I've been tasked with a quick acceptance check of Postgres for an upcoming project. It's a quick check, so its limited to Clang's analyzer and sanitizers. The analyzer is reporting some findings, and some of the findings look legitimate. For example, it looks like there's a double `free` occurring in streamutil.c (around line 115). Here's a screen capture of it under scan-view: http://postimg.org/image/3ph4hkyav/. From the capture, it looks like `password` should be set to NULL after `free` because Clang found a path to get back to the top of the loop (which will free `password` again`). There's some others of interest, too. For example, Divide by Zero and Buffer Overflows. Here's the index.html from the scan-view report: http://postimg.org/image/tn2ovjout/. The scan-view tar ball is a 5.5 megabytes in size (its HTML based with a lot of mouse over markup to help understand flows), and I'm not sure the bug reporter will take it. Plus the developers may not want it added to the bug reporter. Would someone know the best way to get this to the right folks? Thanks in advance. (And sorry reporting to pgsql-general - the developer list states emails must go elsewhere first). Jeff -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
