Forum
Static analysis results
Ambeat
14 February 2016, 11:34
I performed static analysis on the Hiawtha 10.1 tarball using Clang and Cppcheck. Here are the results.
#### Clang Static Analyzer, Debian clang version 3.5.0-10
Command used: build-scan make
No problems found.
#### Cppcheck 1.67 -
Command used: cppcheck --force --enable=all src/
### Result: (Excluding style)
[src/tomahawk.c:133]: (error) Memory leak: new
[src/serverconfig.c:219]: (portability) Returning an integer in a function with pointer return type is not portable.
[src/serverconfig.c:237]: (portability) Returning an integer in a function with pointer return type is not portable.
[src/serverconfig.c:277]: (portability) Returning an integer in a function with pointer return type is not portable.
[src/challenge.c:70] -> [src/challenge.c:71]: (performance) Buffer 'secret' is being written before its old content has been used.
### Result: (Style only, excluding scope reduction warnings)
[src/alternative.c:70]: (style) Unused variable: c1
[src/alternative.c:70]: (style) Unused variable: c2
[src/session.h:93] -> [src/session.h:40]: (style) Variable 'location' hides enumerator with same name
[src/envir.c:117] -> [src/serverconfig.h:41]: (style) Variable 'root' hides enumerator with same name
[src/hiawatha.c:1113] -> [src/serverconfig.h:43]: (style) Function argument 'hiawatha' hides enumerator with same name
[src/httpauth.c:377] -> [src/serverconfig.h:42]: (style) Variable 'digest' hides enumerator with same name
[src/libstr.c:621] -> [src/libstr.c:621]: (style) Same expression on both sides of '<'.
[src/libstr.c:624] -> [src/libstr.c:624]: (style) Same expression on both sides of '>'.
[src/log.c:412] -> [src/session.h:39]: (style) Variable 'unknown' hides enumerator with same name
[src/memdbg.c:66]: (style) Variable 'self' is assigned a value that is never used.
[src/monitor.c:395] -> [src/libfs.h:20]: (style) Function argument 'error' hides enumerator with same name
[src/serverconfig.c:683] -> [src/serverconfig.c:35]: (style) Function argument 'binding' hides enumerator with same name
[src/serverconfig.c:1897] -> [src/serverconfig.c:35]: (style) Function argument 'directory' hides enumerator with same name
[src/serverconfig.c:2001] -> [src/serverconfig.c:35]: (style) Function argument 'binding' hides enumerator with same name
[src/serverconfig.c:2084] -> [src/serverconfig.c:35]: (style) Function argument 'fcgi_server' hides enumerator with same name
[src/serverconfig.c:2567] -> [src/serverconfig.c:35]: (style) Function argument 'binding' hides enumerator with same name
[src/serverconfig.c:1432] -> [src/liblist.h:19]: (style) Variable 'pwd' hides enumerator with same name
[src/target.c:1274]: (style) Variable 'code' is assigned a value that is never used.
[src/tomahawk.c:402] -> [src/serverconfig.h:42]: (style) Variable 'digest' hides enumerator with same name
[src/ssi-cgi.c:105]: (style) The function 'get_parameter' is never used.
[src/log.c:699]: (style) The function 'log_debug' is never used.
[src/memdbg.c:141]: (style) The function 'memdbg_calloc' is never used.
[src/memdbg.c:165]: (style) The function 'memdbg_strndup' is never used.
[src/tls.c:650]: (style) The function 'tls_shutdown' is never used.
#### Clang Static Analyzer, Debian clang version 3.5.0-10
Command used: build-scan make
No problems found.
#### Cppcheck 1.67 -
Command used: cppcheck --force --enable=all src/
### Result: (Excluding style)
[src/tomahawk.c:133]: (error) Memory leak: new
[src/serverconfig.c:219]: (portability) Returning an integer in a function with pointer return type is not portable.
[src/serverconfig.c:237]: (portability) Returning an integer in a function with pointer return type is not portable.
[src/serverconfig.c:277]: (portability) Returning an integer in a function with pointer return type is not portable.
[src/challenge.c:70] -> [src/challenge.c:71]: (performance) Buffer 'secret' is being written before its old content has been used.
### Result: (Style only, excluding scope reduction warnings)
[src/alternative.c:70]: (style) Unused variable: c1
[src/alternative.c:70]: (style) Unused variable: c2
[src/session.h:93] -> [src/session.h:40]: (style) Variable 'location' hides enumerator with same name
[src/envir.c:117] -> [src/serverconfig.h:41]: (style) Variable 'root' hides enumerator with same name
[src/hiawatha.c:1113] -> [src/serverconfig.h:43]: (style) Function argument 'hiawatha' hides enumerator with same name
[src/httpauth.c:377] -> [src/serverconfig.h:42]: (style) Variable 'digest' hides enumerator with same name
[src/libstr.c:621] -> [src/libstr.c:621]: (style) Same expression on both sides of '<'.
[src/libstr.c:624] -> [src/libstr.c:624]: (style) Same expression on both sides of '>'.
[src/log.c:412] -> [src/session.h:39]: (style) Variable 'unknown' hides enumerator with same name
[src/memdbg.c:66]: (style) Variable 'self' is assigned a value that is never used.
[src/monitor.c:395] -> [src/libfs.h:20]: (style) Function argument 'error' hides enumerator with same name
[src/serverconfig.c:683] -> [src/serverconfig.c:35]: (style) Function argument 'binding' hides enumerator with same name
[src/serverconfig.c:1897] -> [src/serverconfig.c:35]: (style) Function argument 'directory' hides enumerator with same name
[src/serverconfig.c:2001] -> [src/serverconfig.c:35]: (style) Function argument 'binding' hides enumerator with same name
[src/serverconfig.c:2084] -> [src/serverconfig.c:35]: (style) Function argument 'fcgi_server' hides enumerator with same name
[src/serverconfig.c:2567] -> [src/serverconfig.c:35]: (style) Function argument 'binding' hides enumerator with same name
[src/serverconfig.c:1432] -> [src/liblist.h:19]: (style) Variable 'pwd' hides enumerator with same name
[src/target.c:1274]: (style) Variable 'code' is assigned a value that is never used.
[src/tomahawk.c:402] -> [src/serverconfig.h:42]: (style) Variable 'digest' hides enumerator with same name
[src/ssi-cgi.c:105]: (style) The function 'get_parameter' is never used.
[src/log.c:699]: (style) The function 'log_debug' is never used.
[src/memdbg.c:141]: (style) The function 'memdbg_calloc' is never used.
[src/memdbg.c:165]: (style) The function 'memdbg_strndup' is never used.
[src/tls.c:650]: (style) The function 'tls_shutdown' is never used.
Hugo Leisink
14 February 2016, 17:48
Thanks! I will take a look at it.
Ambeat
15 February 2016, 19:30
You are welcome. I will regularly perform this and report back for future version. I may also do dynamic analysis and fuzzing.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
