Static analysis

Sam Price thesamprice at gmail.com
Tue May 16 02:12:01 UTC 2023


Results from cppcheck

cpukit/include/sys/timetc.h:17:0: error: #error "no user-serviceable
parts inside" [preprocessorErrorDirective]
#error "no user-serviceable parts inside"
^
testsuites/samples/capture/test1.c:97:5: error: Uninitialized
variable: i [uninitvar]
    i++;
    ^
cpukit/libblock/src/diskdevs.c:151:5: error: Common realloc mistake:
'table' nulled but not freed upon failure [memleakOnRealloc]
    table = realloc(table, new_size * sizeof(*table));
    ^
cpukit/libfs/src/rfs/rtems-rfs-format.c:127:24: error: Signed integer
overflow for expression '1<<b'. [integerOverflow]
        if ((gigs & (1 << b)) != 0)
                       ^
cpukit/libfs/src/rfs/rtems-rfs-format.c:126:16: note: Assignment
'b=31', assigned value is 31
      for (b = 31; b > 0; b--)
               ^
cpukit/libfs/src/rfs/rtems-rfs-format.c:127:24: note: Integer overflow
        if ((gigs & (1 << b)) != 0)
                       ^
cpukit/libcrypt/crypt.c:43:19: error: syntax error [syntaxError]
static SLIST_HEAD(, crypt_format) cf_head = {
                  ^
cpukit/include/rtems/posix/timerimpl.h:70:0: error: #error
"POSIX_TIMER_RELATIVE == TIMER_ABSTIME" [preprocessorErrorDirective]
#error "POSIX_TIMER_RELATIVE == TIMER_ABSTIME"
^
cpukit/dtc/libfdt/fdt_ro.c:366:12: error: Uninitialized variable: err
[uninitvar]
   *lenp = err;
           ^
cpukit/libmisc/shell/main_i2cget.c:80:25: error: Uninitialized
variable: value [uninitvar]
      printf("0x%02x ", value[i]);
                        ^
cpukit/score/src/rbtreenext.c:45:1: error: There is an unknown macro
here somewhere. Configuration is required. If RB_GENERATE_NEXT is a
macro then please configure it. [unknownMacro]
RB_GENERATE_NEXT( RBTree_Control, RBTree_Node, Node, static )
^
cpukit/mghttpd/mongoose.c:1763:5: error: va_start() or va_copy()
called subsequently on 'ap_copy' without va_end() in between.
[va_start_subsequentCalls]
    va_copy(ap_copy, ap);
    ^
cpukit/mghttpd/mongoose.c:1770:5: error: va_start() or va_copy()
called subsequently on 'ap_copy' without va_end() in between.
[va_start_subsequentCalls]
    va_copy(ap_copy, ap);
    ^
cpukit/mghttpd/mongoose.c:1774:13: error: va_list 'ap_copy' was opened
but not closed by va_end(). [va_end_missing]
  return len;
            ^
cpukit/mghttpd/mongoose.c:1794:35: error: va_list 'ap' was opened but
not closed by va_end(). [va_end_missing]
  return mg_vprintf(conn, fmt, ap);
                                  ^
cpukit/mghttpd/mongoose.c:5156:14: error: va_list 'ap' was opened but
not closed by va_end(). [va_end_missing]
  return conn;
             ^
cpukit/score/src/rbtreeprev.c:44:1: error: There is an unknown macro
here somewhere. Configuration is required. If RB_GENERATE_PREV is a
macro then please configure it. [unknownMacro]
RB_GENERATE_PREV( RBTree_Control, RBTree_Node, Node, static inline )
^
cpukit/score/src/rbtreeinsert.c:43:1: error: There is an unknown macro
here somewhere. Configuration is required. If RB_GENERATE_INSERT_COLOR
is a macro then please configure it. [unknownMacro]
RB_GENERATE_INSERT_COLOR( RBTree_Control, RBTree_Node, Node, static inline )
^
