* dev.c : Warning - dereference of null pointer, clang --analyze
@ 2012-06-19 11:44 Marek Otahal
2012-06-19 12:46 ` Clang analysis warnings WAS: " Marek Otahal
0 siblings, 1 reply; 4+ messages in thread
From: Marek Otahal @ 2012-06-19 11:44 UTC (permalink / raw)
To: util-linux
Hi list,
I was just building util-linux with clang to see how it's static code analysis works.
Here's what I got so far, I'm not sure about it's correctness, so excuse me if it's stupid.
CC dev.lo
clang: warning: unknown warning option '-Wmissing-parameter-type'; did you mean '-Wmissing-prototypes'?
clang: warning: unknown warning option '-Wunused-but-set-parameter'; did you mean '-Wunused-parameter'?
clang: warning: unknown warning option '-Wunused-but-set-variable'; did you mean '-Wunused-variable'?
dev.c:91:16: warning: Access to field 'next' results in a dereference of a null pointer
(loaded from variable 'p')
list_for_each(p, &dev->bid_tags) {
~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
../../include/list.h:179:48: note: expanded from macro 'list_for_each'
for (pos = (head)->next; pos != (head); pos = pos->next)
^
1 warning generated.
Best regards, Mark
--
Marek Otahal :o)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Clang analysis warnings WAS: Re: dev.c : Warning - dereference of null pointer, clang --analyze
2012-06-19 11:44 dev.c : Warning - dereference of null pointer, clang --analyze Marek Otahal
@ 2012-06-19 12:46 ` Marek Otahal
2012-06-19 13:04 ` [cont.] " Marek Otahal
2012-06-19 13:49 ` [cont.2] " Marek Otahal
0 siblings, 2 replies; 4+ messages in thread
From: Marek Otahal @ 2012-06-19 12:46 UTC (permalink / raw)
To: util-linux
Clang/llvm analysis on recent git master, hope some of them are relevant (not all mistakes by clang).
There're memleaks, null pointers passed, uninitialized params passed, execution with unknow priviledges(!),
null pointere dereference, buffer overflow, etc.
Sorry, the list is quite long, but please take time to skim it all, i didnt sort the warnings by importance, just as they appeared.
git pull
./autogen.sh
./configure CC="clang" LD="llvm-ld"
make CC="clang -c -O2 --analyze"
CC dev.lo
dev.c:91:16: warning: Access to field 'next' results in a dereference of a null pointer
(loaded from variable 'p')
list_for_each(p, &dev->bid_tags) {
~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
../../include/list.h:179:48: note: expanded from macro 'list_for_each'
for (pos = (head)->next; pos != (head); pos = pos->next)
^
1 warning generated.
CC canonicalize.lo
../../lib/canonicalize.c:59:15: warning: The left operand of '!=' is a garbage value
while (*path != '\0') {
~~~~~ ^
1 warning generated.
CC sysfs.lo
../../lib/sysfs.c:227:9: warning: Null pointer passed as an argument to a 'nonnull' parameter
return readlink(cxt->dir_path, buf, bufsiz);
^ ~~~~~~~~~~~~~
1 warning generated.
CC context.lo
context.c:382:38: warning: Access to field 'pid' results in a dereference of a null pointer
(loaded from variable 'cxt')
return !mnt_context_is_fork(cxt) && cxt->pid;
CC optstr.lo
optstr.c:321:17: warning: Null pointer passed as an argument to a 'nonnull' parameter
size_t possz = strlen(pos);
^ ~~~
CC tab.lo
tab.c:346:3: warning: Access to field 'next' results in a dereference of a null pointer (loaded from field 'p')
MNT_ITER_ITERATE(itr, *fs, struct libmnt_fs, ents);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./mountP.h:179:5: note: expanded from macro 'MNT_ITER_ITERATE'
(itr)->p->next : (itr)->p->prev; \
^ ~
CC utils.lo
utils.c:407:24: warning: Branch condition evaluates to a garbage value
for (p = filesystems; *p; p++)
^~
CC loopdev.lo
clang: warning: unknown warning option '-Wmissing-parameter-type'; did you mean '-Wmissing-prototypes'?
clang: warning: unknown warning option '-Wunused-but-set-parameter'; did you mean '-Wunused-parameter'?
clang: warning: unknown warning option '-Wunused-but-set-variable'; did you mean '-Wunused-variable'?
