I agree that different analyzers will probably catch different things and so
using multiple ones is a good idea. I haven't tried sparse before.
As for the findings I sent you all of them. The ones marked as errors are the
most useful ones. By providing all the findings, I did probably make too much
noise for you. So I have just the errors following this email so you can better
see them (some of the warnings and style findings are useful too, but have to
be vetted more). There are mostly two classes of errors that in the net-snmp
code, one is leaks and the other is the possible null pointer dereference (I
looked at one of these, basically it has a point in that the pointer was
dereferenced and used then is later checked for null, so either there's a
problem when it was used first or the check for null is not needed).
[net-snmp\agent\object_monitor.c:130]: (error) Possible null pointer
dereference: monitored_objects - otherwise it is redundant to check if
monitored_objects is null at line 128
[net-snmp\agent\object_monitor.c:131]: (error) Possible null pointer
dereference: monitored_objects - otherwise it is redundant to check if
monitored_objects is null at line 128
[net-snmp\agent\helpers\table_container.c:300]: (error) Possible null pointer
dereference: tad - otherwise it is redundant to check if tad is null at line 304
[net-snmp\agent\helpers\table_data.c:557]: (error) Possible null pointer
dereference: row - otherwise it is redundant to check if row is null at line 567
[net-snmp\agent\helpers\table_data.c:558]: (error) Possible null pointer
dereference: row - otherwise it is redundant to check if row is null at line 567
[net-snmp\agent\mibgroup\util_funcs.c:211]: (error) Resource leak: fd
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:672]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 669
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:673]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 669
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:674]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 669
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:681]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 678
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:682]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 678
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:694]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 691
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:695]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 691
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:696]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 691
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:703]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 700
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:704]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 700
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:705]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 700
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:712]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 709
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:713]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 709
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:714]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 709
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:721]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 718
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:722]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 718
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:723]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 718
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:730]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 727
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:731]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 727
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:732]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 727
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:739]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 736
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:740]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 736
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:741]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 736
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:748]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 745
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:749]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 745
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:761]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 758
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:762]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 758
[net-snmp\agent\mibgroup\Rmon\alarmTable.c:763]: (error) Possible null pointer
dereference: table_entry - otherwise it is redundant to check if table_entry is
null at line 758
[net-snmp\agent\mibgroup\agent\extend.c:409]: (error) Possible null pointer
dereference: ereg - otherwise it is redundant to check if ereg is null at line
391
[net-snmp\agent\mibgroup\agent\extend.c:589]: (error) Invalid number of
character ({) when these macros are defined: 'NETSNMP_NO_WRITE_SUPPORT'.
[net-snmp\agent\mibgroup\disman\mteEventTable.c:313]: (error) Possible null
pointer dereference: no - otherwise it is redundant to check if no is null at
line 316
[net-snmp\agent\mibgroup\disman\expr\expExpression.c:307]: (error) Possible
null pointer dereference: entry - otherwise it is redundant to check if entry
is null at line 308
[net-snmp\agent\mibgroup\disman\expression\expValueTable.c:632]: (error) Memory
leak: result
[net-snmp\agent\mibgroup\disman\expression\expValueTable.c:632]: (error) Memory
leak: temp
[net-snmp\agent\mibgroup\disman\ping\pingCtlTable.c:1896]: (error) Memory leak:
packet
[net-snmp\agent\mibgroup\disman\ping\pingCtlTable.c:1977]: (error) Memory leak:
ai
[net-snmp\agent\mibgroup\hardware\memory\memory_linux.c:49]: (error) Resource
leak: statfd
[net-snmp\agent\mibgroup\host\hr_system.c:494]: (error) Resource leak: fd
[net-snmp\agent\mibgroup\host\data_access\swinst_apt.c:98]: (error) Mismatching
allocation and deallocation: p
[net-snmp\agent\mibgroup\if-mib\data_access\interface_linux.c:586]: (error)
Resource leak: devin
[net-snmp\agent\mibgroup\mibII\mta_sendmail.c:993]: (error) Resource leak:
sendmailcf_fp
[net-snmp\agent\mibgroup\mibII\vacm_vars.c:1225]: (error) Uninitialized
variable: newGroupName
[net-snmp\agent\mibgroup\mibII\vacm_vars.c:1226]: (error) Uninitialized
variable: newContextPrefix
[net-snmp\agent\mibgroup\sctp-mib\sctpScalars_linux.c:38]: (error) Resource
leak: f
[net-snmp\agent\mibgroup\sctp-mib\sctpScalars_linux.c:144]: (error) Resource
leak: f
[net-snmp\agent\mibgroup\smux\smux.c:145]: (error) Memory leak:
aptrata_get.c:151]: (error) Possible null pointer dereference: user - otherwise
it is redundant to check if user is null at line 157
[net-snmp\agent\mibgroup\snmp-usm-dh-objects-mib\usmDHUserKeyTable\usmDHUserKeyTable_data_get.c:152]:
(error) Possible null pointer dereference: user - otherwise it is redundant to
check if user is null at line 157
[net-snmp\agent\mibgroup\tlstm-mib\snmpTlstmAddrTable\snmpTlstmAddrTable.c:519]:
(error) Possible null pointer dereference: table_entry - otherwise it is
redundant to check if table_entry is null at line 513
[net-snmp\agent\mibgroup\tlstm-mib\snmpTlstmParamsTable\snmpTlstmParamsTable.c:669]:
(error) Possible null pointer dereference: table_entry - otherwise it is
redundant to check if table_entry is null at line 663
[net-snmp\agent\mibgroup\ucd-snmp\dlmod.c:237]: (error) Memory leak: dlm
[net-snmp\agent\mibgroup\ucd-snmp\lmSensors.c:391]: (error) Uninitialized
variable: res
[net-snmp\agent\mibgroup\ucd-snmp\proxy.c:160]: (error) Memory leak: newp
[net-snmp\agent\mibgroup\ucd-snmp\vmstat_linux.c:258]: (error) Common realloc
mistake: 'vmbuff' nulled but not freed upon failure
[net-snmp\apps\agentxtrap.c:441]: (error) Allocation with strdup, putenv
doesn't release it.
