subject:"Using static analysis to find \(potential\) bugs"

Re: Using static analysis to find (potential) bugs

2023-10-11 Thread Daniel Appiagyei

> if CONFIG_DEBUG_ASSERTIONS then __assert() is called.  __assert() is a
no-return function.  In that case, it is impossible to reach the code
that uses the pointer.

The usages of the pointers occur before DEBUGASSERT() is called:

Bug 1-3
:
'info' and 'stcb' are dereferenced on L331 whereas the DEBUGASSERT is L336
 Bug 6
:
'dev' is dereferenced on L169 whereas the DEBUGASSERT() is on L171
Bug 7
:
'tcb' is dereferenced on L91 whereas DEBUGASSERT() is on L99

On Tue, Oct 10, 2023 at 8:27 PM Xiang Xiao 
wrote:

> There are patch to integrate the CodeChecker into ci:
> https://github.com/apache/nuttx/pull/7114
> https://github.com/apache/nuttx/pull/7090
> you can follow them for cppcheck too.
> The hard problem is that tools normally report many false alarms which make
> it impractical to enable the check in ci/cd.
>
> On Wed, Oct 11, 2023 at 2:34 AM Daniel Appiagyei
>  wrote:
>
> > Hey,
> > I was running the [cppcheck](https://cppcheck.sourceforge.io/) static
> > analysis tool, found a few potential bugs, and wrote the following to
> share
> > how tools like this can help us ensure the integrity of our code. The
> > following are some bugs found. If anyone is interested in running
> cppcheck
> > on their project, scroll to the bottom for a HOW-TO. Is using a static
> > analysis tool like this something we'd be interested in adding to ci/cd?
> >
> > *The following were found in NuttX 12.2.1*
> > ## Null pointer dereference
> >  1: sched/signal/sig_dispatch.c:325
> > ```
> > src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: warning: Either the
> > condition 'info!=NULL' is redundant or there is possible null pointer
> > dereference: info. [nullPointerRedundantCheck]
> > stcb, stcb->pid, info->si_signo, info->si_code,
> >
> >
> >  ^
> >
> >
> > src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
> > condition 'info!=NULL' is not redundant
> >
> >   DEBUGASSERT(stcb != NULL && info != NULL);
> >
> >
> >^
> >
> >
> > src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: note: Null pointer
> > dereference
> >
> > stcb, stcb->pid, info->si_signo, info->si_code,
> >
> >
> >  ^
> >
> >
> > ```
> >
> >   2: sched/signal/sig_dispatch.c:326
> > ```
> > src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: warning: Either the
> > condition 'info!=NULL' is redundant or there is possible null pointer
> > dereference: info. [nullPointerRedundantCheck]
> > info->si_value.sival_int,
> >
> >
> > ^
> > src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
> > condition 'info!=NULL' is not redundant
> >   DEBUGASSERT(stcb != NULL && info != NULL);
> >^
> > src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: note: Null pointer
> > dereference
> > info->si_value.sival_int,
> > ^
> > ```
> >
> >  3: sched/signal/sig_dispatch.c:327
> > ```
> > src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: warning: Either the
> > condition 'info!=NULL' is redundant or there is possible null pointer
> > dereference: info. [nullPointerRedundantCheck]
> > sigismember(>sigprocmask, info->si_signo) == 1 ? "YES" :
> > "NO");
> > ^
> > src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
> > condition 'info!=NULL' is not redundant
> >   DEBUGASSERT(stcb != NULL && info != NULL);
> >^
> > src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: note: Null pointer
> > dereference
> > sigismember(>sigprocmask, info->si_signo) == 1 ? "YES" :
> > "NO");
> > ^
> > ```
> >
> >  4: src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42
> > ```
> > src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42:36: error: Null pointer
> > dereference [nullPointer]
> >
> >   return mbsrtowcs(dst, , len, NULL);
> >
> >
> >^
> > ```
> >
> >  5: nuttx/libs/libc/stdlib/lib_wcstombs.c:38
> > ```
> > src/deps/nuttx/libs/libc/stdlib/lib_wcstombs.c:38:36: error: Null pointer
> > dereference [nullPointer]
> >   return wcsrtombs(dst, , len, NULL);
> > ```
> >
> >  6: drivers/net/netdev_upperhalf.c:168
> > ```
> > src/deps/nuttx/drivers/net/netdev_upperhalf.c:168:42: warning: Either the
> > condition 'dev' is redundant or there is possible null pointer
> dereference:
> > dev. [nullPointerRedundantCheck]
> >   FAR struct netdev_upperhalf_s *upper = dev->d_private;
> >  ^
> > src/deps/nuttx/drivers/net/netdev_upperhalf.c:170:15: note: Assuming that
> > condition 'dev' is not redundant
> >   DEBUGASSERT(dev && pkt);
> >

