epsilon-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: JITTER warnings with -fanalyzer


From: Luca Saiu
Subject: Re: JITTER warnings with -fanalyzer
Date: Thu, 06 May 2021 00:19:00 +0200
User-agent: Gnus (Gnus v5.13), GNU Emacs 27.0.50, x86_64-pc-linux-gnu

On 2021-05-01 at 19:23 +0200, Jose E. Marchesi wrote:

> Hi Luca, all.
>
> I built poke with the latest git GCC master using -fanalyzer.
> The following warnings in jitter show up.
>
> (I am not including the warning in gnulib modules.)
>
In jitterc I do not even bother freeing memory.  The resourced being
used are modest, and the program runs for a small fraction of a second
before writing the generated C files and exiting.

>    1608:../../jitter/jitterc/jitterc-generate.c:74:10: warning: leak of FILE
> 'res' [CWE-775] [-Wanalyzer-file-leak]

This seems superficially more interesting.  However the number of file
descriptors I use, for the entire lifetime of the program, is O(1).  No
denial of service attack is possible. with this, which is the point of
CWE-775  https://cwe.mitre.org/data/definitions/775.html

I have a strong temptation of ignoring this.

>    2376:../../jitter/jitterc/jitterc-scanner.c:2583:26: warning: dereference 
> of
> NULL 'b' [CWE-476] [-Wanalyzer-null-dereference]
>    2541:../../jitter/jitterc/jitterc-scanner.c:2595:30: warning: dereference 
> of
> NULL 'b' [CWE-476] [-Wanalyzer-null-dereference]
>    2723:../../jitter/jitterc/jitterc-scanner.c:2739:12: warning: leak of

False positive as far as I can tell.  This code is within a function
entirely generated by flex, and line numbers seem to match with my flex
version.  Does this analysis run inter-procedurally?  If so there might
be some real problem with its callers, even if I have my doubts.


This is interesting.  I should start running with -fanalyzer as well.

Thanks!

-- 
Luca Saiu
* My personal web site:  http://ageinghacker.net
* Jitter:                http://ageinghacker.net/projects/jitter
* GNU epsilon:           http://www.gnu.org/software/epsilon

I support everyone's freedom of mocking any opinion or belief, no
matter how deeply held, with open disrespect and the same unrelented
enthusiasm of a toddler who has just learned the word "poo".

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]