There are certainly some false positives going on there. There are 252
warnings there, among them, 100 are memory allocation thing, which means,
after call to malloc, there got to be a nice exit if malloc returns 0. If
you don't care about this, I can simply reconfig it to turn off all that
kind of warnings.
Let me know if you have any question about each warning, or if you need any
assistance to make them go away.
btw, since you mention 5.7, if you don't want to spend time to map errors
from 5.6 to 5.7, you can send current version of 5.7 to me.
I couldn't find 5.7 here
ftp://invisible-island.net/ncurses/
I am going to rerun the tool to get the most up-to-date warnings for the
current version, since that is what we care most, we don't change anything
in 5.6, we just use it in tar.gz, and build it from there.
Other libraries we are using, like open-ssl and libunwind, have 0 defects
reported, so I am darn sure they run the tool before release.
Thanks,
Larry
On Thu, Jul 31, 2008 at 3:03 AM, Thomas Dickey <address@hidden> wrote:
On Wed, 30 Jul 2008, Larry Zhou wrote:
Hi Thomas,
I have run static analysis tool Klocwork on ncurses 5.6, as part of MySQL
code base.
( For more info about klocwork, click www.klocwork.com )
The very first I can see is this one.
155 tinfo/captoinfo.c
where there might be an overrun on boundary.
stackptr could be 16 at line 152, then it goes to else clause, that is
where
there is 1 over the boundary at stack[16]
the fix is easy, line 152, from > to >=.
The report generates 252 warnings, among them 100 are memory allocation
related, when you use malloc, it might return 0.
so you can not just dereference it without checking against null.
Of course there are lots of false positives to weed thru.
Are you interested in this FREE report? If so, I can send it your way.
yes (5.6 is a little old, but much of the report should apply - I'm
debugging ports to try to close out 5.7)
Thanks,
Larry
--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net