Hi silvioprog, One of the issues was clearly real (fixed in Git), the other three I don't get. Looking at the code, the flag can clearly go in either direction, and the incremented dest pointer cannot be NULL (was checked just a few lines above).
Regardless, running such tools is always a good idea and generally helpful, so I would definitively appreciate a full run and reports (or patches, if the reports turn out to be well-founded). Happy hacking! Christian On 01/31/2018 11:30 PM, silvioprog wrote: > Hi dudes. > > PVS-Studio [1] <https://www.viva64.com/en/pvs-studio> is a Russian tool > (Windows/Linux) for bug detection in the source code of programs written > in C/C++. > > The tool have been issued bugs in many popular projects like LLVM/GCC, > cURL, OpenSSL, Doxygen, OpenCV, GTK, glibc, tor etc. The full list is > available at PVS-Studio's inspections page [2] > <https://www.viva64.com/en/inspections>. It has helped the authors to > fix the reported issues [3] > <https://github.com/curl/curl/search?q=pvs&type=Issues>. > > I have been using the free version of PVS-Studio for analyzing open > source projects I use, then it reported issues [4] > <https://duallsistemas.com.br/download/pvs_mhd/fullhtml> in "Medium > level" in four MHD files > <https://duallsistemas.com.br/download/pvs_mhd/fullhtml>. The attached > tar.gz contains a few pictures showing the testing result and text files > containing respective links to access each issue explanation. > > If you agree with fixing those issues, I can run a full test in all MHD > files and share all the reported issues (I fix the ones possible for me). > > [1] PVS-Studio page, < https://www.viva64.com/en/pvs-studio > <https://www.viva64.com/en/pvs-studio> > > [2] PVS-Studio inspections, < https://www.viva64.com/en/ > <https://www.viva64.com/en/>inspections > <https://www.viva64.com/en/inspections> > > [3] cURL fixes based on PVS-Studio issuing, > < https://github.com/curl/curl/search?q=pvs&type=Issues > <https://github.com/curl/curl/search?q=pvs&type=Issues> > > [4] first MHD report using PVS-Studio free for open source projects, > < https://duallsistemas.com.br/download/pvs_mhd/fullhtml > <https://duallsistemas.com.br/download/pvs_mhd/fullhtml> > > > -- > Silvio Clécio
signature.asc
Description: OpenPGP digital signature