../../lib/loopdev.c:775:2: warning: Access to field 'debug' results in a dereference of a null pointer
(loaded from variable 'lc')
DBG(lc, loopdev_debug("get_crypt_name failed"));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
if ((l)->debug) {\
^
../../lib/loopdev.c:756:2: warning: Access to field 'debug' results in a dereference of a null pointer
(loaded from variable 'lc')
DBG(lc, loopdev_debug("get_encrypt_type [rc=%d]", rc));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
if ((l)->debug) {\
^
../../lib/loopdev.c:725:12: warning: Access to field 'flags' results in a dereference of a null pointer
(loaded from variable 'lc')
if (rc && loopcxt_ioctl_enabled(lc)) {
^~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/loopdev.c:71:39: note: expanded from macro 'loopcxt_ioctl_enabled'
#define loopcxt_ioctl_enabled(_lc) (!((_lc)->flags & LOOPDEV_FL_NOIOCTL))
^
../../lib/loopdev.c:911:6: warning: Access to field 'flags' results in a dereference of a null pointer
(loaded from variable 'lc')
if (loopcxt_ioctl_enabled(lc)) {
^~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/loopdev.c:71:39: note: expanded from macro 'loopcxt_ioctl_enabled'
#define loopcxt_ioctl_enabled(_lc) (!((_lc)->flags & LOOPDEV_FL_NOIOCTL))
^
4 warnings generated.
CC mkfs.o
mkfs.c:126:40: warning: Memory is never released; potential leak of memory pointed to by 'newpath'
progname = xmalloc(sizeof(PROGNAME) + strlen(fstype) + 1);
^~~~~~~~~~~~~~
CC fsck-fsck.o
fsck.c:715:3: warning: Function call argument is an uninitialized value
warnx(_("%s %s: status is %x, should never happen."),
^
1 warning generated.
CCLD fsck
CC mkfs.cramfs.o
mkfs.cramfs.c:863:59: warning: Memory is never released; potential leak of memory pointed to by 'e'
crc = crc32(crc, (unsigned char *) (rom_image+opt_pad), (offset-opt_pad));
^~~~~~
CC fdisk-fdisk.o
fdisk.c:1523:22: warning: The left operand of '<' is a garbage value
else if (first[i] < extended_offset ||
~~~~~~~~ ^
fdisk.c:1491:32: warning: The right operand of '<' is a garbage value
if (get_partition_start(pe) < first[i])
^ ~~~~~~~~
2 warnings generated.
CC fdisk-fdisksunlabel.o
fdisksunlabel.c:316:10: warning: Branch condition evaluates to a garbage value
if (lens[i]) {
^~~~~~~
CC fdisk-mbsalign.o
../lib/mbsalign.c:257:14: warning: Value stored to 'start_spaces' during its initialization is never read
size_t start_spaces = n_spaces / 2 + n_spaces % 2;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/mbsalign.c:258:14: warning: Value stored to 'end_spaces' during its initialization is never read
size_t end_spaces = n_spaces / 2;
^ ~~~~~~~~~~~~
2 warnings generated.
