[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BUGs: static code analysis (gcc, clang, cppcheck)
From: |
Xose Vazquez Perez |
Subject: |
BUGs: static code analysis (gcc, clang, cppcheck) |
Date: |
Tue, 9 Mar 2021 14:23:04 +0100 |
Hi,
$ make -i -k # gcc-11 with -fanalyzer
gcc -Wall -W -O2 -fanalyzer -c -o buffer.o buffer.c
gcc -Wall -W -O2 -fanalyzer -c -o carg_parser.o carg_parser.c
gcc -Wall -W -O2 -fanalyzer -c -o global.o global.c
gcc -Wall -W -O2 -fanalyzer -c -o io.o io.c
gcc -Wall -W -O2 -fanalyzer -DPROGVERSION=\"1.17\" -c -o main.o main.c
gcc -Wall -W -O2 -fanalyzer -c -o main_loop.o main_loop.c
gcc -Wall -W -O2 -fanalyzer -c -o regex.o regex.c
gcc -Wall -W -O2 -fanalyzer -c -o signal.o signal.c
signal.c: In function ‘sighup_handler.part.0’:
signal.c:57:9: warning: leak of ‘<unknown>’ [CWE-401] [-Wanalyzer-malloc-leak]
57 | if( len && hup ) /* hup filename */
| ^
‘sighup_handler.part.0’: events 1-8
|
| 49 | if( last_addr() && modified() &&
| | ^
| | |
| | (1) following ‘true’ branch...
|......
| 52 | char * const s = getenv( "HOME" );
| | ~~~~~~~~~~~~~~~~
| | |
| | (2) ...to here
| 53 | const int len = ( s ? strlen( s ) : 0 );
| | ~~~
| | |
| | (3) following ‘false’ branch (when ‘s’ is NULL)...
| 54 | const int need_slash = ( ( !len || s[len-1] != '/' ) ? 1 : 0
);
| 55 | char * const hup = ( ( len + need_slash + (int)sizeof hb <
path_max( 0 ) ) ?
| |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| 56 | (char *) malloc( len + need_slash + sizeof hb
) : 0 );
| |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | | |
|
| | | (6) ...to here
(5) following ‘true’ branch...
| | (7) allocated here
| 57 | if( len && hup ) /* hup filename */
| | ~
| | |
| | (8) ‘<unknown>’ leaks here; was allocated at (7)
|
gcc -Wall -W -O2 -fanalyzer -o ed buffer.o carg_parser.o global.o io.o main.o
main_loop.o regex.o signal.o
cat ./red.in > red
chmod a+x red
================================================================================
$ scan-build make -i -k # clang-12
scan-build: Using '/usr/bin/clang-12' for static analysis
/usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o buffer.o buffer.c
/usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o carg_parser.o
carg_parser.c
carg_parser.c:239:27: warning: Potential leak of memory pointed to by
'non_options' [unix.Malloc]
if( !tmp ) return 0;
^
1 warning generated.
/usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o global.o global.c
global.c:94:10: warning: Access to field 'q_forw' results in a dereference of a
null pointer (loaded from variable 'bp') [core.NullDereference]
bp = bp->q_forw;
^~~~~~~~~~
1 warning generated.
/usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o io.o io.c
/usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -DPROGVERSION=\"1.17\" -c -o
main.o main.c
/usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o main_loop.o main_loop.c
/usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o regex.o regex.c
/usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o signal.o signal.c
signal.c:183:21: warning: Array access (from variable 'buf') results in a null
pointer dereference [core.NullDereference]
while( ( buf[i++] = ( (*p == '\\' ) ? *++p : *p ) ) )
~~~ ^
1 warning generated.
/usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -o ed buffer.o carg_parser.o
global.o io.o main.o main_loop.o regex.o signal.o
cat ./red.in > red
chmod a+x red
scan-build: Analysis run complete.
scan-build: 3 bugs found.
scan-build: Run 'scan-view /tmp/scan-build-2021-03-09-135759-14937-1' to
examine bug reports.
================================================================================
$ cppcheck --force -v . # cppcheck-2.3 (--enable=all is too verbose)
Checking buffer.c ...
Defines:
Undefines:
Includes:
Platform:Native
buffer.c:577:9: error: Memory pointed to by 'ustack' is freed twice.
[doubleFree]
free( ustack );
^
buffer.c:568:28: note: Memory pointed to by 'ustack' is freed twice.
if( ustack ) new_buf = realloc( ustack, new_size );
^
buffer.c:577:9: note: Memory pointed to by 'ustack' is freed twice.
free( ustack );
^
1/8 files checked 18% done
Checking carg_parser.c ...
Defines:
Undefines:
Includes:
Platform:Native
2/8 files checked 27% done
Checking global.c ...
Defines:
Undefines:
Includes:
Platform:Native
3/8 files checked 30% done
Checking io.c ...
Defines:
Undefines:
Includes:
Platform:Native
4/8 files checked 41% done
Checking main.c ...
Defines:
Undefines:
Includes:
Platform:Native
5/8 files checked 50% done
Checking main_loop.c ...
Defines:
Undefines:
Includes:
Platform:Native
6/8 files checked 80% done
Checking regex.c ...
Defines:
Undefines:
Includes:
Platform:Native
7/8 files checked 94% done
Checking signal.c ...
Defines:
Undefines:
Includes:
Platform:Native
Checking signal.c: SA_RESTART...
Checking signal.c: SIGWINCH...
Checking signal.c: TIOCGWINSZ...
8/8 files checked 100% done
================================================================================
Thanks.
- BUGs: static code analysis (gcc, clang, cppcheck),
Xose Vazquez Perez <=