dev.c : Warning - dereference of null pointer, clang --analyze

util-linux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* dev.c : Warning - dereference of null pointer, clang --analyze
@ 2012-06-19 11:44 Marek Otahal
  2012-06-19 12:46 ` Clang analysis warnings WAS: " Marek Otahal
  0 siblings, 1 reply; 4+ messages in thread
From: Marek Otahal @ 2012-06-19 11:44 UTC (permalink / raw)
  To: util-linux

Hi list, 
I was just building util-linux with clang to see how it's static code analysis works. 
Here's what I got so far, I'm not sure about it's correctness, so excuse me if it's stupid. 

 CC       dev.lo
clang: warning: unknown warning option '-Wmissing-parameter-type'; did you mean '-Wmissing-prototypes'?
clang: warning: unknown warning option '-Wunused-but-set-parameter'; did you mean '-Wunused-parameter'?
clang: warning: unknown warning option '-Wunused-but-set-variable'; did you mean '-Wunused-variable'?
dev.c:91:16: warning: Access to field 'next' results in a dereference of a null pointer
      (loaded from variable 'p')
        list_for_each(p, &dev->bid_tags) {
        ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
../../include/list.h:179:48: note: expanded from macro 'list_for_each'
        for (pos = (head)->next; pos != (head); pos = pos->next)
                                                      ^
1 warning generated.

Best regards, Mark 
-- 

Marek Otahal :o)

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Clang analysis warnings WAS: Re: dev.c : Warning - dereference of null pointer, clang --analyze
  2012-06-19 11:44 dev.c : Warning - dereference of null pointer, clang --analyze Marek Otahal
@ 2012-06-19 12:46 ` Marek Otahal
  2012-06-19 13:04   ` [cont.] " Marek Otahal
  2012-06-19 13:49   ` [cont.2] " Marek Otahal
  0 siblings, 2 replies; 4+ messages in thread
From: Marek Otahal @ 2012-06-19 12:46 UTC (permalink / raw)
  To: util-linux

Clang/llvm analysis on recent git master, hope some of them are relevant (not all mistakes by clang). 

There're memleaks, null pointers passed, uninitialized params passed, execution with unknow priviledges(!), 
null pointere dereference, buffer overflow, etc.

Sorry, the list is quite long, but please take time to skim it all, i didnt sort the warnings by importance, just as they appeared. 



git pull
./autogen.sh
./configure CC="clang" LD="llvm-ld"
make CC="clang -c -O2 --analyze" 

 
 CC       dev.lo
dev.c:91:16: warning: Access to field 'next' results in a dereference of a null pointer
      (loaded from variable 'p')
        list_for_each(p, &dev->bid_tags) {
        ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
../../include/list.h:179:48: note: expanded from macro 'list_for_each'
        for (pos = (head)->next; pos != (head); pos = pos->next)
                                                      ^
1 warning generated.



  CC       canonicalize.lo
../../lib/canonicalize.c:59:15: warning: The left operand of '!=' is a garbage value
        while (*path != '\0') {
               ~~~~~ ^
1 warning generated.



  CC       sysfs.lo
../../lib/sysfs.c:227:9: warning: Null pointer passed as an argument to a 'nonnull' parameter
        return readlink(cxt->dir_path, buf, bufsiz);
               ^        ~~~~~~~~~~~~~
1 warning generated.


  CC       context.lo
context.c:382:38: warning: Access to field 'pid' results in a dereference of a null pointer
      (loaded from variable 'cxt')
        return !mnt_context_is_fork(cxt) && cxt->pid;
                               



  CC       optstr.lo
optstr.c:321:17: warning: Null pointer passed as an argument to a 'nonnull' parameter
        size_t possz = strlen(pos);
                       ^      ~~~



  CC       tab.lo
tab.c:346:3: warning: Access to field 'next' results in a dereference of a null pointer (loaded from field 'p')
                MNT_ITER_ITERATE(itr, *fs, struct libmnt_fs, ents);
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./mountP.h:179:5: note: expanded from macro 'MNT_ITER_ITERATE'
                                (itr)->p->next : (itr)->p->prev; \
                                ^      ~



  CC       utils.lo
utils.c:407:24: warning: Branch condition evaluates to a garbage value
        for (p = filesystems; *p; p++)
                              ^~





