----- Original Message ----- From: "Philip Oakley" <philipoak...@iee.org>
From: "Koch, Rick (Subcontractor)" <rick.k...@tbe.com>
Sent: Monday, August 19, 2013 6:09 PM
I'm directing to this e-mail, as it seems to be the approved forum
for posting Git bugs. We ran CPPCheck against Git v.
and found 24 high risk bugs. Please see the attachment xlsx.

Is there a method to post to the Git community to allow the
community to review and debunk as faults positive or develop
patches to fix lists code files?


Roderick (Rick) Koch
Information Assurance

What OS version / CPPCheck version was this checked on?

In case other readers don't have a .xlsx reader here is Rick's list in plain text (may be white space damaged).

I expect some will be false positives, and some will just be being too cautious.


description resourceFilePath fileName lineNumber
     nullPointer(CppCheck) \git-master\builtin\add.c add.c 286
     wrongPrintfScanfArgNum(CppCheck) \git-master\builtin\fetch.c
fetch.c 588
     nullPointer(CppCheck) \git-master\builtin\ls-files.c ls-files.c
     nullPointer(CppCheck) \git-master\builtin\merge.c merge.c 1208
     doubleFree(CppCheck) \git-master\builtin\notes.c notes.c 275
     nullPointer(CppCheck) \git-master\builtin\reflog.c reflog.c 437
     uninitvar(CppCheck) \git-master\builtin\rev-list.c rev-list.c 342
     uninitvar(CppCheck) \git-master\builtin\rev-list.c rev-list.c 342
     uninitvar(CppCheck) \git-master\compat\regex\regcomp.c regcomp.c
     uninitvar(CppCheck) \git-master\compat\regex\regcomp.c regcomp.c
     uninitvar(CppCheck) \git-master\compat\regex\regcomp.c regcomp.c
     memleakOnRealloc(CppCheck) \git-master\compat\win32\syslog.c
syslog.c 46

This looks like a possible, based on http://bytes.com/topic/c/answers/215084-can-realloc-potentially-cause-memory-leak (Mac's reply, with tweaks)

"Misuse of realloc CAN cause a memory leak, but only when allocation fails" "if realloc fails, the memory previously pointed to by 'str = realloc(str, ++str_len + 1)' will still be claimed, but you will have lost your only pointer to it, because realloc returns NULL on failure. This is a memory leak."

We (those using the compat function) then only provide a warning, so it could repeat endlessly.

Eric (cc'd) may be able to clarify if this is a possibility.

\git-master\contrib\examples\builtin-fetch--tool.c builtin-fetch--tool.c
     uninitvar(CppCheck) \git-master\fast-import.c fast-import.c 2917
     nullPointer(CppCheck) \git-master\line-log.c line-log.c 638
     nullPointer(CppCheck) \git-master\mailmap.c mailmap.c 156
     uninitvar(CppCheck) \git-master\merge-recursive.c
merge-recursive.c 1887
     uninitvar(CppCheck) \git-master\notes.c notes.c 805
     uninitvar(CppCheck) \git-master\notes.c notes.c 805
     deallocret(CppCheck) \git-master\pretty.c pretty.c 677
     resourceLeak(CppCheck) \git-master\refs.c refs.c 3041
     doubleFree(CppCheck) \git-master\sequencer.c sequencer.c 924
     nullPointer(CppCheck) \git-master\sha1_file.c sha1_file.c 125
     doubleFree(CppCheck) \git-master\shell.c shell.c 130

To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to