[Dnsmasq-discuss] [dnsmasq] Errors found by static analysis of source code (Coverity)
Tomas Hozza
thozza at redhat.com
Tue Feb 5 15:30:29 GMT 2013
----- Original Message -----
> On 04/02/13 10:24, Tomas Hozza wrote:
> > Hello Simon.
> >
> > We at Red Hat are scanning a lot of open source packages
> > with static analysis tool named Coverity. I have been scanning
> > and reviewing group of network daemons where dnsmasq falls
> > in, too.
> >
> > I scanned the latest dnsmasq-2.66-test13 source with Coverity
> > version 6.5.1. It found 115 errors from which a lot of are just
> > false positives or are not worth fixing. I wrote patches for
> > issues that I think should be fixed. Please review and
> > consider fixing these issues. I'm also including the Coverity
> > scan log, so you can have a look at all errors.
> >
> > Coverity is also running a project where they allow open source
> > project to be scanned for FREE. If you find it interesting
> > you can find more information on http://scan.coverity.com/.
> >
> > If you have any questions about the scan or want to do more
> > scanning,
> > don't hesitate to write me back.
> >
> >
>
> More patches:
>
> 0018-RESOURCE_LEAK-CWE-404.patch
> Taken, but only a problem if one malloc succeeds and a second fails -
> then we leak the first block. I won't lose sleep over that.
>
> 0019-REVERSE_INULL-CWE-476.patch
> Fixed. !cp should be !*cp
>
> 0020-STRING_OVERFLOW-CWE-120.patch
> Not taken, same as 0001-STRING_OVERFLOW.....
>
> 0021-UNUSED_VALUE-CWE-563.patch
> Taken. straightforward.
>
> 0022-USE_AFTER_FREE-CWE-416.patch
> Taken. New code in 2.66test*
>
> 0023-USE_AFTER_FREE-CWE-416.patch
> Taken, changed style of fix to match other code.
>
>
>
> A very worthwhile exercise, thanks Tomas.
>
> I've pushed the fixes into git.
No problem. You are welcome. Thank you for reviewing my patches and
including some of them in git.
Anyway, did you consider participating in the Coverity program for
scanning open source projects? If not I will at least try to do
a diff scan between latest dnsmasq versions to catch newly added errors.
Regards,
Tomas
More information about the Dnsmasq-discuss
mailing list