Re: Using static analysis to find (potential) bugs

2023-10-10 Thread Xiang Xiao

There are patch to integrate the CodeChecker into ci:
https://github.com/apache/nuttx/pull/7114
https://github.com/apache/nuttx/pull/7090
you can follow them for cppcheck too.
The hard problem is that tools normally report many false alarms which make
it impractical to enable the check in ci/cd.

On Wed, Oct 11, 2023 at 2:34 AM Daniel Appiagyei
 wrote:

> Hey,
> I was running the [cppcheck](https://cppcheck.sourceforge.io/) static
> analysis tool, found a few potential bugs, and wrote the following to share
> how tools like this can help us ensure the integrity of our code. The
> following are some bugs found. If anyone is interested in running cppcheck
> on their project, scroll to the bottom for a HOW-TO. Is using a static
> analysis tool like this something we'd be interested in adding to ci/cd?
>
> *The following were found in NuttX 12.2.1*
> ## Null pointer dereference
>  1: sched/signal/sig_dispatch.c:325
> ```
> src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: warning: Either the
> condition 'info!=NULL' is redundant or there is possible null pointer
> dereference: info. [nullPointerRedundantCheck]
> stcb, stcb->pid, info->si_signo, info->si_code,
>
>
>  ^
>
>
> src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
> condition 'info!=NULL' is not redundant
>
>   DEBUGASSERT(stcb != NULL && info != NULL);
>
>
>^
>
>
> src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: note: Null pointer
> dereference
>
> stcb, stcb->pid, info->si_signo, info->si_code,
>
>
>  ^
>
>
> ```
>
>   2: sched/signal/sig_dispatch.c:326
> ```
> src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: warning: Either the
> condition 'info!=NULL' is redundant or there is possible null pointer
> dereference: info. [nullPointerRedundantCheck]
> info->si_value.sival_int,
>
>
> ^
> src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
> condition 'info!=NULL' is not redundant
>   DEBUGASSERT(stcb != NULL && info != NULL);
>^
> src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: note: Null pointer
> dereference
> info->si_value.sival_int,
> ^
> ```
>
>  3: sched/signal/sig_dispatch.c:327
> ```
> src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: warning: Either the
> condition 'info!=NULL' is redundant or there is possible null pointer
> dereference: info. [nullPointerRedundantCheck]
> sigismember(>sigprocmask, info->si_signo) == 1 ? "YES" :
> "NO");
> ^
> src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
> condition 'info!=NULL' is not redundant
>   DEBUGASSERT(stcb != NULL && info != NULL);
>^
> src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: note: Null pointer
> dereference
> sigismember(>sigprocmask, info->si_signo) == 1 ? "YES" :
> "NO");
> ^
> ```
>
>  4: src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42
> ```
> src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42:36: error: Null pointer
> dereference [nullPointer]
>
>   return mbsrtowcs(dst, , len, NULL);
>
>
>^
> ```
>
>  5: nuttx/libs/libc/stdlib/lib_wcstombs.c:38
> ```
> src/deps/nuttx/libs/libc/stdlib/lib_wcstombs.c:38:36: error: Null pointer
> dereference [nullPointer]
>   return wcsrtombs(dst, , len, NULL);
> ```
>
>  6: drivers/net/netdev_upperhalf.c:168
> ```
> src/deps/nuttx/drivers/net/netdev_upperhalf.c:168:42: warning: Either the
> condition 'dev' is redundant or there is possible null pointer dereference:
> dev. [nullPointerRedundantCheck]
>   FAR struct netdev_upperhalf_s *upper = dev->d_private;
>  ^
> src/deps/nuttx/drivers/net/netdev_upperhalf.c:170:15: note: Assuming that
> condition 'dev' is not redundant
>   DEBUGASSERT(dev && pkt);
>   ^
> src/deps/nuttx/drivers/net/netdev_upperhalf.c:168:42: note: Null pointer
> dereference
>   FAR struct netdev_upperhalf_s *upper = dev->d_private;
>  ^
> ```
>
>  7: sched/task/task_init.c:90
> ```
> src/deps/nuttx/sched/task/task_init.c:90:19: warning: Either the condition
> 'tcb' is redundant or there is possible null pointer dereference: tcb.
> [nullPointerRedundantCheck]
>   uint8_t ttype = tcb->cmn.flags & TCB_FLAG_TTYPE_MASK;
>   ^
> src/deps/nuttx/sched/task/task_init.c:96:15: note: Assuming that condition
> 'tcb' is not redundant
>   DEBUGASSERT(tcb && ttype != TCB_FLAG_TTYPE_PTHREAD);
>   ^
> ```
>
> ## Signed integer overflow
> The [C standard](
>
> https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Integer-Overflow-Basics.html
> )
> treats _signed_ integer overflow as undefined behavior.
>  8: arch/arm/src/armv7-m/arm_fpuconfig.c:75
> ```
>

