Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 28 Jan 2013 16:32:45 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Static analysis of John using CppCheck

On 21 Jan, 2013, at 9:05 , magnum <john.magnum@...hmail.com> wrote:
> On 21 Jan, 2013, at 8:51 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
>> On Mon, Jan 21, 2013 at 12:41 PM, magnum <john.magnum@...hmail.com> wrote:
>>> 
>>> On 21 Jan, 2013, at 8:06 , magnum <john.magnum@...hmail.com> wrote:
>>> On 21 Jan, 2013, at 5:41 , Lukas Odzioba <lukas.odzioba@...il.com> wrote:
>>>> Hi I used Cppcheck 1.55 (but newest is 1.58) to check unstable-jumbo.
>>>>> Here is link to results: http://ideone.com/BO7XVd - over 600 lines so
>>>>> I didn't want to post it here.
>>>>> 
>>>> I checked most of the claimed "Buffer access out-of-bounds" and they are just false positives. Example:
>>>> 
>>>>     memcpy(block, AFS_long_IV, 8);
>>>> 
>>>> Size of both are 8 so this is not out of bounds. But block is ARCH_WORD_32 so it seems Cppcheck tries to apply pointer arithmetic where it shouldn't. Same red herring in all cases I checked.
>>> 
>>> From 1.57 changelog: "Fixed several false negatives in buffer overrun check". Perhaps latest would be better.
>> 
>> Cppcheck 1.58 logs,
>> 
>> http://dl.dropbox.com/u/1522424/cppcheck_4f2ebca8d500_1.58.log.bz2
> 
> Use -UDEBUG --max-configs=50 and do not use -j. I have seen at least one real bug, the sizeof(outbuf) in SIPdump.h. That memset should use outbuf_len instead.

It even works for CUDA and OpenCL kernels. Pretty neat.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.