> if CONFIG_DEBUG_ASSERTIONS then __assert() is called. __assert() is a no-return function. In that case, it is impossible to reach the code that uses the pointer.
The usages of the pointers occur before DEBUGASSERT() is called: Bug 1-3 <https://github.com/apache/nuttx/blob/master/sched/signal/sig_dispatch.c#L336>: 'info' and 'stcb' are dereferenced on L331 whereas the DEBUGASSERT is L336 Bug 6 <https://github.com/apache/nuttx/blob/master/drivers/net/netdev_upperhalf.c#L169>: 'dev' is dereferenced on L169 whereas the DEBUGASSERT() is on L171 Bug 7 <https://github.com/apache/nuttx/blob/master/sched/task/task_init.c#L91>: 'tcb' is dereferenced on L91 whereas DEBUGASSERT() is on L99 On Tue, Oct 10, 2023 at 8:27 PM Xiang Xiao <xiaoxiang781...@gmail.com> wrote: > There are patch to integrate the CodeChecker into ci: > https://github.com/apache/nuttx/pull/7114 > https://github.com/apache/nuttx/pull/7090 > you can follow them for cppcheck too. > The hard problem is that tools normally report many false alarms which make > it impractical to enable the check in ci/cd. > > On Wed, Oct 11, 2023 at 2:34 AM Daniel Appiagyei > <daniel.appiag...@braincorp.com.invalid> wrote: > > > Hey, > > I was running the [cppcheck](https://cppcheck.sourceforge.io/) static > > analysis tool, found a few potential bugs, and wrote the following to > share > > how tools like this can help us ensure the integrity of our code. The > > following are some bugs found. If anyone is interested in running > cppcheck > > on their project, scroll to the bottom for a HOW-TO. Is using a static > > analysis tool like this something we'd be interested in adding to ci/cd? > > > > *The following were found in NuttX 12.2.1* > > ## Null pointer dereference > > #### 1: sched/signal/sig_dispatch.c:325 > > ``` > > src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: warning: Either the > > condition 'info!=NULL' is redundant or there is possible null pointer > > dereference: info. [nullPointerRedundantCheck] > > stcb, stcb->pid, info->si_signo, info->si_code, > > > > > > ^ > > > > > > src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that > > condition 'info!=NULL' is not redundant > > > > DEBUGASSERT(stcb != NULL && info != NULL); > > > > > > ^ > > > > > > src/deps/nuttx/sched/signal/sig_dispatch.c:325:26: note: Null pointer > > dereference > > > > stcb, stcb->pid, info->si_signo, info->si_code, > > > > > > ^ > > > > > > ``` > > > > #### 2: sched/signal/sig_dispatch.c:326 > > ``` > > src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: warning: Either the > > condition 'info!=NULL' is redundant or there is possible null pointer > > dereference: info. [nullPointerRedundantCheck] > > info->si_value.sival_int, > > > > > > ^ > > src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that > > condition 'info!=NULL' is not redundant > > DEBUGASSERT(stcb != NULL && info != NULL); > > ^ > > src/deps/nuttx/sched/signal/sig_dispatch.c:326:9: note: Null pointer > > dereference > > info->si_value.sival_int, > > ^ > > ``` > > > > #### 3: sched/signal/sig_dispatch.c:327 > > ``` > > src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: warning: Either the > > condition 'info!=NULL' is redundant or there is possible null pointer > > dereference: info. [nullPointerRedundantCheck] > > sigismember(&stcb->sigprocmask, info->si_signo) == 1 ? "YES" : > > "NO"); > > ^ > > src/deps/nuttx/sched/signal/sig_dispatch.c:329:36: note: Assuming that > > condition 'info!=NULL' is not redundant > > DEBUGASSERT(stcb != NULL && info != NULL); > > ^ > > src/deps/nuttx/sched/signal/sig_dispatch.c:327:41: note: Null pointer > > dereference > > sigismember(&stcb->sigprocmask, info->si_signo) == 1 ? "YES" : > > "NO"); > > ^ > > ``` > > > > #### 4: src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42 > > ``` > > src/deps/nuttx/libs/libc/stdlib/lib_mbstowcs.c:42:36: error: Null pointer > > dereference [nullPointer] > > > > return mbsrtowcs(dst, &src, len, NULL); > > > > > > ^ > > ``` > > > > #### 5: nuttx/libs/libc/stdlib/lib_wcstombs.c:38 > > ``` > > src/deps/nuttx/libs/libc/stdlib/lib_wcstombs.c:38:36: error: Null pointer > > dereference [nullPointer] > > return wcsrtombs(dst, &src, len, NULL); > > ``` > > > > #### 6: drivers/net/netdev_upperhalf.c:168 > > ``` > > src/deps/nuttx/drivers/net/netdev_upperhalf.c:168:42: warning: Either the > > condition 'dev' is redundant or there is possible null pointer > dereference: > > dev. [nullPointerRedundantCheck] > > FAR struct netdev_upperhalf_s *upper = dev->d_private; > > ^ > > src/deps/nuttx/drivers/net/netdev_upperhalf.c:170:15: note: Assuming that > > condition 'dev' is not redundant > > DEBUGASSERT(dev && pkt); > > ^ > > src/deps/nuttx/drivers/net/netdev_upperhalf.c:168:42: note: Null pointer > > dereference > > FAR struct netdev_upperhalf_s *upper = dev->d_private; > > ^ > > ``` > > > > #### 7: sched/task/task_init.c:90 > > ``` > > src/deps/nuttx/sched/task/task_init.c:90:19: warning: Either the > condition > > 'tcb' is redundant or there is possible null pointer dereference: tcb. > > [nullPointerRedundantCheck] > > uint8_t ttype = tcb->cmn.flags & TCB_FLAG_TTYPE_MASK; > > ^ > > src/deps/nuttx/sched/task/task_init.c:96:15: note: Assuming that > condition > > 'tcb' is not redundant > > DEBUGASSERT(tcb && ttype != TCB_FLAG_TTYPE_PTHREAD); > > ^ > > ``` > > > > ## Signed integer overflow > > The [C standard]( > > > > > https://www.gnu.org/software/autoconf/manual/autoconf-2.63/html_node/Integer-Overflow-Basics.html > > ) > > treats _signed_ integer overflow as undefined behavior. > > #### 8: arch/arm/src/armv7-m/arm_fpuconfig.c:75 > > ``` > > src/deps/nuttx/arch/arm/src/armv7-m/arm_fpuconfig.c:75:15: error: Signed > > integer overflow for expression '1<<31'. [integerOverflow] > > > > regval &= ~(NVIC_FPCCR_ASPEN | NVIC_FPCCR_LSPEN); > > ``` > > > > #### 9: arch/arm/src/armv7-m/arm_hardfault.c:169 > > ``` > > src/deps/nuttx/arch/arm/src/armv7-m/arm_hardfault.c:169:19: error: Signed > > integer overflow for expression '1<<31'. [integerOverflow] > > else if (hfsr & NVIC_HFAULTS_DEBUGEVT) > > ``` > > > > ## Buffer Overflow > > #### 10: nuttx/tools/mkdeps.c:795 > > ``` > > src/deps/nuttx/tools/mkdeps.c:795:12: warning: Either the condition > > 'cmdlen>=10240' is redundant or the array 'g_command[10240]' is accessed > at > > index 10240, which is out of bounds. [arrayIndexOutOfBoundsCond] > > g_command[cmdlen] = '\0'; > > ^ > > src/deps/nuttx/tools/mkdeps.c:781:18: note: Assuming that condition > > 'cmdlen>=10240' is not redundant > > if (cmdlen >= MAX_BUFFER) > > ^ > > src/deps/nuttx/tools/mkdeps.c:794:3: note: cmdlen is incremented', new > > value is 10240 > > cmdlen++; > > ^ > > src/deps/nuttx/tools/mkdeps.c:795:12: note: Array index out of bounds > > g_command[cmdlen] = '\0'; > > ^ > > ``` > > > > ## Uninitialized Variable > > #### 11: src/deps/nuttx/tools/mkdeps.c:138 > > ``` > > src/deps/nuttx/tools/mkdeps.c:138:23: warning: Uninitialized variable: > > *saveptr [uninitvar] > > else if (saveptr && *saveptr) > > ^ > > src/deps/nuttx/tools/mkdeps.c:962:39: note: Calling function > 'my_strtok_r', > > 3rd argument '&lasts' value is <Uninit> > > while ((file = strtok_r(files, " ", &lasts)) != NULL) > > ^ > > src/deps/nuttx/tools/mkdeps.c:138:23: note: Uninitialized variable: > > *saveptr > > else if (saveptr && *saveptr) > > ^ > > ``` > > > > ## Background > > I needed a way to create a [compile_commands.json]( > > > > > https://cmake.org/cmake/help/latest/variable/CMAKE_EXPORT_COMPILE_COMMANDS.html > > ) > > from `make`, so I installed [bear](https://github.com/rizsotto/Bear) > from > > my ubuntu package manager. I cloned `cppcheck` from its [github repo]( > > https://github.com/danmar/cppcheck) and built it by following the [cmake > > instructions](https://github.com/danmar/cppcheck#cmake). > > > > Next, I ran `make clean` followed by `bear make` on my project, which > > generated the `compile_commands.json`. > > Then, I ran: > > ``` > > >>> /path/to/build/bin/cppcheck --version > > Cppcheck 2.13 dev > > > > >>> /path/to/build/bin/cppcheck --project=/path/to/compile_commands.json > > -j8 --std=c++11 --std=c89 --quiet --enable=warning > > ``` > > > > -- > > > > > > *Daniel Appiagyei | Embedded Software Engineer* > > > -- *Daniel Appiagyei | Embedded Software Engineer*