[net-snmp\apps\snmpdf.c:183]: (error) Possible null pointer dereference:
response - otherwise it is redundant to check if response is null at line 173
[net-snmp\apps\snmpset.c:132]: (error) Allocation with strdup, putenv doesn't
release it.
[net-snmp\apps\snmptable.c:453]: (error) Memory leak: index_fmt
[net-snmp\apps\snmptrap.c:143]: (error) Allocation with strdup, putenv doesn't
release it.
[net-snmp\apps\snmptrapd_handlers.c:102]: (error) Memory leak: format
[net-snmp\apps\snmptrapd_handlers.c:189]: (error) Memory leak: format
[net-snmp\apps\snmptrapd_handlers.c:798]: (error) Possible null pointer
dereference: handler - otherwise it is redundant to check if handler is null at
line 799
[net-snmp\apps\snmptrapd_log.c:1030]: (error) Memory leak: temp_buf
[net-snmp\snmplib\cert_util.c:2217]: (error) Dangerous usage of 'dir' (strncpy
doesn't always 0-terminate it)
[net-snmp\snmplib\inet_ntop.c:113]: (error) Uninitialized variable: tmp
[net-snmp\snmplib\parse.c:2396]: (error) Memory leak: descr
[net-snmp\snmplib\read_config.c:779]: (error) Resource leak: ifile
[net-snmp\snmplib\snmp_client.c:535]: (error) Memory leak: newpdu
[net-snmp\snmplib\snmp_client.c:581]: (error) Memory leak: newpdu
[net-snmp\snmplib\snmp_parse_args.c:346]: (error) Memory leak: tmpopt
[net-snmp\snmplib\system.c:863]: (error) Memory leak: cp
[net-snmp\snmplib\transports\snmpDTLSUDPDomain.c:1676]: (error) Memory leak:
buffer
[net-snmp\snmplib\transports\snmpDTLSUDPDomain.c:1761]: (error) Memory leak:
buffer
[net-snmp\testing\fulltests\unit-tests\T001defaultstore_clib.c:7]: (error)
syntax error
[net-snmp\testing\fulltests\unit-tests\T007inet_pton_clib.c:21]: (error) syntax
error
[net-snmp\testing\fulltests\unit-tests\T008asn1_clib.c:53]: (error) syntax error
[email protected] wrote: -----
To: Bart Van Assche <[email protected]>
From: Dave Shield <[email protected]>
Sent by: [email protected]
Date: 04/18/2011 05:43AM
Cc: [email protected], [email protected]
Subject: Re: static analysis findings and use of reserved words
On 18 April 2011 11:26, Bart Van Assche <[email protected]> wrote:
> Any idea how CppCheck compares to sparse and which one would be suited best
> for analyzing Net-SNMP ?
In principle, I don't see why this needs to be either/or.
Surely we should aim for the code to pass *any* code checker?
Different checkers are likely to pick up on different problems,
so if the code is validated against multiple checkers, we're
going to end up with a more solid product overall.
However, following a quick skim through the first few errors reported
by CppCheck, I'm somewhat less convinced about how useful this is
likely to be in practise.
Most of the error reports I looked at are complaining about missing
header files (which are definitely present in the code tree), or suggestions
about reducing the scope of variable definitions (which is of limited
benefit). It also seems to get confused by the heavy use of #ifdefs
within our code.
There may well be some useful stuff here (e.g 'lookup_cache' in
agent_registry.c), but there seems to be an awful lot of noise.
Dave
------------------------------------------------------------------------------
Benefiting from Server Virtualization: Beyond Initial Workload
Consolidation -- Increasing the use of server virtualization is a top
priority.Virtualization can reduce costs, simplify management, and improve
application availability and disaster protection. Learn more about boosting
the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
