Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed

From: "Philip Oakley" <philipoakley@iee.org>
To: "Koch, Rick \(Subcontractor\)" <Rick.Koch@tbe.com>,
	"Git List" <git@vger.kernel.org>
Subject: Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4
Date: Mon, 19 Aug 2013 21:03:21 +0100	[thread overview]
Message-ID: <33FCCE7A2CD5494B88F3C5CDBC341DFD@PhilipOakley> (raw)
In-Reply-To: 85C8141E5DAD94428A121F706995A31F010F116FDAD3@MX1.net.tbe.com

From: "Koch, Rick (Subcontractor)" <Rick.Koch@tbe.com>
Sent: Monday, August 19, 2013 6:09 PM
>I'm directing to this e-mail, as it seems to be the approved forum
>for posting Git bugs. We ran CPPCheck against Git v.1.8.3.4
>and found 24 high risk bugs. Please see the attachment xlsx.

>Is there a method to post to the Git community to allow the
>community to review and debunk as faults positive or develop
>patches to fix lists code files?

>v/r

>Roderick (Rick) Koch
>Information Assurance
>Rick.Koch@tbe.com

What OS version / CPPCheck version was this checked on?

In case other readers don't have a .xlsx reader here is Rick's list in 
plain text (may be white space damaged).

I expect some will be false positives, and some will just be being too 
cautious.

Philip

 description resourceFilePath fileName lineNumber
      nullPointer(CppCheck) \git-master\builtin\add.c add.c 286
      wrongPrintfScanfArgNum(CppCheck) \git-master\builtin\fetch.c
fetch.c 588
      nullPointer(CppCheck) \git-master\builtin\ls-files.c ls-files.c
144
      nullPointer(CppCheck) \git-master\builtin\merge.c merge.c 1208
      doubleFree(CppCheck) \git-master\builtin\notes.c notes.c 275
      nullPointer(CppCheck) \git-master\builtin\reflog.c reflog.c 437
      uninitvar(CppCheck) \git-master\builtin\rev-list.c rev-list.c 342
      uninitvar(CppCheck) \git-master\builtin\rev-list.c rev-list.c 342
      uninitvar(CppCheck) \git-master\compat\regex\regcomp.c regcomp.c
2803
      uninitvar(CppCheck) \git-master\compat\regex\regcomp.c regcomp.c
2802
      uninitvar(CppCheck) \git-master\compat\regex\regcomp.c regcomp.c
2805
      memleakOnRealloc(CppCheck) \git-master\compat\win32\syslog.c
syslog.c 46
      uninitvar(CppCheck)
\git-master\contrib\examples\builtin-fetch--tool.c builtin-fetch--tool.c
419
      uninitvar(CppCheck) \git-master\fast-import.c fast-import.c 2917
      nullPointer(CppCheck) \git-master\line-log.c line-log.c 638
      nullPointer(CppCheck) \git-master\mailmap.c mailmap.c 156
      uninitvar(CppCheck) \git-master\merge-recursive.c
merge-recursive.c 1887
      uninitvar(CppCheck) \git-master\notes.c notes.c 805
      uninitvar(CppCheck) \git-master\notes.c notes.c 805
      deallocret(CppCheck) \git-master\pretty.c pretty.c 677
      resourceLeak(CppCheck) \git-master\refs.c refs.c 3041
      doubleFree(CppCheck) \git-master\sequencer.c sequencer.c 924
      nullPointer(CppCheck) \git-master\sha1_file.c sha1_file.c 125
      doubleFree(CppCheck) \git-master\shell.c shell.c 130

next prev parent reply	other threads:[~2013-08-19 20:03 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-08-19 17:09 CPPCheck found 24 high risk bugs in Git v.1.8.3.4 Koch, Rick (Subcontractor)
2013-08-19 20:03 ` Philip Oakley [this message]
2013-08-19 20:40   ` Jeff King
2013-08-19 20:46     ` Junio C Hamano
2013-08-19 20:52       ` Johan Herland
     [not found]   ` <85C8141E5DAD94428A121F706995A31F010F116FDADE@MX1.net.tbe.com>
2013-08-19 21:46     ` Philip Oakley
2013-08-23 19:51       ` CPPCheck found 24 high risk bugs in Git v.1.8.3.4 (fetch.c L588) Philip Oakley
2013-08-19 22:55   ` CPPCheck found 24 high risk bugs in Git v.1.8.3.4 Philip Oakley
2013-08-19 23:15     ` Erik Faye-Lund
2013-08-20 14:33       ` Jeff King
2013-08-20 18:44       ` Andreas Schwab
2013-08-20 20:34         ` René Scharfe
2013-08-20 22:28           ` Erik Faye-Lund
2013-08-20 22:26         ` Erik Faye-Lund
2013-08-20 23:01           ` Andreas Schwab
2013-08-20 23:45             ` Junio C Hamano
2013-08-21  0:01             ` Erik Faye-Lund
2013-08-19 21:36 ` Stefan Beller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=33FCCE7A2CD5494B88F3C5CDBC341DFD@PhilipOakley \
    --to=philipoakley@iee.org \
    --cc=Rick.Koch@tbe.com \
    --cc=git@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).