[Dnsmasq-discuss] [dnsmasq] Errors found by static analysis of source code (Coverity)
Simon Kelley
simon at thekelleys.org.uk
Tue Feb 5 14:58:04 GMT 2013
On 04/02/13 10:24, Tomas Hozza wrote:
> Hello Simon.
>
> We at Red Hat are scanning a lot of open source packages
> with static analysis tool named Coverity. I have been scanning
> and reviewing group of network daemons where dnsmasq falls
> in, too.
>
> I scanned the latest dnsmasq-2.66-test13 source with Coverity
> version 6.5.1. It found 115 errors from which a lot of are just
> false positives or are not worth fixing. I wrote patches for
> issues that I think should be fixed. Please review and
> consider fixing these issues. I'm also including the Coverity
> scan log, so you can have a look at all errors.
>
> Coverity is also running a project where they allow open source
> project to be scanned for FREE. If you find it interesting
> you can find more information on http://scan.coverity.com/.
>
> If you have any questions about the scan or want to do more scanning,
> don't hesitate to write me back.
>
>
More patches:
0018-RESOURCE_LEAK-CWE-404.patch
Taken, but only a problem if one malloc succeeds and a second fails -
then we leak the first block. I won't lose sleep over that.
0019-REVERSE_INULL-CWE-476.patch
Fixed. !cp should be !*cp
0020-STRING_OVERFLOW-CWE-120.patch
Not taken, same as 0001-STRING_OVERFLOW.....
0021-UNUSED_VALUE-CWE-563.patch
Taken. straightforward.
0022-USE_AFTER_FREE-CWE-416.patch
Taken. New code in 2.66test*
0023-USE_AFTER_FREE-CWE-416.patch
Taken, changed style of fix to match other code.
A very worthwhile exercise, thanks Tomas.
I've pushed the fixes into git.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list