Hello, I would like to ask if any static analysis tool was ever used to detect possible problems in OpenSSL source code. Is some tool used regularly?
I tried running Clang Static Analyzer [1] on the source of OpenSSL. It found 222 possible "bugs". You can see the full list here [2]. At least 65 of them are false positives. Most of the ones that seem valid to me are classified as Dead Code. However, even some dead assignments look like real problems. Some examples follow: http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-JxXj0g.html#EndPath The variable 'al' is never read. The goto should probably jump to 'f_err' in order not to lose the alert. http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-6OKYC8.html#EndPath The assignment to 'ret' is either useless or goto should jump to 'err'. http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-117dnV.html#EndPath http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-rT4fgM.html#EndPath Duplicit assignment to 'ret' and 'saved_state.epoch', respectively. http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-xy1iZT.html#EndPath 'qbits' gets assigned the same value in following condition again. http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-IG0Qez.html#EndPath The 'E', 'e', 'G', 'g' cases don't seem to do anything. Is there some missing functionality? http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-euj1zH.html#EndPath Default port is assigned twice, on line 234. Would you be interested in some patches? How and where should I submit them? Regards, Lubomír Sedlář [1]: http://clang-analyzer.llvm.org/ [2]: http://www.fi.muni.cz/~xsedlar3/openssl-analysis/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
