekhodi.
Ukukhishwa kuyaphawuleka ekusetshenzisweni kosekelo lwefomethi yokukhiphayo “yechashazi” ('—format=dot') ukuze kukhiqizwe umphumela ngolimi lwe-DOT ukuze ubonwe ngokulandelayo kuphakheji ye-Graphviz. Kwengezwe ikhono lokucacisa imisebenzi yokuqala eminingi ngokuphindaphinda izinketho '—eziyinhloko'; kuzokwenziwa igrafu ehlukile yomsebenzi ngamunye wale misebenzi. Okunye okwengezwe inketho ethi “--target=FUNCTION”, ekuvumela ukuthi ukhawulele igrafu ewumphumela ibe kuphela igatsha elihlanganisa imisebenzi ethile (inketho ethi “--target” ingacaciswa izikhathi ezimbalwa). Imiyalo emisha yokuzulazula kwegrafu yengezwe ku-cflow-mode: “c” - hamba kumsebenzi wokushaya, “n” - iya kumsebenzi olandelayo ezingeni elinikeziwe lokuzalela futhi “p” - iya kumsebenzi wangaphambilini ngokufanayo. izinga lokuzalela.
Le nguqulo entsha iphinde isuse ubungozi obubili obuhlonzwe emuva ngo-2019 futhi kuholele ekukhohlakaleni kwenkumbulo lapho kucutshungulwa imibhalo yomthombo efomethwe ngokukhethekile ku-cflow. Ukuba sengozini kokuqala (CVE-2019-16165) kubangelwa ukufinyelela kwenkumbulo yokusetshenziswa ngemva kwamahhala kukhodi yomhlahleli (umsebenzi wereferensi ku-parser.c). Ukuba sengozini kwesibili (CVE-2019-16166) kuhlobene nokuchichima kwebhafa kumsebenzi we-nexttoken() . Ngokusho konjiniyela, lezi zinkinga azibangeli usongo lwezokuphepha, njengoba zikhawulelwe ekuqedweni okungavamile kwensiza.
Source: opennet.ru