secnet and clang

Richard Kettlewell rjk at
Sat Dec 10 15:28:34 GMT 2011

I've fed secnet through Clang and its static analyzer.

First, just the compiler:

     It complained about a bunch of unused function arguments.  I have
     a patch to fix this.

     It also found an error in md5.c.  I have a patch for this too.

And the analyser:

     The results can be found at:

     The sha1.c dead assignments are attempts to clear
     possibly-sensitive values from RAM and of course are ineffective
     with post-neolithic compilers.  Actually both GCC and Clang have
     those variables in registers at that point anyway, even in 32-bit
     builds, so they'd be extra-pointless even if not optimized out.

     The assignments might be less dead with other
     configurations of the Bison macro soup.

     conffile.yy.c:1387, 1535.  False positives as far as I can see -
     yy_ensure_buffer_stack fatals if the allocation fails, so the
     analyzer's initial assumption should never be true.

     conffile.yy.c:1508 etc.  The original code in conffile.y looks OK
     to me.  Either the analyser's reasoning is defective (the
     explanations at 1366-69 seem rather suspect) or there is a bug in

     conffile.yy.c:556.  False positive, the operation would not be
     idempotent on an LP64 platform.

     conffile.yy.c:1577, 1582.  True but uninteresting.


More information about the sgo-software-discuss mailing list