  CC       loopdev.lo
clang: warning: unknown warning option '-Wmissing-parameter-type'; did you mean '-Wmissing-prototypes'?
clang: warning: unknown warning option '-Wunused-but-set-parameter'; did you mean '-Wunused-parameter'?
clang: warning: unknown warning option '-Wunused-but-set-variable'; did you mean '-Wunused-variable'?
../../lib/loopdev.c:775:2: warning: Access to field 'debug' results in a dereference of a null pointer
      (loaded from variable 'lc')
        DBG(lc, loopdev_debug("get_crypt_name failed"));
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
                                if ((l)->debug) {\
                                    ^
../../lib/loopdev.c:756:2: warning: Access to field 'debug' results in a dereference of a null pointer
      (loaded from variable 'lc')
        DBG(lc, loopdev_debug("get_encrypt_type [rc=%d]", rc));
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
                                if ((l)->debug) {\
                                    ^
../../lib/loopdev.c:725:12: warning: Access to field 'flags' results in a dereference of a null pointer
      (loaded from variable 'lc')
        if (rc && loopcxt_ioctl_enabled(lc)) {
                  ^~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/loopdev.c:71:39: note: expanded from macro 'loopcxt_ioctl_enabled'
#define loopcxt_ioctl_enabled(_lc)      (!((_lc)->flags & LOOPDEV_FL_NOIOCTL))
                                           ^
../../lib/loopdev.c:911:6: warning: Access to field 'flags' results in a dereference of a null pointer
      (loaded from variable 'lc')
        if (loopcxt_ioctl_enabled(lc)) {
            ^~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/loopdev.c:71:39: note: expanded from macro 'loopcxt_ioctl_enabled'
#define loopcxt_ioctl_enabled(_lc)      (!((_lc)->flags & LOOPDEV_FL_NOIOCTL))
                                           ^
4 warnings generated.



  CC       mkfs.o
mkfs.c:126:40: warning: Memory is never released; potential leak of memory pointed to by 'newpath'
        progname = xmalloc(sizeof(PROGNAME) + strlen(fstype) + 1);
                                              ^~~~~~~~~~~~~~



  CC       fsck-fsck.o
fsck.c:715:3: warning: Function call argument is an uninitialized value
                warnx(_("%s %s: status is %x, should never happen."),
                ^
1 warning generated.
  CCLD     fsck



  CC       mkfs.cramfs.o
mkfs.cramfs.c:863:59: warning: Memory is never released; potential leak of memory pointed to by 'e'
        crc = crc32(crc, (unsigned char *) (rom_image+opt_pad), (offset-opt_pad));
                                                                 ^~~~~~


  CC       fdisk-fdisk.o
fdisk.c:1523:22: warning: The left operand of '<' is a garbage value
                        else if (first[i] < extended_offset ||
                                 ~~~~~~~~ ^
fdisk.c:1491:32: warning: The right operand of '<' is a garbage value
                        if (get_partition_start(pe) < first[i])
                                                    ^ ~~~~~~~~
2 warnings generated.



  CC       fdisk-fdisksunlabel.o
fdisksunlabel.c:316:10: warning: Branch condition evaluates to a garbage value
            if (lens[i]) {
                ^~~~~~~


 CC       fdisk-mbsalign.o
../lib/mbsalign.c:257:14: warning: Value stored to 'start_spaces' during its initialization is never read
      size_t start_spaces = n_spaces / 2 + n_spaces % 2;
             ^              ~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/mbsalign.c:258:14: warning: Value stored to 'end_spaces' during its initialization is never read
      size_t end_spaces = n_spaces / 2;
             ^            ~~~~~~~~~~~~
2 warnings generated.