CC sfdisk.o
sfdisk.c:1529:9: warning: Value stored to 'pno' during its initialization is never read
int pno = z->partno;
^ ~~~~~~~~~
CC cfdisk-cfdisk.o
cfdisk.c:562:7: warning: Null pointer passed as an argument to a 'nonnull' parameter
if (strlen(str) > (size_t) COLS)
^ ~~~
CC getopt.o
getopt.c:189:5: warning: Function call argument is an uninitialized value
printf(" --%s", longopts[longindex].name);
^ ~~~~~~~~~~~~~~~~~~~~~~~~
getopt.c:456:2: warning: Memory is never released; potential leak of memory pointed to by 'optstr'
return generate_output(argv + optind - 1, argc-optind + 1,
^
CC fileutils.o
fileutils.c:78:2: warning: Null pointer passed as an argument to a 'nonnull' parameter
unlink(tmpname);
^ ~~~~~~~
CC mangle.o
mangle.c:160:9: warning: Memory is never released; potential leak of memory pointed to by 'ss'
return EXIT_SUCCESS;
^~~~~~~~~~~~
/usr/include/stdlib.h:135:22: note: expanded from macro 'EXIT_SUCCESS'
#define EXIT_SUCCESS 0 /* Successful exit status. */
^
CC pager.o
pager.c:140:2: warning: The left expression of the compound assignment is an uninitialized value. The computed
value will also be garbage
FD_SET(0, &in);
^~~~~~~~~~~~~~
/usr/include/sys/select.h:91:28: note: expanded from macro 'FD_SET'
#define FD_SET(fd, fdsetp) __FD_SET (fd, fdsetp)
^
/usr/include/bits/select.h:51:43: note: expanded from macro '__FD_SET'
((void) (__FDS_BITS (set)[__FD_ELT (d)] |= __FD_MASK (d)))
^
CC randutils.o
randutils.c:89:9: warning: The left expression of the compound assignment is an uninitialized value. The
computed value will also be garbage
*cp++ ^= (rand() >> 7) & 0xFF;
~~~~~ ^
CC tt.o
tt.c:634:2: warning: Access to field 'next' results in a dereference of a null pointer
list_for_each(p, &ln->table->tb_columns) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../include/list.h:179:13: note: expanded from macro 'list_for_each'
for (pos = (head)->next; pos != (head); pos = pos->next)
^~~~~~~~~~~~
../include/list.h:94:13: warning: Access to field 'prev' results in a dereference of a null pointer
(loaded from variable 'next')
next->prev = prev;
~~~~ ^
tt.c:659:3: warning: Null pointer argument in call to string copy function
strncpy(buf, cl->name, bufsz);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/bits/string2.h:761:33: note: expanded from macro 'strncpy'
# define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
^
3 warnings generated.
CC loopdev.o
../lib/loopdev.c:911:6: warning: Access to field 'flags' results in a dereference of a null pointer
(loaded from variable 'lc')
if (loopcxt_ioctl_enabled(lc)) {
^~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:71:39: note: expanded from macro 'loopcxt_ioctl_enabled'
#define loopcxt_ioctl_enabled(_lc) (!((_lc)->flags & LOOPDEV_FL_NOIOCTL))
^
../lib/loopdev.c:725:12: warning: Access to field 'flags' results in a dereference of a null pointer
(loaded from variable 'lc')
if (rc && loopcxt_ioctl_enabled(lc)) {
^~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:71:39: note: expanded from macro 'loopcxt_ioctl_enabled'
#define loopcxt_ioctl_enabled(_lc) (!((_lc)->flags & LOOPDEV_FL_NOIOCTL))
^
../lib/loopdev.c:756:2: warning: Access to field 'debug' results in a dereference of a null pointer
(loaded from variable 'lc')
DBG(lc, loopdev_debug("get_encrypt_type [rc=%d]", rc));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
if ((l)->debug) {\
^
../lib/loopdev.c:775:2: warning: Access to field 'debug' results in a dereference of a null pointer
(loaded from variable 'lc')
DBG(lc, loopdev_debug("get_crypt_name failed"));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
if ((l)->debug) {\
^
../lib/loopdev.c:815:2: warning: Access to field 'debug' results in a dereference of a null pointer
(loaded from variable 'lc')
DBG(lc, loopdev_debug("get_backing_inode [rc=%d]", rc));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
if ((l)->debug) {\
^
../lib/loopdev.c:795:2: warning: Access to field 'debug' results in a dereference of a null pointer
(loaded from variable 'lc')
DBG(lc, loopdev_debug("get_backing_devno [rc=%d]", rc));
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
if ((l)->debug) {\
^
6 warnings generated.