bsps/shared/dev/rtc/ds1375.c:199:18: warning: Possible null pointer
dereference: buf [nullPointer]
  memcpy( d + 1, buf, len );
                 ^
bsps/shared/dev/rtc/ds1375.c:444:43: note: Calling function
'wr_bytes', 3rd argument '0' value is 0
  if ( 0 != wr_bytes( fd, DS1375_SEC_REG, 0, 0 ) ) {
                                          ^
bsps/shared/dev/rtc/ds1375.c:199:18: note: Null pointer dereference
  memcpy( d + 1, buf, len );
                 ^
cpukit/dev/i2c/eeprom.c:240:7: error: Uninitialized variable:
extra_address [legacyUninitvar]
  if (extra_address != 0 && (extra_address & (extra_address - 1)) != 0) {
      ^
cpukit/libtrace/record/record-stream-header.c:52:0: error: #error
"unexpected __INTPTR_WIDTH__" [preprocessorErrorDirective]
#error "unexpected __INTPTR_WIDTH__"
^
cpukit/libmisc/shell/shell_cmdset.c:75:5: error: Memory leak: aux [memleak]
    return rtems_shell_first_topic = aux;
    ^
cpukit/libmisc/shell/shell_cmdset.c:125:22: error: Uninitialized
variable: *next_ptr [uninitvar]
  while ((existing = *next_ptr) != NULL) {
                     ^
cpukit/dev/i2c/gpio-nxp-pca9535.c:58:10: error: Uninitialized
variable: in [uninitvar]
  *val = in[0] | (in[1] << 8);
         ^
cpukit/dev/i2c/xilinx-axi-i2c.c:294:44: error: Signed integer overflow
for expression '1<<31'. [integerOverflow]
  xilinx_axi_i2c_reg_write(bus, REG_GIE, 1 << 31);
                                           ^
cpukit/dev/i2c/xilinx-axi-i2c.c:619:20: error: Signed integer overflow
for expression '1<<31'. [integerOverflow]
  if ((bus->addr & ADDR_TEN) != 0)
                   ^
cpukit/dev/i2c/xilinx-axi-i2c.c:715:18: error: Signed integer overflow
for expression '1<<31'. [integerOverflow]
    bus->addr = (ADDR_TEN |
                 ^
testsuites/samples/fileio/init.c:216:34: warning: Possible null
pointer dereference: driver [nullPointer]
  printf ("erase nv disk: %s\n", driver);
                                 ^
testsuites/samples/fileio/init.c:193:24: note: Assignment
'driver=NULL', assigned value is 0
  const char* driver = NULL;
                       ^
testsuites/samples/fileio/init.c:197:21: note: Assuming condition is false
  for (arg = 1; arg < argc; arg++)
                    ^
testsuites/samples/fileio/init.c:216:34: note: Null pointer dereference
  printf ("erase nv disk: %s\n", driver);
                                 ^
cpukit/libmisc/shell/hexdump-odsyntax.c:430:12: error: Shifting 64-bit
value by 64 bits is undefined behaviour [shiftTooManyBits]
 n = (1ULL << (8 * isize)) - 1;
           ^
cpukit/libmisc/shell/hexdump-odsyntax.c:403:17: note: Assignment
'isize=sizeof(long)', assigned value is 8
  isize = sizeof(long);
                ^
cpukit/libmisc/shell/hexdump-odsyntax.c:430:12: note: Shift
 n = (1ULL << (8 * isize)) - 1;
           ^
cpukit/libtest/t-test.c:65:12: error: syntax error [syntaxError]
 LIST_HEAD(, T_destructor) destructors;
           ^
cpukit/score/src/percpudata.c:51:0: error: failed to expand
'RTEMS_LINKER_RWSET', it is invalid to use a preprocessor directive as
macro parameter [preprocessorErrorDirective]
#if defined(RTEMS_SMP)
^
cpukit/dev/serial/sc16is752-spi.c:56:60: error: Uninitialized
variable: &tx_cmd [uninitvar]
