Hi Allan, Thanks for the feedback!
2009/5/4 Allan K Pratt <[email protected]>: > This caught my eye because my primary project is Rational PurifyPlus, > another bug-finding tool for C and C++ code. > > I recommend reviewing these patches carefully. This bug-finding tool > (www.emn.fr/x-info/coccinelle) appears to have limitations in its > analysis. It seems to be reporting a false positive. Of course, I wouldn't expect any patches to be applied without thorough analysis. Besides, it is not Coccinelle that generates false positives (as I would imagine all static code analyzers do from time to time), it was my semantic patch that failed to eliminate that case. I will be more careful in the future. > In use_after_free.patch, Sune Rievers proposes removing the call to > "OPENSSL_free(header)" from inside the loop. Presumably the bug-finding > tool saw that "header" is used outside the loop and is freed later > anyway______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