  CC       sfdisk.o
sfdisk.c:1529:9: warning: Value stored to 'pno' during its initialization is never read
    int pno = z->partno;
        ^     ~~~~~~~~~


CC       cfdisk-cfdisk.o
cfdisk.c:562:7: warning: Null pointer passed as an argument to a 'nonnull' parameter
         if (strlen(str) > (size_t) COLS)
             ^      ~~~



  CC       getopt.o
getopt.c:189:5: warning: Function call argument is an uninitialized value
                                printf(" --%s", longopts[longindex].name);
                                ^               ~~~~~~~~~~~~~~~~~~~~~~~~
getopt.c:456:2: warning: Memory is never released; potential leak of memory pointed to by 'optstr'
        return generate_output(argv + optind - 1, argc-optind + 1,
        ^


  CC       fileutils.o
fileutils.c:78:2: warning: Null pointer passed as an argument to a 'nonnull' parameter
        unlink(tmpname);
        ^      ~~~~~~~



  CC       mangle.o
mangle.c:160:9: warning: Memory is never released; potential leak of memory pointed to by 'ss'
        return EXIT_SUCCESS;
               ^~~~~~~~~~~~
/usr/include/stdlib.h:135:22: note: expanded from macro 'EXIT_SUCCESS'
#define EXIT_SUCCESS    0       /* Successful exit status.  */
                        ^



  CC       pager.o
pager.c:140:2: warning: The left expression of the compound assignment is an uninitialized value. The computed
      value will also be garbage
        FD_SET(0, &in);
        ^~~~~~~~~~~~~~
/usr/include/sys/select.h:91:28: note: expanded from macro 'FD_SET'
#define FD_SET(fd, fdsetp)      __FD_SET (fd, fdsetp)
                                ^
/usr/include/bits/select.h:51:43: note: expanded from macro '__FD_SET'
  ((void) (__FDS_BITS (set)[__FD_ELT (d)] |= __FD_MASK (d)))
                                          ^


  CC       randutils.o
randutils.c:89:9: warning: The left expression of the compound assignment is an uninitialized value. The
      computed value will also be garbage
                *cp++ ^= (rand() >> 7) & 0xFF;
                ~~~~~ ^



  CC       tt.o
tt.c:634:2: warning: Access to field 'next' results in a dereference of a null pointer
        list_for_each(p, &ln->table->tb_columns) {
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../include/list.h:179:13: note: expanded from macro 'list_for_each'
        for (pos = (head)->next; pos != (head); pos = pos->next)
                   ^~~~~~~~~~~~
../include/list.h:94:13: warning: Access to field 'prev' results in a dereference of a null pointer
      (loaded from variable 'next')
        next->prev = prev;
        ~~~~       ^
tt.c:659:3: warning: Null pointer argument in call to string copy function
                strncpy(buf, cl->name, bufsz);
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/bits/string2.h:761:33: note: expanded from macro 'strncpy'
#  define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
                                ^
3 warnings generated.





  CC       loopdev.o
../lib/loopdev.c:911:6: warning: Access to field 'flags' results in a dereference of a null pointer
      (loaded from variable 'lc')
        if (loopcxt_ioctl_enabled(lc)) {
            ^~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:71:39: note: expanded from macro 'loopcxt_ioctl_enabled'
#define loopcxt_ioctl_enabled(_lc)      (!((_lc)->flags & LOOPDEV_FL_NOIOCTL))
                                           ^
../lib/loopdev.c:725:12: warning: Access to field 'flags' results in a dereference of a null pointer
      (loaded from variable 'lc')
        if (rc && loopcxt_ioctl_enabled(lc)) {
                  ^~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:71:39: note: expanded from macro 'loopcxt_ioctl_enabled'
#define loopcxt_ioctl_enabled(_lc)      (!((_lc)->flags & LOOPDEV_FL_NOIOCTL))
                                           ^
../lib/loopdev.c:756:2: warning: Access to field 'debug' results in a dereference of a null pointer
      (loaded from variable 'lc')
        DBG(lc, loopdev_debug("get_encrypt_type [rc=%d]", rc));
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
                                if ((l)->debug) {\
                                    ^
../lib/loopdev.c:775:2: warning: Access to field 'debug' results in a dereference of a null pointer
      (loaded from variable 'lc')
        DBG(lc, loopdev_debug("get_crypt_name failed"));
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
                                if ((l)->debug) {\
                                    ^
../lib/loopdev.c:815:2: warning: Access to field 'debug' results in a dereference of a null pointer
      (loaded from variable 'lc')
        DBG(lc, loopdev_debug("get_backing_inode [rc=%d]", rc));
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
                                if ((l)->debug) {\
                                    ^
../lib/loopdev.c:795:2: warning: Access to field 'debug' results in a dereference of a null pointer
      (loaded from variable 'lc')
        DBG(lc, loopdev_debug("get_backing_devno [rc=%d]", rc));
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:48:9: note: expanded from macro 'DBG'
                                if ((l)->debug) {\
                                    ^
6 warnings generated.




