Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Jan 2013 16:05:41 -0500
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: minor issues (found by cppcheck)

On Mon, Jan 14, 2013 at 08:41:47PM +0100, Szabolcs Nagy wrote:
> i fixed some minor issues in my repo which were found by cppcheck
> here is a list of the non-fixed ones:
> 
> 
> [src/misc/mntent.c:32]: (portability) scanf without field width
> limits can crash with huge input data

This looks bogus. %s and %[ are used only with the * modifier which
inhibits storage.

> getmntent_r has a sscanf with %d,
> it might make sense to limit the width

I think the error is irrelevant for %d unless we're talking about the
theoretical UB for integer overflow, but that doesn't seem to be what
this warning is about. Anyway, musl's scanf has well-defined overflow
behavior.

> [src/regex/regcomp.c:2032]: (performance) Variable 'status' is reassigned a value before the old one has been used.
> [src/regex/regcomp.c:3133]: (warning) Redundant assignment of 'errcode' to itself.
> [src/regex/regcomp.c:2060]: (style) Variable 'minimal_tag' is assigned a value that is never used.
> [src/regex/regcomp.c:108]: (style) struct or union member 'Anonymous1::params' is never used.
> [src/regex/regcomp.c:2803]: (error) Uninitialized variable: params
> 
> some of these occure multiple times,
> the last two is probably worth fixing:
> u.params in tre_literal_t struct is never used
> and in the tre_match_empty function the params
> argument is never used, but an uninitialized
> pointer is passed anyway

Indeed, these should be fixed.

> [src/locale/strfmon.c:33]: (style) Variable 'fill' is assigned a value that is never used.
> [src/stdio/vfscanf.c:134]: (style) Variable 'alloc' is assigned a value that is never used.
> [src/stdio/vfwscanf.c:144]: (style) Variable 'alloc' is assigned a value that is never used.
> 
> these are examples of unused values but they
> all seem to be innocent

They're all cases of unimplemented features, so the code should not be
removed, but rather finished. :-)

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.