[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gsl] Statically analyze GSL-2.1 with our tool Canalyze
From: |
Patrick Alken |
Subject: |
Re: [Bug-gsl] Statically analyze GSL-2.1 with our tool Canalyze |
Date: |
Fri, 19 Aug 2016 09:38:38 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
Hello, thank you for your report. These issues should now be fixed on
the git repository. Would you be able to check out the latest git and
re-run your tool?
Thanks,
Patrick
On 08/19/2016 02:43 AM, address@hidden wrote:
> This message originally contained an attachment that has been removed for
> your protection. The removed attachment had a file extension that is commonly
> used to package malicious content. If you were expecting the file, please
> contact the sender to arrange for an alternate delivery option. If you have
> questions about the attachment removal process, you are also welcome to
> contact the IT Service Center at address@hidden or 303-735-4357 (5-HELP from
> a campus phone). To learn more about these malicious file types, please go to
> http://www.colorado.edu/oit/services/messaging-collaboration/e-mail-delivery-management/email-attachments
> .
>
> Dear GSL Developers,
>
> We have analyzed GSL-2.1 (also GSL-1.16) with our symbolic execution
> (static) tool Canalyze [1] and detected 14 bugs, including following two
> kinds:
> 1) Use of undefined values (3): variables are not initialized and are used
> later.
> 2) Memory leak (11): do not free an allocated pointer.
> We should point out that all the bugs are checked by ourselves, which maybe
> false positives, i.e., the bugs will not happened in actuality.
>
> Our reports are very readable, which are attached with this email. Each
> report depicts one bug detected. We have written a document, within the
> attachment, for how to read the reports, which will cost your less than one
> minute to read. For each of the bug report, the developers of other
> applications analyzed by our tool gave the feedback of “I gave each bug no
> more than 2 minutes to check whether the bug is a real bug ore a false
> positive”.
>
> 1, An example of bug detected
> One bug detected is exampled as followed:
>
> In the example above, we analyzed the function “gen_schur_standardize1()” of
> the file “gen.c” (which is depicted in the complete report) and detected a
> bug at line 1570 of this function: use the variable “top”, which is not
> initialized. The “top” should be initialized at the true branch of “if”
> statement at line 1565. However, there is another path that passes the false
> branch, with “w->needtop” is false, and reach the statement at line 1570.
> Thus, the bug is triggered.
>
> References
>
> [1] Canalyze, home page, http://lcs.ios.ac.cn/~xuzb/canalyze/index.html
>
>
>
> Xingming Wu
> Institute of Software, Chinese Academy of Sciences
> Beijing, China
> Email: address@hidden
>
>
> This message originally contained an attachment that has been removed for
> your protection. The removed attachment had a file extension that is commonly
> used to package malicious content.