 CC       test_loopdev-sysfs.o
sysfs.c:227:9: warning: Null pointer passed as an argument to a 'nonnull' parameter
        return readlink(cxt->dir_path, buf, bufsiz);
               ^        ~~~~~~~~~~~~~
1 warning generated.




CC       login.o
login.c:1023:4: warning: The return value from the call to 'setregid' is not checked. If an error occurs in
      'setregid', the following code may execute with unexpected privileges
                        setregid(-1, egid);
                        ^~~~~~~~
login.c:1019:4: warning: The return value from the call to 'setreuid' is not checked. If an error occurs in
      'setreuid', the following code may execute with unexpected privileges
                        setreuid(0, pwd->pw_uid);
                        ^~~~~~~~
login.c:1021:4: warning: The return value from the call to 'setuid' is not checked. If an error occurs in
      'setuid', the following code may execute with unexpected privileges
                        setuid(0);      /* setreuid doesn't do it alone! */
                        ^~~~~~
login.c:1018:4: warning: The return value from the call to 'setregid' is not checked. If an error occurs in
      'setregid', the following code may execute with unexpected privileges
                        setregid(-1, pwd->pw_gid);
                        ^~~~~~~~
login.c:1022:4: warning: The return value from the call to 'setreuid' is not checked. If an error occurs in
      'setreuid', the following code may execute with unexpected privileges
                        setreuid(ruid, 0);
                        ^~~~~~~~
login.c:1288:2: warning: Value stored to 'argc' is never read
        argc -= optind;
        ^       ~~~~~~
login.c:1153:2: warning: Null pointer passed as an argument to a 'nonnull' parameter
        setenv("USER", pwd->pw_name, 1);
        ^              ~~~~~~~~~~~~
login.c:1333:8: warning: Memory is never released; potential leak of memory pointed to by 'pwdbuf'
        pwd = cxt.pwd;
              ^~~
login.c:758:5: warning: Memory is never released; potential leak of memory pointed to by 'prompt'
        rc = pam_set_item(pamh, PAM_USER_PROMPT, loginpam_get_prompt(cxt));
        ~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
9 warnings generated.



 CC       sulogin.o
sulogin.c:117:2: warning: Size argument is greater than the length of the destination buffer
        strncpy(id, pass, off);
        ^~~~~~~~~~~~~~~~~~~~~~
/usr/include/bits/string2.h:761:33: note: expanded from macro 'strncpy'
#  define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
                                ^



  CC       lsblk-lsblk.o
lsblk.c:1335:2: warning: Address of stack memory associated with local variable '_ls' is still referred to by
      the global variable 'lsblk' upon returning to the caller. This will be a dangling reference
        return status;
        ^


 CC       wipefs-wipefs.o
wipefs.c:314:22: warning: Access to field 'zap' results in a dereference of a null pointer
      (loaded from variable 'wp')
        int zap = all ? 1 : wp->zap;
                            ^~



  CC       namei.o
namei.c:392:5: warning: Access to field 'name' results in a dereference of a null pointer
                                get_id(ucache, nm->st.st_uid)->name);
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



  CC       lslocks.o
In file included from lslocks.c:38:
In file included from ../include/tt.h:12:
../include/list.h:94:13: warning: Access to field 'prev' results in a dereference of a null pointer
      (loaded from variable 'next')
        next->prev = prev;
        ~~~~       ^




 CC       rename.o
rename.c:47:8: warning: Dereference of null pointer
                *q++ = *p++;
                ~~~~~^~~~~~
rename.c:44:8: warning: Dereference of null pointer
                *q++ = *p++;
                ~~~~~^~~~~~
rename.c:50:8: warning: Dereference of null pointer
                *q++ = *p++;
                ~~~~~^~~~~~
3 warnings generated.