  msg_init(&msg[0], ctx->cs, ctx->speed_hz, 1, &unused[0], &tx_cmd);
                                                           ^
cpukit/dev/serial/sc16is752-spi.c:80:57: error: Uninitialized
variable: &tx_cmd [uninitvar]
  msg_init(&msg[0], ctx->cs, ctx->speed_hz, 1, &unused, &tx_cmd);
                                                        ^
cpukit/dev/serial/sc16is752-spi.c:102:57: error: Uninitialized
variable: &tx_cmd_0 [uninitvar]
  msg_init(&msg[0], ctx->cs, ctx->speed_hz, 1, &unused, &tx_cmd_0);
                                                        ^
cpukit/dev/serial/sc16is752-spi.c:104:57: error: Uninitialized
variable: &tx_cmd_1 [uninitvar]
  msg_init(&msg[2], ctx->cs, ctx->speed_hz, 1, &unused, &tx_cmd_1);
                                                        ^
cpukit/score/src/threadq.c:50:0: error: failed to expand
'RTEMS_STATIC_ASSERT', it is invalid to use a preprocessor directive
as macro parameter [preprocessorErrorDirective]
#if defined(RTEMS_SMP)
^
cpukit/libmisc/shell/print-ls.c:232:8: error: Common realloc mistake:
'array' nulled but not freed upon failure [memleakOnRealloc]
  if ((array =
       ^
cpukit/dev/i2c/sensor-lm75a.c:54:10: error: Uninitialized variable: in
[uninitvar]
  *val = in[0];
         ^
cpukit/dev/i2c/sensor-lm75a.c:102:11: error: Uninitialized variable:
in [uninitvar]
  *val = (in[0] << 8) | in[1];
          ^
cpukit/dev/i2c/ti-lm25066a.c:168:15: warning: Uninitialized variable:
words [uninitvar]
  values[0] = words[0];
              ^
cpukit/dev/i2c/ti-lm25066a.c:239:23: note: Assuming condition is false
        for (w = 0; w < (in[0] / 2); ++w, ++d, i += 2) {
                      ^
cpukit/dev/i2c/ti-lm25066a.c:243:39: note: Calling function
'ti_lm25066a_io_convert_block', 2nd argument 'data' value is <Uninit>
                                     &data[0],
                                      ^
cpukit/dev/i2c/ti-lm25066a.c:168:15: note: Uninitialized variable: words
  values[0] = words[0];
              ^
cpukit/libmisc/shell/dd-args.c:337:16: error: Uninitialized variables:
&tmp.set, &tmp.noset, &tmp.ctab_ [uninitvar]
  cp = bsearch(&tmp, clist, sizeof(clist) / sizeof(struct conv),
               ^
cpukit/libmisc/shell/main_rtrace.c:355:39: error: Signed integer
overflow for expression '1<<31'. [integerOverflow]
    const bool     irq = (header & (1 << 31)) == 0 ? false : true;
                                      ^
cpukit/telnetd/telnetd.c:73:13: error: syntax error [syntaxError]
  LIST_HEAD(, telnetd_session) free_sessions;
            ^
cpukit/score/src/rbtreeextract.c:43:1: error: There is an unknown
macro here somewhere. Configuration is required. If
RB_GENERATE_REMOVE_COLOR is a macro then please configure it.
[unknownMacro]
RB_GENERATE_REMOVE_COLOR( RBTree_Control, RBTree_Node, Node, static )
^
cpukit/libmd/md4.c:255:37: warning: Possible null pointer dereference:
X [nullPointer]
    for (i=0;i<=byte;i++)   XX[i] = X[i];
                                    ^
cpukit/libmd/md4.c:289:17: note: Calling function 'MD4Update', 2nd
argument 'NULL' value is 0
  MD4Update(MD, NULL, 0);
                ^
cpukit/libmd/md4.c:224:18: note: Assuming condition is Assuming
condition is false
