is musl run against cppcheck ?

mailing list of musl libc
 help / color / mirror / code / Atom feed

* is musl run against cppcheck ?
@ 2013-02-28 14:54 Roger Sibert
  2013-02-28 15:49 ` John Spencer
  2013-02-28 23:24 ` Rich Felker
  0 siblings, 2 replies; 4+ messages in thread
From: Roger Sibert @ 2013-02-28 14:54 UTC (permalink / raw)
  To: musl

Hello Everyone,

I was just looking at musl to help with static compiled binaries for
systems that use CF cards for the base OS, I always run code against
cppcheck prior to use so that up front I know what may have to explain
to someone.

In running against an older version of cppcheck, my main system is
being rebuilt and the backup hasnt been upgraded yet, I ran across the
following

[src/network/getaddrinfo.c:115]: (error) Null pointer dereference
[src/network/if_nameindex.c:52]: (error) Memory leak: p
[src/thread/sem_open.c:45]: (error) Possible null pointer dereference:
semtab - otherwise it is redundant to check if seis null at line 45

My coding experience is spotty and I know cppcheck can throw false
positives so instead of guessing I wanted to see if the musl code had
been run through cppcheck.

I ran the below but just filtered out some of the possible/probably
false positives, though the ones referring to ccosh.c might be real.

/musl# script -c "/root/cppcheck --force --enable=all ."
cppcheck-output-musl.txt

Thanks,
Roger

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: is musl run against cppcheck ?
  2013-02-28 14:54 is musl run against cppcheck ? Roger Sibert
@ 2013-02-28 15:49 ` John Spencer
  2013-02-28 23:40   ` nwmcsween
  2013-02-28 23:24 ` Rich Felker
  1 sibling, 1 reply; 4+ messages in thread
From: John Spencer @ 2013-02-28 15:49 UTC (permalink / raw)
  To: musl; +Cc: Roger Sibert

On 02/28/2013 03:54 PM, Roger Sibert wrote:
> Hello Everyone,
>
> I was just looking at musl to help with static compiled binaries for
> systems that use CF cards for the base OS, I always run code against
> cppcheck prior to use so that up front I know what may have to explain
> to someone.
>
> In running against an older version of cppcheck, my main system is
> being rebuilt and the backup hasnt been upgraded yet, I ran across the
> following
>
> [src/network/getaddrinfo.c:115]: (error) Null pointer dereference
> [src/network/if_nameindex.c:52]: (error) Memory leak: p
> [src/thread/sem_open.c:45]: (error) Possible null pointer dereference:
> semtab - otherwise it is redundant to check if seis null at line 45

if musl deref's a null pointer, it is mostly to conciously cause a crash.
however, i think it should call a_crash() instead.

> My coding experience is spotty and I know cppcheck can throw false
> positives so instead of guessing I wanted to see if the musl code had
> been run through cppcheck.

yes. it was run a couple of time in the past.
for example this commit here fixed a commit that removed "unused code" 
wrongly detected by cppcheck.
http://git.musl-libc.org/cgit/musl/commit/?id=ae4b0b96d63fe3cbd70008350f998570c9e91f7f
> I ran the below but just filtered out some of the possible/probably
> false positives, though the ones referring to ccosh.c might be real.
>
> /musl# script -c "/root/cppcheck --force --enable=all ."
> cppcheck-output-musl.txt
>
> Thanks,
> Roger
>



^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: is musl run against cppcheck ?
  2013-02-28 14:54 is musl run against cppcheck ? Roger Sibert
  2013-02-28 15:49 ` John Spencer
@ 2013-02-28 23:24 ` Rich Felker
  1 sibling, 0 replies; 4+ messages in thread
From: Rich Felker @ 2013-02-28 23:24 UTC (permalink / raw)
  To: musl

On Thu, Feb 28, 2013 at 09:54:03AM -0500, Roger Sibert wrote:
> Hello Everyone,
> 
> I was just looking at musl to help with static compiled binaries for
> systems that use CF cards for the base OS, I always run code against
> cppcheck prior to use so that up front I know what may have to explain
> to someone.

Thanks. I've reviewed them and none of them seem indicative of bugs.
See below:

> In running against an older version of cppcheck, my main system is
> being rebuilt and the backup hasnt been upgraded yet, I ran across the
> following
> 
> [src/network/getaddrinfo.c:115]: (error) Null pointer dereference

This is cppcheck being idiotic. It's treating a[b] as a dereference of
a, rather than treating it as *(a+b). Of course one could argue that
musl should not be using this arcane application of the [] operator...
but it's definitely not a null pointer dereference; it's a zero-offset
array reference.

> [src/network/if_nameindex.c:52]: (error) Memory leak: p

This is not a memory leak. cppcheck seems to be assuming any return
value other than 0 from do_nameindex is an allocation; this is not the
case. (void*)-1 is a sentinel, so discarding the pointer p when it
compares equal to (void*)-1 is not leaking allocated memory.

> [src/thread/sem_open.c:45]: (error) Possible null pointer dereference:
> semtab - otherwise it is redundant to check if seis null at line 45

This looks like a cppcheck bug: considering the *semtab argument of
the sizeof operator as a dereference. It's not because the expression
that's the operand of sizeof is never evaluated.

Rich

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: is musl run against cppcheck ?
  2013-02-28 15:49 ` John Spencer
@ 2013-02-28 23:40   ` nwmcsween
  0 siblings, 0 replies; 4+ messages in thread
From: nwmcsween @ 2013-02-28 23:40 UTC (permalink / raw)
  To: musl

I'd recommend running the clang static analyzer if you can and hosting the resulting web view of it if you can. Iirc the static analyzer found bugs the last time.

Sent from my iPhone

On Feb 28, 2013, at 7:49 AM, John Spencer <maillist-musl@barfooze.de> wrote:

> On 02/28/2013 03:54 PM, Roger Sibert wrote:
>> Hello Everyone,
>> 
>> I was just looking at musl to help with static compiled binaries for
>> systems that use CF cards for the base OS, I always run code against
>> cppcheck prior to use so that up front I know what may have to explain
>> to someone.
>> 
>> In running against an older version of cppcheck, my main system is
>> being rebuilt and the backup hasnt been upgraded yet, I ran across the
>> following
>> 
>> [src/network/getaddrinfo.c:115]: (error) Null pointer dereference
>> [src/network/if_nameindex.c:52]: (error) Memory leak: p
>> [src/thread/sem_open.c:45]: (error) Possible null pointer dereference:
>> semtab - otherwise it is redundant to check if seis null at line 45
> 
> if musl deref's a null pointer, it is mostly to conciously cause a crash.
> however, i think it should call a_crash() instead.
> 
>> My coding experience is spotty and I know cppcheck can throw false
>> positives so instead of guessing I wanted to see if the musl code had
>> been run through cppcheck.
> 
> yes. it was run a couple of time in the past.
> for example this commit here fixed a commit that removed "unused code" wrongly detected by cppcheck.
> http://git.musl-libc.org/cgit/musl/commit/?id=ae4b0b96d63fe3cbd70008350f998570c9e91f7f
>> I ran the below but just filtered out some of the possible/probably
>> false positives, though the ones referring to ccosh.c might be real.
>> 
>> /musl# script -c "/root/cppcheck --force --enable=all ."
>> cppcheck-output-musl.txt
>> 
>> Thanks,
>> Roger
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2013-02-28 23:40 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-02-28 14:54 is musl run against cppcheck ? Roger Sibert
2013-02-28 15:49 ` John Spencer
2013-02-28 23:40   ` nwmcsween
2013-02-28 23:24 ` Rich Felker

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).