  CC       dmesg.o
dmesg.c:790:2: warning: Value stored to 'argv' is never read
        argv += optind;
        ^       ~~~~~~
dmesg.c:791:2: warning: Value stored to 'n' is never read
        n = 0;
        ^   ~


sending this part, as it's getting long...
-mark

-- 

Marek Otahal :o)

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [cont.] Clang analysis warnings WAS: Re: dev.c : Warning - dereference of null pointer, clang --analyze
  2012-06-19 12:46 ` Clang analysis warnings WAS: " Marek Otahal
@ 2012-06-19 13:04   ` Marek Otahal
  2012-06-19 13:49   ` [cont.2] " Marek Otahal
  1 sibling, 0 replies; 4+ messages in thread
From: Marek Otahal @ 2012-06-19 13:04 UTC (permalink / raw)
  To: util-linux

On Tuesday 19 of June 2012 14:46:53 you wrote:
> Clang/llvm analysis on recent git master, hope some of them are relevant (not all mistakes by clang). 
> 
> There're memleaks, null pointers passed, uninitialized params passed, execution with unknow priviledges(!), 
> null pointere dereference, buffer overflow, etc.
> 
> Sorry, the list is quite long, but please take time to skim it all, i didnt sort the warnings by importance, just as they appeared. 
> 
 CC       switch_root.o
switch_root.c:213:7: warning: Dereference of null pointer (loaded from variable 'newroot')
        if (!*newroot || !*init)
             ^~~~~~~~



  CC       flock.o
flock.c:281:8: warning: Null pointer passed as an argument to a 'nonnull' parameter
                            access(filename, R_OK | W_OK) == 0) {
                            ^      ~~~~~~~~



  CC       ipcs.o
ipcs.c:476:8: warning: Function call argument is an uninitialized value
                pw = getpwuid(ipcp->uid);
                     ^        ~~~~~~~~~
ipcs.c:246:40: warning: The left operand of '&' is a garbage value
        printf ("%-10d %-10o", id, ipcp->mode & 0777);
                                   ~~~~~~~~~~ ^
ipcs.c:432:3: warning: Function call argument is an uninitialized value
                printf (_("max number of arrays = %d\n"), seminfo.semmni);
                ^                                         ~~~~~~~~~~~~~~
ipcs.c:441:3: warning: Function call argument is an uninitialized value
                printf (_("used arrays = %d\n"), seminfo.semusz);
                ^                                ~~~~~~~~~~~~~~
ipcs.c:688:2: warning: Function call argument is an uninitialized value
        printf (_("uid=%u\t gid=%u\t cuid=%u\t cgid=%u\n"),
        ^
5 warnings generated. 



  CC       cytune.o
cytune.c:202:8: warning: Function call argument is an uninitialized value
                        if (ioctl(cmon[cmon_index].cfile, CYGETMON, &cywork))
                            ^     ~~~~~~~~~~~~~~~~~~~~~~
cytune.c:456:3: warning: Address of stack memory associated with local variable 'argv' is still referred to by
      the global variable 'global_argv' upon returning to the caller. This will be a dangling reference
                return EXIT_SUCCESS;
                ^
cytune.c:460:2: warning: Address of stack memory associated with local variable 'argv' is still referred to by
      the global variable 'global_argv' upon returning to the caller. This will be a dangling reference
        return EXIT_SUCCESS;
        ^
cytune.c:380:4: warning: Address of stack memory associated with local variable 'argv' is still referred to by
      the global variable 'global_argv' upon returning to the caller. This will be a dangling reference
                        return EXIT_SUCCESS;
                        ^
4 warnings generated.




  CC       eject-eject.o
eject.c:619:2: warning: Value stored to 'status' is never read
        status = ioctl(fd, BLKRRPART);
        ^        ~~~~~~~~~~~~~~~~~~~~



 CC       prlimit.o
prlimit.c:364:20: warning: Access to field 'resource' results in a dereference of a null pointer
      (loaded from field 'desc')
                if (prlimit(pid, lim->desc->resource, new, old) == -1)
                                 ^    ~~~~