Re: Using static analysis to find (potential) bugs

2023-10-10 Thread Gregory Nutt

I'm not the right guy to talk about CI,but I believe that every modified 
C file is run through Lint.  If you have questions, I am sure someone 
else can expound.


On 10/10/2023 12:33 PM, Daniel Appiagyei wrote:

Hey,
I was running the [cppcheck](https://cppcheck.sourceforge.io/) static
analysis tool, found a few potential bugs, and wrote the following to share
how tools like this can help us ensure the integrity of our code. The
following are some bugs found. If anyone is interested in running cppcheck
on their project, scroll to the bottom for a HOW-TO. Is using a static
analysis tool like this something we'd be interested in adding to ci/cd?

*The following were found in NuttX 12.2.1*
## Null pointer dereference
 1: sched/signal/sig_dispatch.c:325
```
src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: warning: Either the
condition 'info!=NULL' is redundant or there is possible null pointer
dereference: info. [nullPointerRedundantCheck]
 stcb, stcb->pid, info->si_signo, info->si_code,


  ^


src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
condition 'info!=NULL' is not redundant

   DEBUGASSERT(stcb != NULL && info != NULL);


^


src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: note: Null pointer
dereference

 stcb, stcb->pid, info->si_signo, info->si_code,


  ^


```

  2: sched/signal/sig_dispatch.c:326
```
src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: warning: Either the
condition 'info!=NULL' is redundant or there is possible null pointer
dereference: info. [nullPointerRedundantCheck]
 info->si_value.sival_int,


 ^
src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
condition 'info!=NULL' is not redundant
   DEBUGASSERT(stcb != NULL && info != NULL);
^
src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: note: Null pointer
dereference
 info->si_value.sival_int,
 ^
```

 3: sched/signal/sig_dispatch.c:327
```
src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: warning: Either the
condition 'info!=NULL' is redundant or there is possible null pointer
dereference: info. [nullPointerRedundantCheck]
 sigismember(>sigprocmask, info->si_signo) == 1 ? "YES" :
"NO");
 ^
src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
condition 'info!=NULL' is not redundant
   DEBUGASSERT(stcb != NULL && info != NULL);
^
src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: note: Null pointer
dereference
 sigismember(>sigprocmask, info->si_signo) == 1 ? "YES" :
"NO");
 ^
```

 4: src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42
```
src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42:36: error: Null pointer
dereference [nullPointer]

   return mbsrtowcs(dst, , len, NULL);


^
```

