Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 23 Dec 2012 16:34:44 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: scan-build results, part 1

On 23 Dec, 2012, at 15:09 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> On Sun, Dec 23, 2012 at 6:36 PM, Dhiru Kholia <dhiru.kholia@...il.com> wrote:
>> scan-build is complaining about "Logic error    Stack address stored into
>> global variable" in single.c.
>> 
>> 495     void do_single_crack(struct db_main *db)
>> 496     {
>> 497         struct rpp_context ctx;
>> 498
>> 499         single_db = db;
>> 500         rule_ctx = &ctx;
>> 501         single_init();
>> 502         single_run();
>> 503         single_done();
>> 504     }
>> 
>> Address of stack memory associated with local variable 'ctx' is still
>> referred to by the global variable 'rule_ctx' upon returning to the
>> caller. This will be a dangling reference.
>> 
>> I don't know if rules_ctx's value is used later on or not.

I'm sure it's not but I committed a patch that reset it to NULL for good measure.

> For complete set of results, see
> http://dl.dropbox.com/u/1522424/scan-build-2012-12-23-16.tar.bz2

I have fixed some other issues as well, and will look at some more. Some are false positives for sure, some I just don't get.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