https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108252
--- Comment #7 from Илья Шипицин <chipitsine at gmail dot com> --- (In reply to David Malcolm from comment #6) > (In reply to Илья Шипицин from comment #5) > > thank you, David! > > > > I'll rerun haproxy check soon > > Note that I haven't yet fixed bug 108251, so I don't know how useful the > results will be to you :/ > > FWIW I've added a build of haproxy-2.7.1 with -fanalyzer to my integration > tests of -fanalyzer: > https://github.com/davidmalcolm/gcc-analyzer-integration-tests > to try to track the output. > > Prior to the above patch I got this from gcc trunk with haproxy-2.7.1: > > warning: 185 > - -Wanalyzer-null-dereference dereference of NULL ‘0’: 17 > - -Wanalyzer-null-dereference dereference of NULL ‘conn’: 14 > - -Wanalyzer-malloc-leak leak of ‘b’: 11 > - -Wanalyzer-malloc-leak leak of ‘<unknown>’: 10 > - -Wanalyzer-malloc-leak leak of ‘strdup(args[1])’: 8 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘sl.rq.m.ptr’: 7 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘sl.rq.u.ptr’: 7 > - -Wanalyzer-malloc-leak leak of ‘strdup(tmp)’: 5 > - -Wanalyzer-fd-leak leak of file descriptor ‘*rx.fd’: 4 > - -Wanalyzer-null-dereference dereference of NULL ‘fstrm’: 4 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘sl.rq.v.ptr’: 4 > - -Wanalyzer-out-of-bounds heap-based buffer under-read: 3 > - -Wanalyzer-malloc-leak leak of ‘u’: 3 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘sl.rq.u.len’: 3 > - -Wanalyzer-null-dereference dereference of NULL ‘s’: 3 > - -Wanalyzer-malloc-leak leak of ‘strdup(&buf)’: 2 > - -Wanalyzer-null-dereference dereference of NULL ‘ret’: 2 > - -Wanalyzer-malloc-leak leak of ‘chk.area’: 2 > - -Wanalyzer-fd-leak leak of file descriptor ‘socket(1, 1, 0)’: 2 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘ring.buf.data’: 2 > - -Wanalyzer-deref-before-check check of ‘meth’ for NULL after already > dereferencing it: 2 > - -Wanalyzer-deref-before-check check of ‘uri’ for NULL after already > dereferencing it: 2 > - -Wanalyzer-deref-before-check check of ‘vsn’ for NULL after already > dereferencing it: 2 > - -Wanalyzer-allocation-size allocated buffer size is not a multiple of the > pointee's size: 2 > - -Wanalyzer-deref-before-check check of ‘etag_buffer’ for NULL after > already dereferencing it: 2 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘*(unsigned int *)memPtr’: 2 > - -Wanalyzer-deref-before-check check of ‘result’ for NULL after already > dereferencing it: 2 > - -Wanalyzer-possible-null-dereference dereference of possibly-NULL ‘p’: 2 > - -Wanalyzer-null-argument use of NULL ‘params’ where non-null expected: 2 > - -Wanalyzer-null-dereference dereference of NULL ‘uri’: 2 > - -Wanalyzer-deref-before-check check of ‘dash’ for NULL after already > dereferencing it: 2 > - -Wanalyzer-fd-leak leak of file descriptor: 1 > - -Wanalyzer-malloc-leak leak of ‘calloc((long unsigned int)(hdr_num + 1), > 32)’: 1 > - -Wanalyzer-malloc-leak leak of ‘node’: 1 > - -Wanalyzer-malloc-leak leak of ‘malloc((long unsigned int)(len + 1))’: 1 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value ‘data’: 1 > - -Wanalyzer-malloc-leak leak of ‘newkey’: 1 > - -Wanalyzer-possible-null-dereference dereference of possibly-NULL ‘p1’: 1 > - -Wanalyzer-malloc-leak leak of ‘conf_err’: 1 > - -Wanalyzer-malloc-leak leak of ‘new_conf_err’: 1 > - -Wanalyzer-malloc-leak leak of ‘strdup(*args_21(D) + _3)’: 1 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘*(struct lru64 *)_117 = PHI <_8(16), troot_4(13), ret_106(24)>.revision’: 1 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘*(struct lru64 *)_117 = PHI <_8(16), troot_4(13), ret_106(24)>.lru.n’: 1 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘*(struct lru64 *)_117 = PHI <_8(16), troot_4(13), ret_106(24)>.lru.p’: 1 > - -Wanalyzer-malloc-leak leak of ‘*lru.spare’: 1 > - -Wanalyzer-malloc-leak leak of ‘strdup(*args_18(D) + _4)’: 1 > - -Wanalyzer-possible-null-dereference dereference of possibly-NULL ‘dst’: 1 > - -Wanalyzer-use-after-free use after ‘free’ of ‘link’: 1 > - -Wanalyzer-malloc-leak leak of ‘strdup(backing)’: 1 > - -Wanalyzer-possible-null-dereference dereference of possibly-NULL ‘comp’: > 1 > - -Wanalyzer-malloc-leak leak of ‘fconf’: 1 > - -Wanalyzer-malloc-leak leak of ‘strdup("/haproxy?stats")’: 1 > - -Wanalyzer-malloc-leak leak of ‘strdup(".internal-stats-userlist")’: 1 > - -Wanalyzer-malloc-leak leak of ‘calloc(1, 72)’: 1 > - -Wanalyzer-malloc-leak leak of ‘strdup(*args_153(D) + _49)’: 1 > - -Wanalyzer-deref-before-check check of ‘ext_child’ for NULL after already > dereferencing it: 1 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘sl.rq.m.len’: 1 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘sl.rq.v.len’: 1 > - -Wanalyzer-malloc-leak leak of ‘vph’: 1 > - -Wanalyzer-null-argument use of NULL where non-null expected: 1 > - -Wanalyzer-null-dereference dereference of NULL ‘value’: 1 > - -Wanalyzer-malloc-leak leak of ‘wl’: 1 > - -Wanalyzer-double-free double-‘free’ of ‘*wl.s’: 1 > - -Wanalyzer-double-free double-‘free’ of ‘wl’: 1 > - -Wanalyzer-malloc-leak leak of ‘rule’: 1 > - -Wanalyzer-malloc-leak leak of ‘progname’: 1 > - -Wanalyzer-out-of-bounds buffer over-read: 1 > - -Wanalyzer-fd-leak leak of file descriptor ‘fd’: 1 > - -Wanalyzer-null-dereference dereference of NULL ‘srv’: 1 > - -Wanalyzer-possible-null-argument use of possibly-NULL > ‘*curproxy.lbprm.arg_str’ where non-null expected: 1 > - -Wanalyzer-use-of-uninitialized-value use of uninitialized value > ‘parser’: 1 > - -Wanalyzer-null-dereference dereference of NULL ‘sl’: 1 > - -Wanalyzer-null-dereference dereference of NULL ‘dht’: 1 > - -Wanalyzer-malloc-leak leak of ‘malloc(*_ctr.size)’: 1 > - -Wanalyzer-null-dereference dereference of NULL ‘remote’: 1 > - -Wanalyzer-malloc-leak leak of ‘strdup(trash.area)’: 1 > - -Wanalyzer-malloc-leak leak of ‘strdup(id)’: 1 > - -Wanalyzer-malloc-leak leak of ‘strdup(file)’: 1 > - -Wanalyzer-malloc-leak leak of ‘strdup(arg)’: 1 > - -Wanalyzer-malloc-leak leak of ‘cp’: 1 > - -Wanalyzer-malloc-leak leak of ‘tctx’: 1 > > and the effect of the above gcc patch to the haproxy-2.7.1 results is: > > Number of occurrences 8 -> 4 (-4) for issue "-Wanalyzer-malloc-leak leak > of ‘strdup(args[1])’" > Number of occurrences 2 -> 1 (-1) for issue "-Wanalyzer-malloc-leak leak > of ‘strdup(&buf)’" > Number of occurrences 3 -> 1 (-2) for issue "-Wanalyzer-malloc-leak leak > of ‘u’" > Number of occurrences 2 -> 1 (-1) for issue "-Wanalyzer-deref-before-check > check of ‘result’ for NULL after already dereferencing it" > New issue "-Wanalyzer-malloc-leak leak of ‘*ctx.prefix’" (1 occurence) > New issue "-Wanalyzer-malloc-leak leak of ‘logsrv’" (1 occurence) > Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(tmp)’" > Eliminated issue "-Wanalyzer-malloc-leak leak of ‘newkey’" > Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(*args_21(D) + > _3)’" > Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(*args_18(D) + > _4)’" > Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(backing)’" > Eliminated issue "-Wanalyzer-malloc-leak leak of > ‘strdup("/haproxy?stats")’" > Eliminated issue "-Wanalyzer-malloc-leak leak of > ‘strdup(".internal-stats-userlist")’" > Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(*args_153(D) + > _49)’" > Eliminated issue "-Wanalyzer-malloc-leak leak of ‘progname’" > Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(trash.area)’" > Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(id)’" > Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(file)’" > Eliminated issue "-Wanalyzer-malloc-leak leak of ‘strdup(arg)’" > > I haven't yet dug into to see the details to classify things as true/false > positives. I expect there are still a *lot* of false positives (sorry!) yep, those two issues were two reviewed findings. after them fixed we would like to move to remaining findings :) thank you for taking care of them as well, hopefully there are still many false positive. as far as I guess, RedHat would like to implement quality gate for building RPM packages by enabling "-fanalyzer" flag ? it would be nice.
