Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Jan 2013 08:11:00 +0100
From: magnum <>
Subject: Re: Static analysis of John using CppCheck

On 21 Jan, 2013, at 8:06 , magnum <> wrote:

> On 21 Jan, 2013, at 5:41 , Lukas Odzioba <> wrote:
>> Hi I used Cppcheck 1.55 (but newest is 1.58) to check unstable-jumbo.
>> Here is link to results: - over 600 lines so
>> I didn't want to post it here.
> I checked most of the claimed "Buffer access out-of-bounds" and they are just false positives. Example:
> 	memcpy(block, AFS_long_IV, 8);
> Size of both are 8 so this is not out of bounds. But block is ARCH_WORD_32 so it seems Cppcheck tries to apply pointer arithmetic where it shouldn't. Same red herring in all cases I checked.

From 1.57 changelog: "Fixed several false negatives in buffer overrun check". Perhaps latest would be better.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.