[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Static code-checking observations
|
From: |
Hans-Bernhard Bröker |
|
Subject: |
Static code-checking observations |
|
Date: |
Wed, 25 Jan 2017 01:22:35 +0100 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 |
Hello everyone,
since checking the code for possible holes appears to the theme of the
month...
I had a go with clang's analyzer (on Cygwin) on current SVN source
(r7649). It found about a dozen possible uninitalized reads,
use-after-frees and null pointer dereferences, primarily in 'info':
(Reported "dead stores" snipped here)
Logic error
Branch condition evaluates to a garbage value 2
Called function pointer is null (null dereference) 1
Dereference of null pointer 6
Result of operation is garbage or undefined 1
Unix API (<-- NULL passed to string functions) 2
Memory Error
Memory leak 1
Use-after-free 2
(Reports list attached separately because lines are too long).
The full report is a bit big for sending via the list (1 MB zipped), so
I've attached a preliminary set of patches for many of the above
instead. With those patches applied, I got down to:
Logic error
Dereference of null pointer 2
Unix API 1
Memory Error
Use-after-free 1
HBB-2017-01-25.diff
Description: Text document
texinfo_scan.txt
Description: Text document
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Static code-checking observations,
Hans-Bernhard Bröker <=