secnet and clang
rjk at terraraq.org.uk
Sat Dec 10 15:28:34 GMT 2011
I've fed secnet through Clang and its static analyzer.
First, just the compiler:
It complained about a bunch of unused function arguments. I have
a patch to fix this.
It also found an error in md5.c. I have a patch for this too.
And the analyser:
The results can be found at:
The sha1.c dead assignments are attempts to clear
possibly-sensitive values from RAM and of course are ineffective
with post-neolithic compilers. Actually both GCC and Clang have
those variables in registers at that point anyway, even in 32-bit
builds, so they'd be extra-pointless even if not optimized out.
The conffile.tab.c assignments might be less dead with other
configurations of the Bison macro soup.
conffile.yy.c:1387, 1535. False positives as far as I can see -
yy_ensure_buffer_stack fatals if the allocation fails, so the
analyzer's initial assumption should never be true.
conffile.yy.c:1508 etc. The original code in conffile.y looks OK
to me. Either the analyser's reasoning is defective (the
explanations at 1366-69 seem rather suspect) or there is a bug in
conffile.yy.c:556. False positive, the operation would not be
idempotent on an LP64 platform.
conffile.yy.c:1577, 1582. True but uninteresting.
More information about the sgo-software-discuss