CC test_loopdev-sysfs.o
sysfs.c:227:9: warning: Null pointer passed as an argument to a 'nonnull' parameter
return readlink(cxt->dir_path, buf, bufsiz);
^ ~~~~~~~~~~~~~
1 warning generated.
CC login.o
login.c:1023:4: warning: The return value from the call to 'setregid' is not checked. If an error occurs in
'setregid', the following code may execute with unexpected privileges
setregid(-1, egid);
^~~~~~~~
login.c:1019:4: warning: The return value from the call to 'setreuid' is not checked. If an error occurs in
'setreuid', the following code may execute with unexpected privileges
setreuid(0, pwd->pw_uid);
^~~~~~~~
login.c:1021:4: warning: The return value from the call to 'setuid' is not checked. If an error occurs in
'setuid', the following code may execute with unexpected privileges
setuid(0); /* setreuid doesn't do it alone! */
^~~~~~
login.c:1018:4: warning: The return value from the call to 'setregid' is not checked. If an error occurs in
'setregid', the following code may execute with unexpected privileges
setregid(-1, pwd->pw_gid);
^~~~~~~~
login.c:1022:4: warning: The return value from the call to 'setreuid' is not checked. If an error occurs in
'setreuid', the following code may execute with unexpected privileges
setreuid(ruid, 0);
^~~~~~~~
login.c:1288:2: warning: Value stored to 'argc' is never read
argc -= optind;
^ ~~~~~~
login.c:1153:2: warning: Null pointer passed as an argument to a 'nonnull' parameter
setenv("USER", pwd->pw_name, 1);
^ ~~~~~~~~~~~~
login.c:1333:8: warning: Memory is never released; potential leak of memory pointed to by 'pwdbuf'
pwd = cxt.pwd;
^~~
login.c:758:5: warning: Memory is never released; potential leak of memory pointed to by 'prompt'
rc = pam_set_item(pamh, PAM_USER_PROMPT, loginpam_get_prompt(cxt));
~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
9 warnings generated.
CC sulogin.o
sulogin.c:117:2: warning: Size argument is greater than the length of the destination buffer
strncpy(id, pass, off);
^~~~~~~~~~~~~~~~~~~~~~
/usr/include/bits/string2.h:761:33: note: expanded from macro 'strncpy'
# define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
^
CC lsblk-lsblk.o
lsblk.c:1335:2: warning: Address of stack memory associated with local variable '_ls' is still referred to by
the global variable 'lsblk' upon returning to the caller. This will be a dangling reference
return status;
^
CC wipefs-wipefs.o
wipefs.c:314:22: warning: Access to field 'zap' results in a dereference of a null pointer
(loaded from variable 'wp')
int zap = all ? 1 : wp->zap;
^~
CC namei.o
namei.c:392:5: warning: Access to field 'name' results in a dereference of a null pointer
get_id(ucache, nm->st.st_uid)->name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CC lslocks.o
In file included from lslocks.c:38:
In file included from ../include/tt.h:12:
../include/list.h:94:13: warning: Access to field 'prev' results in a dereference of a null pointer
(loaded from variable 'next')
next->prev = prev;
~~~~ ^
CC rename.o
rename.c:47:8: warning: Dereference of null pointer
*q++ = *p++;
~~~~~^~~~~~
rename.c:44:8: warning: Dereference of null pointer
*q++ = *p++;
~~~~~^~~~~~
rename.c:50:8: warning: Dereference of null pointer
*q++ = *p++;
~~~~~^~~~~~
3 warnings generated.
CC dmesg.o
dmesg.c:790:2: warning: Value stored to 'argv' is never read
argv += optind;
^ ~~~~~~
dmesg.c:791:2: warning: Value stored to 'n' is never read
n = 0;
^ ~
sending this part, as it's getting long...
