Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: "Koch, Rick (Subcontractor)" <Rick.Koch@xxxxxxx>

Ran CPPCheck 1.5.6 on Windows-XP.

Hi Rick,
Thank you for the clarification.
Normal practice on the list is to use Reply All, so everyone can participate in the discussion.

It looks like most of the reports are false positives. My bikeshedding thought would be that it is common in Git to inspect all the call sites such that they don't create the various problems, rather than protect against the problems within the various functions, which may be a cause of the reports (i.e. different philosophical approach to checking).

regards

Philip
---

v/r

Roderick (Rick) Koch
OSF - Information Assurance
Team Teledyne / Sentar Inc.
Work: 256-726-1253
Rick.Koch@xxxxxxx


-----Original Message-----
From: Philip Oakley [mailto:philipoakley@xxxxxxx]
Sent: Monday, August 19, 2013 3:03 PM
To: Koch, Rick (Subcontractor); Git List
Subject: Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

From: "Koch, Rick (Subcontractor)" <Rick.Koch@xxxxxxx>
Sent: Monday, August 19, 2013 6:09 PM
I'm directing to this e-mail, as it seems to be the approved forum for
posting Git bugs. We ran CPPCheck against Git v.1.8.3.4 and found 24
high risk bugs. Please see the attachment xlsx.

Is there a method to post to the Git community to allow the community
to review and debunk as faults positive or develop patches to fix lists
code files?

v/r

Roderick (Rick) Koch
Information Assurance
Rick.Koch@xxxxxxx

What OS version / CPPCheck version was this checked on?

In case other readers don't have a .xlsx reader here is Rick's list in plain text (may be white space damaged).

I expect some will be false positives, and some will just be being too cautious.

Philip

description resourceFilePath fileName lineNumber
     nullPointer(CppCheck) \git-master\builtin\add.c add.c 286
wrongPrintfScanfArgNum(CppCheck) \git-master\builtin\fetch.c fetch.c 588
     nullPointer(CppCheck) \git-master\builtin\ls-files.c ls-files.c
144
     nullPointer(CppCheck) \git-master\builtin\merge.c merge.c 1208
     doubleFree(CppCheck) \git-master\builtin\notes.c notes.c 275
     nullPointer(CppCheck) \git-master\builtin\reflog.c reflog.c 437
     uninitvar(CppCheck) \git-master\builtin\rev-list.c rev-list.c 342
     uninitvar(CppCheck) \git-master\builtin\rev-list.c rev-list.c 342
     uninitvar(CppCheck) \git-master\compat\regex\regcomp.c regcomp.c
2803
     uninitvar(CppCheck) \git-master\compat\regex\regcomp.c regcomp.c
2802
     uninitvar(CppCheck) \git-master\compat\regex\regcomp.c regcomp.c
2805
memleakOnRealloc(CppCheck) \git-master\compat\win32\syslog.c syslog.c 46
     uninitvar(CppCheck)
\git-master\contrib\examples\builtin-fetch--tool.c builtin-fetch--tool.c
419
     uninitvar(CppCheck) \git-master\fast-import.c fast-import.c 2917
     nullPointer(CppCheck) \git-master\line-log.c line-log.c 638
     nullPointer(CppCheck) \git-master\mailmap.c mailmap.c 156
uninitvar(CppCheck) \git-master\merge-recursive.c merge-recursive.c 1887
     uninitvar(CppCheck) \git-master\notes.c notes.c 805
     uninitvar(CppCheck) \git-master\notes.c notes.c 805
     deallocret(CppCheck) \git-master\pretty.c pretty.c 677
     resourceLeak(CppCheck) \git-master\refs.c refs.c 3041
     doubleFree(CppCheck) \git-master\sequencer.c sequencer.c 924
     nullPointer(CppCheck) \git-master\sha1_file.c sha1_file.c 125
     doubleFree(CppCheck) \git-master\shell.c shell.c 130


--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]