 5: nuttx/libs/libc/stdlib/lib_wcstombs.c:38
```
src/deps/nuttx/libs/libc/stdlib/lib_wcstombs.c:38:36: error: Null pointer
dereference [nullPointer]
   return wcsrtombs(dst, , len, NULL);
```

 6: drivers/net/netdev_upperhalf.c:168
```
src/deps/nuttx/drivers/net/netdev_upperhalf.c:168:42: warning: Either the
condition 'dev' is redundant or there is possible null pointer dereference:
dev. [nullPointerRedundantCheck]
   FAR struct netdev_upperhalf_s *upper = dev->d_private;
  ^
src/deps/nuttx/drivers/net/netdev_upperhalf.c:170:15: note: Assuming that
condition 'dev' is not redundant
   DEBUGASSERT(dev && pkt);
   ^
src/deps/nuttx/drivers/net/netdev_upperhalf.c:168:42: note: Null pointer
dereference
   FAR struct netdev_upperhalf_s *upper = dev->d_private;
  ^
```

 7: sched/task/task_init.c:90
```
src/deps/nuttx/sched/task/task_init.c:90:19: warning: Either the condition
'tcb' is redundant or there is possible null pointer dereference: tcb.
[nullPointerRedundantCheck]
   uint8_t ttype = tcb->cmn.flags & TCB_FLAG_TTYPE_MASK;
   ^
src/deps/nuttx/sched/task/task_init.c:96:15: note: Assuming that condition
'tcb' is not redundant
   DEBUGASSERT(tcb && ttype != TCB_FLAG_TTYPE_PTHREAD);
   ^
```

## Signed integer overflow
The [C standard](
https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Integer-Overflow-Basics.html)
treats _signed_ integer overflow as undefined behavior.
 8: arch/arm/src/armv7-m/arm_fpuconfig.c:75
```
src/deps/nuttx/arch/arm/src/armv7-m/arm_fpuconfig.c:75:15: error: Signed
integer overflow for expression '1<<31'. [integerOverflow]

   regval &= ~(NVIC_FPCCR_ASPEN | NVIC_FPCCR_LSPEN);
```

 9: arch/arm/src/armv7-m/arm_hardfault.c:169
```
src/deps/nuttx/arch/arm/src/armv7-m/arm_hardfault.c:169:19: error: Signed
integer overflow for expression '1<<31'. [integerOverflow]

Re: Using static analysis to find (potential) bugs

2023-10-10 Thread Gregory Nutt


These reports with regard to DEBUGASSERT have been reported before.

DEBUGASSERT is defined in a ccouple of ways.  Here is one way:

   do  \
    { \
  if (predict_false(!(f)))    \
    __assert(__ASSERT_FILE__, \
 __ASSERT_LINE__, 0); \
    } \
  while (0)
   #endif

   #ifdef CONFIG_DEBUG_ASSERTIONS
   #  define DEBUGPANIC()   PANIC()
   #  define DEBUGASSERT(f) ASSERT(f)
   #  define DEBUGVERIFY(f) VERIFY(f)
   #else
   #  define DEBUGPANIC()
   #  define DEBUGASSERT(f) ((void)(1 || (f)))
   #  define DEBUGVERIFY(f) ((void)(f))
   #endif

if CONFIG_DEBUG_ASSERTIONS  is not defined, then there is no test for 
NULL pointers, so this is not the case the tool is complaining about.


if CONFIG_DEBUG_ASSERTIONS then __assert() is called.  __assert() is a 
no-return function.  In that case, it is impossible to reach the code 
that uses the pointer.


So the tool is wrong.  I suspect that it is wrong because it does not 
understand no-return functions.  At any rate, no code change is appropriate.


On 10/10/2023 12:33 PM, Daniel Appiagyei wrote:

Hey,
I was running the [cppcheck](https://cppcheck.sourceforge.io/) static
analysis tool, found a few potential bugs, and wrote the following to share
how tools like this can help us ensure the integrity of our code. The
following are some bugs found. If anyone is interested in running cppcheck
on their project, scroll to the bottom for a HOW-TO. Is using a static
analysis tool like this something we'd be interested in adding to ci/cd?

*The following were found in NuttX 12.2.1*
## Null pointer dereference
 1: sched/signal/sig_dispatch.c:325
```
src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: warning: Either the
condition 'info!=NULL' is redundant or there is possible null pointer
dereference: info. [nullPointerRedundantCheck]
 stcb, stcb->pid, info->si_signo, info->si_code,