-mark
--
Marek Otahal :o)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [cont.] Clang analysis warnings WAS: Re: dev.c : Warning - dereference of null pointer, clang --analyze
2012-06-19 12:46 ` Clang analysis warnings WAS: " Marek Otahal
@ 2012-06-19 13:04 ` Marek Otahal
2012-06-19 13:49 ` [cont.2] " Marek Otahal
1 sibling, 0 replies; 4+ messages in thread
From: Marek Otahal @ 2012-06-19 13:04 UTC (permalink / raw)
To: util-linux
On Tuesday 19 of June 2012 14:46:53 you wrote:
> Clang/llvm analysis on recent git master, hope some of them are relevant (not all mistakes by clang).
>
> There're memleaks, null pointers passed, uninitialized params passed, execution with unknow priviledges(!),
> null pointere dereference, buffer overflow, etc.
>
> Sorry, the list is quite long, but please take time to skim it all, i didnt sort the warnings by importance, just as they appeared.
>
CC switch_root.o
switch_root.c:213:7: warning: Dereference of null pointer (loaded from variable 'newroot')
if (!*newroot || !*init)
^~~~~~~~
CC flock.o
flock.c:281:8: warning: Null pointer passed as an argument to a 'nonnull' parameter
access(filename, R_OK | W_OK) == 0) {
^ ~~~~~~~~
CC ipcs.o
ipcs.c:476:8: warning: Function call argument is an uninitialized value
pw = getpwuid(ipcp->uid);
^ ~~~~~~~~~
ipcs.c:246:40: warning: The left operand of '&' is a garbage value
printf ("%-10d %-10o", id, ipcp->mode & 0777);
~~~~~~~~~~ ^
ipcs.c:432:3: warning: Function call argument is an uninitialized value
printf (_("max number of arrays = %d\n"), seminfo.semmni);
^ ~~~~~~~~~~~~~~
ipcs.c:441:3: warning: Function call argument is an uninitialized value
printf (_("used arrays = %d\n"), seminfo.semusz);
^ ~~~~~~~~~~~~~~
ipcs.c:688:2: warning: Function call argument is an uninitialized value
printf (_("uid=%u\t gid=%u\t cuid=%u\t cgid=%u\n"),
^
5 warnings generated.
CC cytune.o
cytune.c:202:8: warning: Function call argument is an uninitialized value
if (ioctl(cmon[cmon_index].cfile, CYGETMON, &cywork))
^ ~~~~~~~~~~~~~~~~~~~~~~
cytune.c:456:3: warning: Address of stack memory associated with local variable 'argv' is still referred to by
the global variable 'global_argv' upon returning to the caller. This will be a dangling reference
return EXIT_SUCCESS;
^
cytune.c:460:2: warning: Address of stack memory associated with local variable 'argv' is still referred to by
the global variable 'global_argv' upon returning to the caller. This will be a dangling reference
return EXIT_SUCCESS;
^
cytune.c:380:4: warning: Address of stack memory associated with local variable 'argv' is still referred to by
the global variable 'global_argv' upon returning to the caller. This will be a dangling reference
return EXIT_SUCCESS;
^
4 warnings generated.
