wine-devel Digest, Vol 37, Issue 111

Austin English austinenglish at gmail.com
Tue Sep 2 10:08:37 CDT 2008 

On Mon, Sep 1, 2008 at 3:42 PM, Tim Schwartz <tim at sanityinternet.com> wrote:
> So Austin, have you had a chance to have a discussion with Dan about
> adding flawfinder to patchwatcher?
>
> On Aug 31, 2008, at 4:12 AM, wine-devel-request at winehq.org wrote:
>
>> Send wine-devel mailing list submissions to
>>    wine-devel at winehq.org
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>    http://www.winehq.org/mailman/listinfo/wine-devel
>> or, via email, send a message with subject or body 'help' to
>>    wine-devel-request at winehq.org
>>
>> You can reach the person managing the list at
>>    wine-devel-owner at winehq.org
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of wine-devel digest..."
>>
>>
>> Today's Topics:
>>
>>   1. Adding Flawfinder to Patchwatcher (Austin English)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Thu, 28 Aug 2008 15:59:20 -0500
>> From: "Austin English" <austinenglish at gmail.com>
>> Subject: Adding Flawfinder to Patchwatcher
>> To: "wine-devel at winehq.org" <wine-devel at winehq.org>
>> Message-ID:
>>    <b6bb06270808281359o1d1258f9m1af82eddbb763f32 at mail.gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> I had a discussion with Dan about adding Flawfinder to the
>> patchwatcher. Currently, it's got some pretty generic errors, but it
>> seems able to test only patches, so we wouldn't be flooded with old
>> nonbugs (or we could set up a blacklist of safe errors). For
>> reference, I've run it on today's git. I'm attaching the full log, as
>> well as a condensed version of the most common errors (1 per error
>> type). Looks like a lot of chances for buffer overflows..
>>
>> Thoughts?
>>
>> -Austin
>> -------------- next part --------------
>> An embedded and charset-unspecified text was scrubbed...
>> Name: flaws.txt
>> Url: http://www.winehq.org/pipermail/wine-devel/attachments/20080828/fca404cc/attachment-0044.txt
>> -------------- next part --------------
>> An embedded and charset-unspecified text was scrubbed...
>> Name: trimmed.txt
>> Url: http://www.winehq.org/pipermail/wine-devel/attachments/20080828/fca404cc/attachment-0045.txt
>>
>> ------------------------------
>>
>> _______________________________________________
>> wine-devel mailing list  -  wine-devel at winehq.org
>> http://www.winehq.org/mailman/listinfo/wine-devel
>>
>>
>> End of wine-devel Digest, Vol 37, Issue 111
>> *******************************************
>
>
>

Seems Flawfinder is a bit too paranoid/dumb and flags every possible
error, even ones that are non issues. Most people didn't seem to like
the idea of integrating Flawfinder as a result. I've found a few other
static analysis tools, I'm going to try them over the next few days
and see if I can find one that gives a better balance.

-Austin

More information about the wine-devel mailing list