  ^


src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
condition 'info!=NULL' is not redundant

   DEBUGASSERT(stcb != NULL && info != NULL);


^


src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: note: Null pointer
dereference

 stcb, stcb->pid, info->si_signo, info->si_code,


  ^


```

  2: sched/signal/sig_dispatch.c:326
```
src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: warning: Either the
condition 'info!=NULL' is redundant or there is possible null pointer
dereference: info. [nullPointerRedundantCheck]
 info->si_value.sival_int,


 ^
src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
condition 'info!=NULL' is not redundant
   DEBUGASSERT(stcb != NULL && info != NULL);
^
src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: note: Null pointer
dereference
 info->si_value.sival_int,
 ^
```

 3: sched/signal/sig_dispatch.c:327
```
src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: warning: Either the
condition 'info!=NULL' is redundant or there is possible null pointer
dereference: info. [nullPointerRedundantCheck]
 sigismember(>sigprocmask, info->si_signo) == 1 ? "YES" :
"NO");
 ^
src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
condition 'info!=NULL' is not redundant
   DEBUGASSERT(stcb != NULL && info != NULL);
^
src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: note: Null pointer
dereference
 sigismember(>sigprocmask, info->si_signo) == 1 ? "YES" :
"NO");
 ^
```

 4: src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42
```
src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42:36: error: Null pointer
dereference [nullPointer]

   return mbsrtowcs(dst, , len, NULL);


^
```

 5: nuttx/libs/libc/stdlib/lib_wcstombs.c:38
```
src/deps/nuttx/libs/libc/stdlib/lib_wcstombs.c:38:36: error: Null pointer
dereference [nullPointer]
   return wcsrtombs(dst, , len, NULL);
```

 6: drivers/net/netdev_upperhalf.c:168
```
src/deps/nuttx/drivers/net/netdev_upperhalf.c:168:42: warning: Either the
condition 'dev' is redundant or there is possible null pointer dereference:
dev. [nullPointerRedundantCheck]
   FAR struct netdev_upperhalf_s *upper = dev->d_private;
  ^
src/deps/nuttx/drivers/net/netdev_upperhalf.c:170:15: note: Assuming that
condition 'dev' is not redundant
   DEBUGASSERT(dev && pkt);
   ^
src/deps/nuttx/drivers/net/netdev_upperhalf.c:168:42: note: Null pointer
dereference
   FAR struct netdev_upperhalf_s *upper = dev->d_private;
  ^
```

 7: sched/task/task_init.c:90
```

Using static analysis to find (potential) bugs

2023-10-10 Thread Daniel Appiagyei

Hey,
I was running the [cppcheck](https://cppcheck.sourceforge.io/) static
analysis tool, found a few potential bugs, and wrote the following to share
how tools like this can help us ensure the integrity of our code. The
following are some bugs found. If anyone is interested in running cppcheck
on their project, scroll to the bottom for a HOW-TO. Is using a static
analysis tool like this something we'd be interested in adding to ci/cd?

*The following were found in NuttX 12.2.1*
## Null pointer dereference
 1: sched/signal/sig_dispatch.c:325
```
src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: warning: Either the
condition 'info!=NULL' is redundant or there is possible null pointer
dereference: info. [nullPointerRedundantCheck]
stcb, stcb->pid, info->si_signo, info->si_code,


 ^


src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
condition 'info!=NULL' is not redundant

  DEBUGASSERT(stcb != NULL && info != NULL);


   ^


src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: note: Null pointer
dereference

stcb, stcb->pid, info->si_signo, info->si_code,


 ^


