Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Apr 2015 12:41:51 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Static analysis results

Aside from regcomp which I want to ask nsz on before committing
anything, I believe these are all fixed now by the following commits:

On Tue, Apr 21, 2015 at 07:28:30PM +0300, Alexander Monakov wrote:
> New round of static analysis results.  This time it's mostly opportunities for
> very minor cleanups (I'm showing only a few results that I think make sense).
> If there's a problem in balance of usefulness vs annoyance, please let me know.
> 
> dynlink.c:343
>   'if (runtime)' is already established as true at line 337

c5ab5bd3be15eb9d49222df132a51ae8e8f78cbc remove always-true conditional in dynamic linker TLSDESC processing

> sem_open.c:sem_open
>   I didn't try to follow the code in detail, but it seems possible that 'goto
>   fail' can be executed from e.g. line 133 after successful mmap, in which
>   case the region is not unmapped

086793ad99dc625fd1c47f96fc31ea8aa316b438 fix mmap leak in sem_open failure path for link call

> duplocale.c:17
>   neither of the conditions cannot hold

873e0ec7fc4d466cfcdec16a7648cc18609ba702 fix duplocale clobbering of new locale struct with memcpy of old

> dynlink.c:1503
>   the first two conditions cannot hold after check at line 1489 and exit at
>   line 1501

97b72d22ad53e8f1306bf8e943571b698058f49d remove redundant code in do_dlsym function

> fcntl.c:42
>   F_SETLKW is already taken care of at line 16
>   also, why does this file cast arg to 'void *' in several places?

ea1b6bb6123d2177508ddca438669ec96cfa0021 remove dead case for F_SETLKW in fcntl

> regcomp.c:2848
>   condition 'stack != NULL' cannot hold

[open but not a bug]

> dynlink.c:428
>   on 64-bit arches, multiplication can overflow in 32-bit type before assignment 

[not considered a bug at this time; see other email]

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.