 CC       lscpu.o
In file included from lscpu.c:38:
../include/xalloc.h:45:21: warning: Call to 'calloc' has an allocation size of 0 bytes
        void *ret = calloc(nelems, size);
                    ^      ~~~~~~
lscpu.c:661:27: warning: Array access (via field 'polarization') results in a null pointer dereference
                desc->polarization[num] = POLAR_VHIGH;
                      ~~~~~~~~~~~~      ^
lscpu.c:665:27: warning: Array access (via field 'polarization') results in a null pointer dereference
                desc->polarization[num] = POLAR_UNKNOWN;
                      ~~~~~~~~~~~~      ^
lscpu.c:659:27: warning: Array access (via field 'polarization') results in a null pointer dereference
                desc->polarization[num] = POLAR_VMEDIUM;
                      ~~~~~~~~~~~~      ^
lscpu.c:663:27: warning: Array access (via field 'polarization') results in a null pointer dereference
                desc->polarization[num] = POLAR_HORIZONTAL;
                      ~~~~~~~~~~~~      ^
lscpu.c:657:27: warning: Array access (via field 'polarization') results in a null pointer dereference
                desc->polarization[num] = POLAR_VLOW;
                      ~~~~~~~~~~~~      ^
lscpu.c:675:23: warning: Array access (via field 'addresses') results in a null pointer dereference
        desc->addresses[num] = path_getnum(_PATH_SYS_CPU "/cpu%d/address", num);
              ~~~~~~~~~      ^
lscpu.c:685:24: warning: Array access (via field 'configured') results in a null pointer dereference
        desc->configured[num] = path_getnum(_PATH_SYS_CPU "/cpu%d/configure", num);
              ~~~~~~~~~~      ^
8 warnings generated.



CC       readprofile.o
readprofile.c:232:3: warning: The return value from the call to 'setuid' is not checked. If an error occurs in
      'setuid', the following code may execute with unexpected privileges
                setuid(0);
                ^~~~~~



 CC       tunelp.o
tunelp.c:248:11: warning: Memory is never released; potential leak of memory pointed to by 'cmdst'
                        printf(UTIL_LINUX_VERSION);
                               ^~~~~~~~~~~~~~~~~~
../include/c.h:247:78: note: expanded from macro 'UTIL_LINUX_VERSION'
#define UTIL_LINUX_VERSION _("%s from %s\n"), program_invocation_short_name, PACKAGE_STRING
                                                                             ^
../config.h:519:24: note: expanded from macro 'PACKAGE_STRING'
#define PACKAGE_STRING "util-linux 2.21.715-1400"
                       ^~~~~~~~~~~~~~~~~~~~~~~~~~
tunelp.c:259:7: warning: Null pointer passed as an argument to a 'nonnull' parameter
        fd = open(filename, O_WRONLY | O_NONBLOCK, 0);
             ^    ~~~~~~~~



CC       rtcwake.o
rtcwake.c:600:13: warning: Memory is never released; potential leak of memory pointed to by 'devname'
        } else if (strcmp(suspend, "disable") == 0) {
                   ^
/usr/include/bits/string2.h:802:13: note: expanded from macro 'strcmp'
  ({ size_t __s1_len, __s2_len;                                               \
            ^



  CC       agetty.o
agetty.c:464:9: warning: Branch condition evaluates to a garbage value
        while (*p) {
               ^~


CC       script.o
script.c:326:16: warning: Assigned value is garbage or undefined
                        childstatus = status;
                                    ^ ~~~~~~



 CC       setterm.o
setterm.c:1197:9: warning: Dereference of null pointer
                        *q++ = *p;
                        ~~~~~^~~~
setterm.c:1204:36: warning: Memory is never released; potential leak of memory pointed to by 'p'
        if (fwrite(outbuf, 1, q - outbuf, F) != (size_t) (q - outbuf)) {
                                          ^
setterm.c:1197:11: warning: Dereference of null pointer (loaded from variable 'p')
                        *q++ = *p;
                               ^~
setterm.c:1202:8: warning: Dereference of null pointer
                *q++ = '\n';
                ~~~~~^~~~~~
setterm.c:1208:8: warning: Memory is never released; potential leak of memory pointed to by 'q'
        close(fd);
              ^~
5 warnings generated.