```

  2: sched/signal/sig_dispatch.c:326
```
src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: warning: Either the
condition 'info!=NULL' is redundant or there is possible null pointer
dereference: info. [nullPointerRedundantCheck]
info->si_value.sival_int,


^
src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
condition 'info!=NULL' is not redundant
  DEBUGASSERT(stcb != NULL && info != NULL);
   ^
src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: note: Null pointer
dereference
info->si_value.sival_int,
^
```

 3: sched/signal/sig_dispatch.c:327
```
src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: warning: Either the
condition 'info!=NULL' is redundant or there is possible null pointer
dereference: info. [nullPointerRedundantCheck]
sigismember(>sigprocmask, info->si_signo) == 1 ? "YES" :
"NO");
^
src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that
condition 'info!=NULL' is not redundant
  DEBUGASSERT(stcb != NULL && info != NULL);
   ^
src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: note: Null pointer
dereference
sigismember(>sigprocmask, info->si_signo) == 1 ? "YES" :
"NO");
^
```

 4: src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42
```
src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42:36: error: Null pointer
dereference [nullPointer]

  return mbsrtowcs(dst, , len, NULL);


   ^
```

 5: nuttx/libs/libc/stdlib/lib_wcstombs.c:38
```
src/deps/nuttx/libs/libc/stdlib/lib_wcstombs.c:38:36: error: Null pointer
dereference [nullPointer]
  return wcsrtombs(dst, , len, NULL);
```

 6: drivers/net/netdev_upperhalf.c:168
```
src/deps/nuttx/drivers/net/netdev_upperhalf.c:168:42: warning: Either the
condition 'dev' is redundant or there is possible null pointer dereference:
dev. [nullPointerRedundantCheck]
  FAR struct netdev_upperhalf_s *upper = dev->d_private;
 ^
src/deps/nuttx/drivers/net/netdev_upperhalf.c:170:15: note: Assuming that
condition 'dev' is not redundant
  DEBUGASSERT(dev && pkt);
  ^
src/deps/nuttx/drivers/net/netdev_upperhalf.c:168:42: note: Null pointer
dereference
  FAR struct netdev_upperhalf_s *upper = dev->d_private;
 ^
```

 7: sched/task/task_init.c:90
```
src/deps/nuttx/sched/task/task_init.c:90:19: warning: Either the condition
'tcb' is redundant or there is possible null pointer dereference: tcb.
[nullPointerRedundantCheck]
  uint8_t ttype = tcb->cmn.flags & TCB_FLAG_TTYPE_MASK;
  ^
src/deps/nuttx/sched/task/task_init.c:96:15: note: Assuming that condition
'tcb' is not redundant
  DEBUGASSERT(tcb && ttype != TCB_FLAG_TTYPE_PTHREAD);
  ^
```

## Signed integer overflow
The [C standard](
https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Integer-Overflow-Basics.html)
treats _signed_ integer overflow as undefined behavior.
 8: arch/arm/src/armv7-m/arm_fpuconfig.c:75
```
src/deps/nuttx/arch/arm/src/armv7-m/arm_fpuconfig.c:75:15: error: Signed
integer overflow for expression '1<<31'. [integerOverflow]

  regval &= ~(NVIC_FPCCR_ASPEN | NVIC_FPCCR_LSPEN);
```

 9: arch/arm/src/armv7-m/arm_hardfault.c:169
```
src/deps/nuttx/arch/arm/src/armv7-m/arm_hardfault.c:169:19: error: Signed
integer overflow for expression '1<<31'. [integerOverflow]
  else if (hfsr & NVIC_HFAULTS_DEBUGEVT)
```

## Buffer Overflow
 10: nuttx/tools/mkdeps.c:795
```
src/deps/nuttx/tools/mkdeps.c:795:12: warning: Either the condition
'cmdlen>=10240' is redundant or the array 'g_command[10240]' is accessed at
index

Re: Using static analysis to find (potential) bugs

Re: Using static analysis to find (potential) bugs

Re: Using static analysis to find (potential) bugs

Re: Using static analysis to find (potential) bugs

Using static analysis to find (potential) bugs

5 matches

Site Navigation

Mail list logo

Footer information