Here are some results from Clang 3.3 and its scan-build engine on
sqlite-amalgamation32k-201401171527.zip. Its a pretty good analyzer
and it keeps getting better.
The analyzer will perform interprocedural analysis, but only if the
procedures reside within the same translation units. So it will hit on
false positives at times. But I don't think that applies since this is
the amalgamation.
/usr/local/bin/scan-build/ccc-analyzer -g3 -DDEBUG=1 -c sqlite3.c
sqlite3.c:14847:14: warning: Array subscript is undefined
while( sqlite3Isspace(*z) ) z++;
^~~~~~~~~~~~~~~~~~
sqlite3.c:11957:31: note: expanded from macro 'sqlite3Isspace'
# define sqlite3Isspace(x) (sqlite3CtypeMap[(unsigned char)(x)]&0x01)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sqlite3.c:22073:5: warning: Assigned value is garbage or undefined
b = *p;
^ ~~
sqlite3.c:38243:27: warning: Division by zero
unsigned int h = iKey % pCache->nHash;
~~~~~^~~~~~~~~~~~~~~
sqlite3.c:47237:9: warning: Array access (from variable 'aHash')
results in a null pointer dereference
if( aHash[i]>iLimit ){
^~~~~~~~
sqlite3.c:49001:11: warning: Access to field 'pData' results in a
dereference of a null pointer (loaded from variable 'pPage')
pData = pPage->pData;
^~~~~~~~~~~~
sqlite3.c:60438:10: warning: Assigned value is garbage or undefined
r1 = pMem1->r;
^ ~~~~~~~~
sqlite3.c:61172:15: warning: Access to field 'opcode' results in a
dereference of a null pointer (loaded from variable 'pOp')
pOp->opcode = (u8)op;
~~~ ^
sqlite3.c:62297:9: warning: Access to field 'flags' results in a
dereference of a null pointer (loaded from variable 'pSub')
if( pSub->flags&MEM_Blob ){
^~~~~~~~~~~
sqlite3.c:64052:11: warning: Access to field 'aMem' results in a
dereference of a null pointer (loaded from variable 'p')
p->aMem = (Mem*)&((char*)p)[ROUND8(sizeof(UnpackedRecord))];
~ ^
sqlite3.c:74862:32: warning: Access to field 'pNext' results in a
dereference of a null pointer (loaded from variable 'pChunk')
} while( nRead>=0 && (pChunk=pChunk->pNext)!=0 && nRead>0 );
^~~~~~~~~~~~~
sqlite3.c:75646:5: warning: Access to field 'nErr' results in a
dereference of a null pointer (loaded from variable 'pTopNC')
pTopNC->nErr++;
^~~~~~~~~~~~~~
sqlite3.c:92737:19: warning: Access to field 'op' results in a
dereference of a null pointer (loaded from variable 'pStep')
pStep->op = TK_SELECT;
~~~~~ ^
sqlite3.c:92741:21: warning: Access to field 'op' results in a
dereference of a null pointer (loaded from variable 'pStep')
pStep->op = TK_DELETE;
~~~~~ ^
sqlite3.c:92745:19: warning: Access to field 'op' results in a
dereference of a null pointer (loaded from variable 'pStep')
pStep->op = TK_UPDATE;
~~~~~ ^
sqlite3.c:94868:45: warning: Access to field 'tnum' results in a
dereference of a null pointer (loaded from variable 'pSrcIdx')
sqlite3VdbeAddOp3(v, OP_OpenRead, iSrc, pSrcIdx->tnum, iDbSrc);
^~~~~~~~~~~~~
sqlite3.c:97994:11: warning: Value stored to 'x' is never read
x = sqlite3FkLocateIndex(pParse, pParent, pFK, &pIdx, &aiCols);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sqlite3.c:99574:3: warning: Address of stack memory associated with
local variable 'standin' returned to caller
return pNew;
^~~~~~~~~~~
sqlite3.c:100639:15: warning: Assigned value is garbage or undefined
pNC = pNC->pNext;
^ ~~~~~~~~~~
sqlite3.c:121056:13: warning: Access to field 'enc' results in a
dereference of a null pointer (loaded from variable 'p')
if( p->enc==pColl->enc ){
^~~~~~
19 warnings generated.
Sorry about all the extra noise. I wanted to do some static and
dynamic analysis on my project today (and its using Sqlite).
_______________________________________________
sqlite-users mailing list
[email protected]
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