  CC       more.o
more.c:1592:19: warning: Value stored to 'line3' during its initialization is never read
    register long line3 = startline;
                  ^       ~~~~~~~~~



CC       column.o
column.c:164:2: warning: Value stored to 'argc' is never read
        argc -= optind;
        ^       ~~~~~~
column.c:360:7: warning: Dereference of null pointer (loaded from variable 'p')
                        *p = '\0';
                         ~ ^
In file included from column.c:55:
../include/xalloc.h:45:21: warning: Call to 'calloc' has an allocation size of 0 bytes
        void *ret = calloc(nelems, size);
                    ^      ~~~~~~




-- 

Marek Otahal :o)

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [cont.2] Clang analysis warnings WAS: Re: dev.c : Warning - dereference of null pointer, clang --analyze
  2012-06-19 12:46 ` Clang analysis warnings WAS: " Marek Otahal
  2012-06-19 13:04   ` [cont.] " Marek Otahal
@ 2012-06-19 13:49   ` Marek Otahal
  1 sibling, 0 replies; 4+ messages in thread
From: Marek Otahal @ 2012-06-19 13:49 UTC (permalink / raw)
  To: util-linux

On Tuesday 19 of June 2012 14:46:53 you wrote:
> Clang/llvm analysis on recent git master, hope some of them are relevant (not all mistakes by clang). 
> 
> There're memleaks, null pointers passed, uninitialized params passed, execution with unknow priviledges(!), 
> null pointere dereference, buffer overflow, etc.
> 
> Sorry, the list is quite long, but please take time to skim it all, i didnt sort the warnings by importance, just as they appeared. 
> 
  CC       parse.o
parse.c:144:10: warning: Size argument is greater than the length of the destination buffer
                (void) strncpy(tfu->fmt, savep, p - savep);
                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/bits/string2.h:761:33: note: expanded from macro 'strncpy'
#  define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
                                ^



  CC       ul.o
ul.c:481:22: warning: The left operand of '==' is a garbage value
        for (*cp = ' '; *cp == ' '; cp--)
                        ~~~ ^
ul.c:447:22: warning: The left operand of '==' is a garbage value
        for (*cp = ' '; *cp == ' '; cp--)
                        ~~~ ^




 CC       pg.o
pg.c:1223:7: warning: Value stored to 'sz' is never read
                                                sz = regerror(rerror, &re,
                                                ^    ~~~~~~~~~~~~~~~~~~~~~



  CC       hwclock.o
hwclock.c:1671:2: warning: Value stored to 'argv' is never read
        argv += optind;
        ^       ~~~~~~



  CC       rtc.o
rtc.c:309:4: warning: The left expression of the compound assignment is an uninitialized value. The computed
      value will also be garbage
                        FD_SET(rtc_fd, &rfds);
                        ^~~~~~~~~~~~~~~~~~~~~
/usr/include/sys/select.h:91:28: note: expanded from macro 'FD_SET'
#define FD_SET(fd, fdsetp)      __FD_SET (fd, fdsetp)
                                ^
/usr/include/bits/select.h:51:43: note: expanded from macro '__FD_SET'
  ((void) (__FDS_BITS (set)[__FD_ELT (d)] |= __FD_MASK (d)))
                                          ^



  CC       mount-mount.o
mount.c:2768:9: warning: Dereference of null pointer
                                    mc->m.mnt_opts, options, 0, 0);
                                    ^~~~~~~~~~~~~~
mount.c:2036:2: warning: Null pointer argument in call to string copy function
        strncpy (n, s, sub-s);
        ^~~~~~~~~~~~~~~~~~~~~
/usr/include/bits/string2.h:761:33: note: expanded from macro 'strncpy'
#  define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
                                ^
mount.c:2060:17: warning: Memory is never released; potential leak of memory pointed to by 'opts'
        return xstrdup(opts);
                       ^~~~
3 warnings generated.



  CC       mount-sundries.o
sundries.c:33:6: warning: Null pointer argument in call to string copy function
     strncpy(t,s,n);
     ^~~~~~~~~~~~~~
/usr/include/bits/string2.h:761:33: note: expanded from macro 'strncpy'
#  define strncpy(dest, src, n) __builtin_strncpy (dest, src, n)
                                ^



  CC       mount-fstab.o
fstab.c:832:6: warning: Dereference of null pointer (loaded from variable 'dest')
        if (*dest) {
            ^~~~~




Now, compilation finished correctly :) 
With regards, 
Mark
-- 

Marek Otahal :o)

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2012-06-19 13:49 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-06-19 11:44 dev.c : Warning - dereference of null pointer, clang --analyze Marek Otahal
2012-06-19 12:46 ` Clang analysis warnings WAS: " Marek Otahal
2012-06-19 13:04   ` [cont.] " Marek Otahal
2012-06-19 13:49   ` [cont.2] " Marek Otahal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).