CC eject-eject.o
eject.c:619:2: warning: Value stored to 'status' is never read
status = ioctl(fd, BLKRRPART);
^ ~~~~~~~~~~~~~~~~~~~~
CC prlimit.o
prlimit.c:364:20: warning: Access to field 'resource' results in a dereference of a null pointer
(loaded from field 'desc')
if (prlimit(pid, lim->desc->resource, new, old) == -1)
^ ~~~~
CC lscpu.o
In file included from lscpu.c:38:
../include/xalloc.h:45:21: warning: Call to 'calloc' has an allocation size of 0 bytes
void *ret = calloc(nelems, size);
^ ~~~~~~
lscpu.c:661:27: warning: Array access (via field 'polarization') results in a null pointer dereference
desc->polarization[num] = POLAR_VHIGH;
~~~~~~~~~~~~ ^
lscpu.c:665:27: warning: Array access (via field 'polarization') results in a null pointer dereference
desc->polarization[num] = POLAR_UNKNOWN;
~~~~~~~~~~~~ ^
lscpu.c:659:27: warning: Array access (via field 'polarization') results in a null pointer dereference
desc->polarization[num] = POLAR_VMEDIUM;
~~~~~~~~~~~~ ^
lscpu.c:663:27: warning: Array access (via field 'polarization') results in a null pointer dereference
desc->polarization[num] = POLAR_HORIZONTAL;
~~~~~~~~~~~~ ^
lscpu.c:657:27: warning: Array access (via field 'polarization') results in a null pointer dereference
desc->polarization[num] = POLAR_VLOW;
~~~~~~~~~~~~ ^
lscpu.c:675:23: warning: Array access (via field 'addresses') results in a null pointer dereference
desc->addresses[num] = path_getnum(_PATH_SYS_CPU "/cpu%d/address", num);
~~~~~~~~~ ^
lscpu.c:685:24: warning: Array access (via field 'configured') results in a null pointer dereference
desc->configured[num] = path_getnum(_PATH_SYS_CPU "/cpu%d/configure", num);
~~~~~~~~~~ ^
8 warnings generated.
CC readprofile.o
readprofile.c:232:3: warning: The return value from the call to 'setuid' is not checked. If an error occurs in
'setuid', the following code may execute with unexpected privileges
setuid(0);
^~~~~~
CC tunelp.o
tunelp.c:248:11: warning: Memory is never released; potential leak of memory pointed to by 'cmdst'
printf(UTIL_LINUX_VERSION);
^~~~~~~~~~~~~~~~~~
../include/c.h:247:78: note: expanded from macro 'UTIL_LINUX_VERSION'
#define UTIL_LINUX_VERSION _("%s from %s\n"), program_invocation_short_name, PACKAGE_STRING
^
../config.h:519:24: note: expanded from macro 'PACKAGE_STRING'
#define PACKAGE_STRING "util-linux 2.21.715-1400"
^~~~~~~~~~~~~~~~~~~~~~~~~~
tunelp.c:259:7: warning: Null pointer passed as an argument to a 'nonnull' parameter
fd = open(filename, O_WRONLY | O_NONBLOCK, 0);
^ ~~~~~~~~
CC rtcwake.o
rtcwake.c:600:13: warning: Memory is never released; potential leak of memory pointed to by 'devname'
} else if (strcmp(suspend, "disable") == 0) {
^
/usr/include/bits/string2.h:802:13: note: expanded from macro 'strcmp'
({ size_t __s1_len, __s2_len; \
^
CC agetty.o
agetty.c:464:9: warning: Branch condition evaluates to a garbage value
while (*p) {
^~
CC script.o
script.c:326:16: warning: Assigned value is garbage or undefined
childstatus = status;
^ ~~~~~~
CC setterm.o
setterm.c:1197:9: warning: Dereference of null pointer
*q++ = *p;
~~~~~^~~~
setterm.c:1204:36: warning: Memory is never released; potential leak of memory pointed to by 'p'
if (fwrite(outbuf, 1, q - outbuf, F) != (size_t) (q - outbuf)) {
^
setterm.c:1197:11: warning: Dereference of null pointer (loaded from variable 'p')
*q++ = *p;
^~
setterm.c:1202:8: warning: Dereference of null pointer
*q++ = '\n';
~~~~~^~~~~~
setterm.c:1208:8: warning: Memory is never released; potential leak of memory pointed to by 'q'
close(fd);
^~
5 warnings generated.
