[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3d0587f1bbda00fd4b25c7d7d2922aaf@smtp.hushmail.com>
Date: Mon, 21 Jan 2013 08:06:28 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Static analysis of John using CppCheck
On 21 Jan, 2013, at 5:41 , Lukas Odzioba <lukas.odzioba@...il.com> wrote:
> Hi I used Cppcheck 1.55 (but newest is 1.58) to check unstable-jumbo.
> Here is link to results: http://ideone.com/BO7XVd - over 600 lines so
> I didn't want to post it here.
>
> We might look at potential mem leaks, and other errors. There are some
> "unused variables" style warnings - it would be good to get rid of
> them too.
> Is there a pressure for releasing jumbo asap?
> If no we we might try to run other tools too.
Unfortunately it seems line numbers are wrong (possibly after the "Too many #ifdef" messages) so it's hard to track.
Also, I checked most of the claimed "Buffer access out-of-bounds" and they are just false positives. Example:
memcpy(block, AFS_long_IV, 8);
Size of both are 8 so this is not out of bounds. But block is ARCH_WORD_32 so it seems Cppcheck tries to apply pointer arithmetic where it shouldn't. Same red herring in all cases I checked.
magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
