Adding Flawfinder to Patchwatcher
Reece Dunn
msclrhd at googlemail.com
Sun Aug 31 06:59:01 CDT 2008
2008/8/28 Austin English <austinenglish at gmail.com>:
> I had a discussion with Dan about adding Flawfinder to the
> patchwatcher. Currently, it's got some pretty generic errors, but it
> seems able to test only patches, so we wouldn't be flooded with old
> nonbugs (or we could set up a blacklist of safe errors). For
> reference, I've run it on today's git. I'm attaching the full log, as
> well as a condensed version of the most common errors (1 per error
> type). Looks like a lot of chances for buffer overflows..
>
> Thoughts?
+1
This looks good, but there does seem to be a large amount of noise and
it seems to generate warnings without being able to identify correct
usage.
These issues will need to be verified (i.e. the NULL DACLs used in the
tests and the potential buffer overflows).
It would be interesting to see what results sparse and smatch
generate, and if they (or valgrind) can be extended to identify these
(with the possibility of ignoring them on correct usage) and more.
This could also be extended to the resources: checking that there are
no duplicate mnemonics, that controls that need a label have one and
other usability issues.
- Reece
More information about the wine-devel
mailing list