[dvblast-devel] clang static checker results (8 errors)

Dirk Braunschweiger dirkmb at selfnet.de
Fri Feb 13 17:24:29 CET 2015 

On 2015-02-12 23:39, Christophe Massiot wrote:
> Hello,
> 
>> On 01 Feb 2015, at 00:05, Georgi Chorbadzhiyski <gf at unixsol.org> 
>> wrote:
>> 
>> I've run clang static checker on dvblast and the results are attached. 
>> It shows
>> some disturbing errors which to me look like they're real.
>> 
>> Can somebody more familiar with the code please take a look?
> 
> Err, that probably means me ;).
> 
>> Errors summary:
>>  Logic error
>>    Branch condition evaluates to a garbage value             3
>>    Uninitialized argument value                              1
>>  Unix API
>>    Allocator sizeof operand mismatch                         2
>>    Undefined allocation of 0 bytes (CERT MEM04-C; CWE-131)   2
>> 
>> The logic errors are the ones that bother me most also the possible 
>> zero
>> size allocations. The sizeof() ones looks harmless.
> 
> I don't understand the "branch condition evaluates to a garbage value"
> -> in all cases we check if the pointer is NULL or not (if there are
> some blocks afterwards in p_next). Maybe add an explicit != NULL.
> Uninitalized argument value seems related. p_block->p_next is
> initialized to NULL so it should never be undefined. For sizeof stuff,
> try replacing void ** with char * in TAB_APPEND. It shouldn't make a
> difference though.
> 
> Finally, the zero-size allocation is probably the biggest error in
> theory, because if i_nb_pids == 0, malloc may return NULL, and then
> the subsequent memcpy has an invalid pointer, which is illegal even
> though size == 0. I don't think the current libc implementations break
> on this though.

the uninitalized argument can only happen if i_block_cnt = 0, I'm not 
familiar with this code so I do not know it this can happen.
at the first look it seems that pp_current is initialized with p_ts but, 
p_ts does not have an initial value.

i think "branch condition evaluates to a garbage value" means that the 
value can be uninitalized. and in the asi.c this happens when step 8 is 
false. so when the for loop is not entered.

can we assign NULL to *p_ts at its declaration? i think that should fix 
these errors, because then *pp_current is also NULL and can be checked 
in the ifs without getting these errors.

best regrads,
dirk

More information about the dvblast-devel mailing list