On Fri, Feb 14, 2025 at 10:43:56AM +0000, Jakub Bronicki wrote: > Hello there,
Hello dnsmasq-discuss@lists.thekelleys.org.uk subscriber > I hope you're having a great day. > > Using the https://github.com/Ericsson/codechecker tool, Text from that URL: CodeChecker is a static analysis infrastructure built on the LLVM/Clang Static Analyzer toolchain, replacing scan-build in a Linux or macOS (OS X) development environment. > we conducted a static analysis of your software. We detected some > potentially critical vulnerabilities related to different areas. > > Please check the attached csv file <previously_attached_CSV_file> path,line no,error dnsmasq-2.90/src/rfc1035.c,546,The left expression of the compound assignment is an uninitialized value. The computed value will also be garbage dnsmasq-2.90/src/forward.c,1129,The left operand of '==' is a garbage value dnsmasq-2.90/src/cache.c,480,Dereference of null pointer dnsmasq-2.90/src/cache.c,480,Dereference of null pointer dnsmasq-2.90/src/network.c,1389,Division by zero dnsmasq-2.90/src/edns0.c,502,Memory copy function accesses out-of-bound array element dnsmasq-2.90/src/rrfilter.c,432,Array is indexed with a negative value. Possible integer overflow dnsmasq-2.90/src/util.c,776,Array is indexed with a negative value. Possible integer overflow dnsmasq-2.90/src/util.c,778,Array is indexed with a negative value. Possible integer overflow dnsmasq-2.90/src/domain-match.c,280,Array is indexed with a negative value. Possible integer overflow dnsmasq-2.90/src/domain-match.c,280,Array is indexed with a negative value. Possible integer overflow dnsmasq-2.90/src/domain-match.c,291,Array is indexed with a negative value. Possible integer overflow dnsmasq-2.90/src/domain-match.c,305,Array is indexed with a negative value. Possible integer overflow dnsmasq-2.90/src/option.c,2657,Shifting 64-bit value by 64 bits is undefined behaviour. See condition at line 2663. </previously_attached_CSV_file> > and make corrections. Oh, transmission error detected. But that doesn't mind. I do like the idea of static analysis of on software. I'm fairly sure that the very same idea would be much better when against latest version in SCM, Source Code Management, ( "git" ). > Best regards, > Ericsson Team Regards Geert Stappers -- Silence is hard to parse _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
