Dear Mr Richard, DUMA is not a static analysis tool...its an open source library used to check buffer over-runs and under-runs in C and C++ programs.
http://duma.sourceforge.net/ http://en.wikipedia.org/wiki/Duma_(software) Actually it has been customized in case of the memcpy() with checks for Src = NULL and length = 0. and whever at run-time it encounters, alarm is generated. Since we use a limited set of SQL queries in our project , it has generated a alarm at sqlite3ExprAlloc() [ we are using an old version, soon we ll be upgrading it ]. So, we had a concern for future use such that any case where such condition can occur and also segfault crash can occur if the src=NULL and length !=0. Is the code ensured of the values being passed to memcpy() before with checks for above cases. Also, I have a suggestion of a memcpy_safe wrapper in sqlite3.c which ensures such safety before any memcpy is called. void * memcpy_safe( void *dest, const void *src, int length) { if ( dest !=0 && src != 0 ) return memcpy(dest , src , length ) else return dest } Thanks and Regards, Jitendar Kumar _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