  if (count == 0 && MDp->done) return;
                 ^
cpukit/libmd/md4.c:255:37: note: Null pointer dereference
    for (i=0;i<=byte;i++)   XX[i] = X[i];
                                    ^
cpukit/posix/src/pspinlock.c:45:0: error: failed to expand
'RTEMS_STATIC_ASSERT', it is invalid to use a preprocessor directive
as macro parameter [preprocessorErrorDirective]
#if defined(RTEMS_SMP)
^
cpukit/libfs/src/dosfs/msdos_format.c:452:24: error: Signed integer
overflow for expression '1<<b'. [integerOverflow]
      if ( (gigs & ( 1 << b) ) != 0 )
                       ^
cpukit/libfs/src/dosfs/msdos_format.c:451:15: note: Assignment 'b=31',
assigned value is 31
    for ( b = 31; b > 0; b-- ) {
              ^
cpukit/libfs/src/dosfs/msdos_format.c:452:24: note: Integer overflow
      if ( (gigs & ( 1 << b) ) != 0 )
                       ^
cpukit/libfs/src/dosfs/msdos_format.c:590:24: error: Signed integer
overflow for expression '1<<b'. [integerOverflow]
        if ((gigs & (1 << b)) != 0)
                       ^
cpukit/libfs/src/dosfs/msdos_format.c:589:16: note: Assignment 'b=31',
assigned value is 31
      for (b = 31; b > 0; b--)
               ^
cpukit/libfs/src/dosfs/msdos_format.c:590:24: note: Integer overflow
        if ((gigs & (1 << b)) != 0)
                       ^
cpukit/libblock/src/media.c:637:16: warning: Uninitialized variables:
partitions.begin, partitions.end, partitions.flags [uninitvar]
      .begin = partitions [i].begin,
               ^
cpukit/libblock/src/media.c:708:45: note: Calling function
'attach_and_mount_partitions', 2nd argument 'partitions' value is
<Uninit>
      sc = attach_and_mount_partitions(src, partitions, count);
                                            ^
cpukit/libblock/src/media.c:637:16: note: Uninitialized variables:
partitions.begin, partitions.end, partitions.flags
      .begin = partitions [i].begin,
               ^
cpukit/libblock/src/bdbuf.c:396:3: warning: Uninitialized variable: q
[uninitvar]
  q->avl.left = q->avl.right = NULL;
  ^
cpukit/libblock/src/bdbuf.c:361:12: note: Assuming condition is false
  while (p != NULL)
           ^
cpukit/libblock/src/bdbuf.c:396:3: note: Uninitialized variable: q
  q->avl.left = q->avl.right = NULL;
  ^

On Mon, May 15, 2023 at 9:31 PM Sam Price <thesamprice at gmail.com> wrote:
>
> Thanks Alex,
> I was able to run cppcheck.
> I had to install the newest cppcheck from source to get access to the
> --project flag.
> i ran
> bear ./waf
> and then
> cppcheck --project=compile_commands.json
>
> It returned a few static analysis errors if interested.
> I'll attach the results when it finishes running.
> It is possible I don't have this configured properly, and its using
> its own #defines
>
>
> On Mon, May 15, 2023 at 11:03 AM Alex White <alex.white at oarcorp.com> wrote:
> >
> > You should be able to use `bear` (https://github.com/rizsotto/Bear). I have it installed via my package manager.
> >
> > After a `./waf clean`, run `bear -- ./waf` to generate compile_commands.json. Then you should be able to run `cppcheck --project=compile_commands.json`.
> >
> > Alex
>
>
>
> --
> Sincerely,
>
> Sam Price



-- 
Sincerely,

Sam Price


More information about the devel mailing list