CC more.o
more.c:1592:19: warning: Value stored to 'line3' during its initialization is never read
register long line3 = startline;
^ ~~~~~~~~~
CC column.o
column.c:164:2: warning: Value stored to 'argc' is never read
argc -= optind;
^ ~~~~~~
column.c:360:7: warning: Dereference of null pointer (loaded from variable 'p')
*p = '\0';
~ ^
In file included from column.c:55:
../include/xalloc.h:45:21: warning: Call to 'calloc' has an allocation size of 0 bytes
void *ret = calloc(nelems, size);
^ ~~~~~~
--
Marek Otahal :o)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [cont.2] Clang analysis warnings WAS: Re: dev.c : Warning - dereference of null pointer, clang --analyze
2012-06-19 12:46 ` Clang analysis warnings WAS: " Marek Otahal
2012-06-19 13:04 ` [cont.] " Marek Otahal
@ 2012-06-19 13:49 ` Marek Otahal
1 sibling, 0 replies; 4+ messages in thread
From: Marek Otahal @ 2012-06-19 13:49 UTC (permalink / raw)
To: util-linux
On Tuesday 19 of June 2012 14:46:53 you wrote:
> Clang/llvm analysis on recent git master, hope some of them are relevant (not all mistakes by clang).
>
> There're memleaks, null pointers passed, uninitialized params passed, execution with unknow priviledges(!),
> null pointere dereference, buffer overflow, etc.
>
> Sorry, the list is quite long, but please take time to skim it all, i didnt sort the warnings by importance, just as they appeared.
>
CC parse.o
parse.c:144:10: warning: Size argument is greater than the length of the destination buffer
(void) strncpy(tfu->fmt, savep, p - savep);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/bits/string2.h:761:33: note: expanded from macro 'strncpy'
# define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
^
CC ul.o
ul.c:481:22: warning: The left operand of '==' is a garbage value
for (*cp = ' '; *cp == ' '; cp--)
~~~ ^
ul.c:447:22: warning: The left operand of '==' is a garbage value
for (*cp = ' '; *cp == ' '; cp--)
~~~ ^
CC pg.o
pg.c:1223:7: warning: Value stored to 'sz' is never read
sz = regerror(rerror, &re,
^ ~~~~~~~~~~~~~~~~~~~~~
CC hwclock.o
hwclock.c:1671:2: warning: Value stored to 'argv' is never read
argv += optind;
^ ~~~~~~
CC rtc.o
rtc.c:309:4: warning: The left expression of the compound assignment is an uninitialized value. The computed
value will also be garbage
FD_SET(rtc_fd, &rfds);
^~~~~~~~~~~~~~~~~~~~~
/usr/include/sys/select.h:91:28: note: expanded from macro 'FD_SET'
#define FD_SET(fd, fdsetp) __FD_SET (fd, fdsetp)
^
/usr/include/bits/select.h:51:43: note: expanded from macro '__FD_SET'
((void) (__FDS_BITS (set)[__FD_ELT (d)] |= __FD_MASK (d)))
^
CC mount-mount.o
mount.c:2768:9: warning: Dereference of null pointer
mc->m.mnt_opts, options, 0, 0);
^~~~~~~~~~~~~~
mount.c:2036:2: warning: Null pointer argument in call to string copy function
strncpy (n, s, sub-s);
^~~~~~~~~~~~~~~~~~~~~
/usr/include/bits/string2.h:761:33: note: expanded from macro 'strncpy'
# define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
^
mount.c:2060:17: warning: Memory is never released; potential leak of memory pointed to by 'opts'
return xstrdup(opts);
^~~~
3 warnings generated.
CC mount-sundries.o
sundries.c:33:6: warning: Null pointer argument in call to string copy function
strncpy(t,s,n);
^~~~~~~~~~~~~~
/usr/include/bits/string2.h:761:33: note: expanded from macro 'strncpy'
# define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
^
CC mount-fstab.o
fstab.c:832:6: warning: Dereference of null pointer (loaded from variable 'dest')
if (*dest) {
^~~~~
Now, compilation finished correctly :)
With regards,
Mark
--
Marek Otahal :o)
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-06-19 13:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-06-19 11:44 dev.c : Warning - dereference of null pointer, clang --analyze Marek Otahal
2012-06-19 12:46 ` Clang analysis warnings WAS: " Marek Otahal
2012-06-19 13:04 ` [cont.] " Marek Otahal
2012-06-19 13:49 ` [cont.2] " Marek Otahal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.