Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Feb 2013 16:49:45 +0100
From: John Spencer <>
CC: Roger Sibert <>
Subject: Re: is musl run against cppcheck ?

On 02/28/2013 03:54 PM, Roger Sibert wrote:
> Hello Everyone,
> I was just looking at musl to help with static compiled binaries for
> systems that use CF cards for the base OS, I always run code against
> cppcheck prior to use so that up front I know what may have to explain
> to someone.
> In running against an older version of cppcheck, my main system is
> being rebuilt and the backup hasnt been upgraded yet, I ran across the
> following
> [src/network/getaddrinfo.c:115]: (error) Null pointer dereference
> [src/network/if_nameindex.c:52]: (error) Memory leak: p
> [src/thread/sem_open.c:45]: (error) Possible null pointer dereference:
> semtab - otherwise it is redundant to check if seis null at line 45

if musl deref's a null pointer, it is mostly to conciously cause a crash.
however, i think it should call a_crash() instead.

> My coding experience is spotty and I know cppcheck can throw false
> positives so instead of guessing I wanted to see if the musl code had
> been run through cppcheck.

yes. it was run a couple of time in the past.
for example this commit here fixed a commit that removed "unused code" 
wrongly detected by cppcheck.
> I ran the below but just filtered out some of the possible/probably
> false positives, though the ones referring to ccosh.c might be real.
> /musl# script -c "/root/cppcheck --force --enable=all ."
> cppcheck-output-musl.txt
> Thanks,
> Roger

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.