Re: [xml] GCC 10 analyzer findings
- From: Nick Wellnhofer <wellnhofer aevum de>
- To: noloader gmail com, xml gnome org
- Subject: Re: [xml] GCC 10 analyzer findings
- Date: Fri, 24 Jul 2020 12:36:20 +0200
On 16/07/2020 11:49, Jeffrey Walton via xml wrote:
I'm building libxml2-2.9.10 on Fedora 32 with GCC 10. GCC 10 includes
the analyzer. The analyzer can be enabled by adding -fanalyze to
CFLAGS and LDFLAGS.
The analyzer is producing some use-after-free and double-free findings
on libxml2-2.9.10.
I gave it a try and here are my observations:
xmlMalloc and similar entry points are function pointers. To make the static
analyzer understand that these are actually malloc calls, we need a special
configuration where xmlMalloc is defined as a macro or function.
libxml2 typically zeroes freshly allocated memory with memset and assumes this
initializes pointers with NULL. Although I haven't seen a platform where this
doesn't work, the C standard makes no such guarantee. To avoid false
positives, such pointers must be initialized in a different way.
There are quite a few bug reports about false positives with GCC's analyzer in
the initial release, so I'd wait for a newer release before giving it another
look.
Nick
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
