Re: static analysis run on ncurses 5.6

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: static analysis run on ncurses 5.6

From:	Thomas Dickey
Subject:	Re: static analysis run on ncurses 5.6
Date:	Thu, 31 Jul 2008 06:03:13 -0400 (EDT)

On Wed, 30 Jul 2008, Larry Zhou wrote:

Hi Thomas,


I have run static analysis tool Klocwork on ncurses 5.6, as part of MySQL
code base.
( For more info about klocwork, click www.klocwork.com )

The very first I can see is this one.

155 tinfo/captoinfo.c
where there might be an overrun on boundary.

stackptr could be 16 at line 152, then it goes to else clause, that is where
there is 1 over the boundary at stack[16]

the fix is easy, line 152, from > to >=.


The report generates 252 warnings, among them 100 are memory allocation
related, when you use malloc, it might return 0.
so you can not just dereference it without checking against null.
Of course there are lots of false positives to weed thru.

Are you interested in this FREE report? If so, I can send it your way.

yes (5.6 is a little old, but much of the report should apply - I'mdebugging ports to try to close out 5.7)

Thanks,

Larry


--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net

[Prev in Thread]

Current Thread

[Next in Thread]

static analysis run on ncurses 5.6, Larry Zhou, 2008/07/31
- Re: static analysis run on ncurses 5.6, Thomas Dickey <=
  - Message not available
    - Re: static analysis run on ncurses 5.6, Thomas Dickey, 2008/07/31
- Re: static analysis run on ncurses 5.6, Folkert van Heusden, 2008/07/31

Prev by Date: Re: NCursesMenu help
Next by Date: static analysis run on ncurses 5.6
Previous by thread: static analysis run on ncurses 5.6
Next by thread: Re: static analysis run on ncurses 5.6
Index(es):
- Date
- Thread