You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Discussed with @zpavlinovic - in binary mode, we cannot know with certainty which symbols are called, so all symbols present in the binary are present. Unused code can be pulled in by the linker for performance reasons, and there is no way for us to figure that the method is not used. Closing this issue.
For example, for
GO-2021-0054
, the callstacks shouldn't be present:https://github.com/golang/vuln/blob/22f32fddd8a17e19dcc6bfc82d3d6f2863ce8748/cmd/govulncheck/testdata/binaryjson.ct#L285-L298
since this vulnerability is not called:
https://github.com/golang/vuln/blob/22f32fddd8a17e19dcc6bfc82d3d6f2863ce8748/cmd/govulncheck/testdata/source.ct#L45
The text was updated successfully, but these errors were encountered: