On Tue, 17 Apr 2012, Lubomír Sedlář wrote:
I would like to ask if any static analysis tool was ever used to detect
possible problems in OpenSSL source code. Is some tool used regularly?
I tried running Clang Static Analyzer [1] on the source of OpenSSL.
Julia Lawall a écrit :
A few years ago
On Fri, 20 Apr 2012, Jean-Marc Desperrier wrote:
On Tue, 17 Apr 2012, Lubomír Sedlář wrote:
I would like to ask if any static analysis tool was ever used to detect
possible problems in OpenSSL source code. Is some tool used regularly?
I tried running Clang Static Analyzer [1] on the source
On Tue, Apr 17, 2012 at 9:46 PM, Lubomír Sedlář lubomir.sed...@gmail.comwrote:
Hello,
I would like to ask if any static analysis tool was ever used to detect
possible problems in OpenSSL source code. Is some tool used regularly?
I tried running Clang Static Analyzer [1] on the source
On Fri, Apr 20, 2012 at 4:53 PM, Jean-Marc Desperrier jmd...@free.frwrote:
On Tue, 17 Apr 2012, Lubomír Sedlář wrote:
I would like to ask if any static analysis tool was ever used to detect
possible problems in OpenSSL source code. Is some tool used regularly?
I tried running Clang Static
On Tue, Apr 17, 2012, Lubomr Sedl?? wrote:
Some examples follow:
http://www.fi.muni.cz/~xsedlar3/openssl-analysis/report-JxXj0g.html#EndPath
The variable 'al' is never read. The goto should probably jump to
'f_err' in order not to lose the alert.
2010, Valencia,
Spain, April 2010
http://coccinelle.lip6.fr/papers/edcc10.pdf
julia
On Tue, 17 Apr 2012, Lubomír Sedlář wrote:
Hello,
I would like to ask if any static analysis tool was ever used to detect
possible problems in OpenSSL source code. Is some tool used regularly?
I tried running
Hello,
I would like to ask if any static analysis tool was ever used to detect
possible problems in OpenSSL source code. Is some tool used regularly?
I tried running Clang Static Analyzer [1] on the source of OpenSSL. It
found 222 possible bugs. You can see the full list here [2]. At least
65
