[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #36492] Static Analysis on code 1.4.0
|
From: |
bayard |
|
Subject: |
[lwip-devel] [bug #36492] Static Analysis on code 1.4.0 |
|
Date: |
Tue, 22 May 2012 16:19:42 +0000 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20100101 Firefox/12.0 |
Follow-up Comment #4, bug #36492 (project lwip):
Please find below the results with modification on macro.
ABR : Buffer overflow, array index of 'hwaddr' may be out of bounds.
Array 'hwaddr' of size 6 may use index value(s) 6..15 :
/home/g133009/px100/Code/lwip/src/core/dhcp.c : 1683 : Critical :
Analyze
INFINITE_LOOP.LOCAL : Infinite loop :
/home/g133009/px100/Code/lwip/src/api/tcpip.c : 87 : Error : Analyze
NPD.CHECK.CALL.MUST : Pointer 'prev' checked for NULL at line 166 will
be passed to function and may be dereferenced there by passing
argument 2 to function 'ip_reass_dequeue_datagram' at line 203. :
/home/g133009/px100/Code/lwip/src/core/ipv4/ip_frag.c : 203 : Critical
: Analyze
NPD.CHECK.MIGHT : Pointer 'p_to' checked for NULL at line 873 may be
dereferenced at line 845. :
/home/g133009/px100/Code/lwip/src/core/pbuf.c : 845 : Critical :
Analyze
NPD.CHECK.MIGHT : Pointer 'to' checked for NULL at line 818 may be
dereferenced at line 820. :
/home/g133009/px100/Code/lwip/src/api/sockets.c : 820 : Critical :
Analyze
NPD.FUNC.MIGHT : Pointer 'buf' returned from call to function
'sys_arch_mbox_fetch' at line 371 may be NULL and may be dereferenced
at line 407. : /home/g133009/px100/Code/lwip/src/api/api_lib.c : 407 :
Critical : Analyze
NPD.FUNC.MUST : Pointer 'frame.descriptor' returned from call to
function 'ETH_RxPkt_ChainMode' at line 236 may be NULL and will be
dereferenced at line 257. :
/home/g133009/px100/Code/lwip/port/ethernetif/ethernetif.c : 257 :
Critical : Analyze
NPD.FUNC.MUST : Pointer 'q' returned from call to function 'mem_trim'
at line 450 may be NULL and will be dereferenced at line 454. :
/home/g133009/px100/Code/lwip/src/core/pbuf.c : 454 : Critical :
Analyze
NPD.FUNC.MUST : Pointer 'sock' returned from call to function
'tryget_socket' at line 1143 may be NULL and will be dereferenced at
line 1146. Also there is one similar error on line 1178. :
/home/g133009/px100/Code/lwip/src/api/sockets.c : 1146 : Critical :
Analyze
NPD.FUNC.MUST : Pointer 'msg' returned from call to function
'sys_timeouts_mbox_fetch' at line 91 may be NULL and will be
dereferenced at line 93. :
/home/g133009/px100/Code/lwip/src/api/tcpip.c : 93 : Critical :
Analyze
NPD.GEN.CALL.MIGHT : Null pointer 'prev' that comes from line 124 may
be passed to function and can be dereferenced there by passing
argument 2 to function 'ip_reass_free_complete_datagram' at line 143.
: /home/g133009/px100/Code/lwip/src/core/ipv4/ip_frag.c : 143 :
Critical : Analyze
NPD.GEN.CALL.MIGHT : Null pointer 'prev' that comes from line 234 may
be passed to function and can be dereferenced there by passing
argument 2 to function 'ip_reass_free_complete_datagram' at line 254.
: /home/g133009/px100/Code/lwip/src/core/ipv4/ip_frag.c : 254 :
Critical : Analyze
NPD.GEN.CALL.MIGHT : Null pointer 'ipr_prev' that comes from line 484
may be passed to function and can be dereferenced there by passing
argument 2 to function 'ip_reass_dequeue_datagram' at line 596. :
/home/g133009/px100/Code/lwip/src/core/ipv4/ip_frag.c : 596 : Critical
: Analyze
RNPD.DEREF : Suspicious dereference of pointer 'conn' before NULL
check at line 326 : /home/g133009/px100/Code/lwip/src/api/api_msg.c :
320 : Critical : Analyze
UNINIT.STACK.ARRAY.MIGHT : 'parts' array elements might be used
uninitialized in this function. Also there are 2 similar errors on
line(s) 233, 240. :
/home/g133009/px100/Code/lwip/src/core/ipv4/ip_addr.c : 226 : Critical
: Analyze
UNINIT.STACK.MIGHT : 'port' might be used uninitialized in this
function. : /home/g133009/px100/Code/lwip/src/api/sockets.c : 674 :
Critical : Analyze
UNINIT.STACK.MUST : 'naddr.addr' is used uninitialized in this
function. : /home/g133009/px100/Code/lwip/src/api/sockets.c : 1418 :
Critical : Analyze
UNINIT.STACK.MUST : 'port' is used uninitialized in this function. :
/home/g133009/px100/Code/lwip/src/api/sockets.c : 363 : Critical :
Analyze
UNINIT.STACK.MUST : 'naddr.addr' is used uninitialized in this
function. : /home/g133009/px100/Code/lwip/src/api/sockets.c : 364 :
Critical : Analyze
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?36492>
_______________________________________________
Message posté via/par Savannah
http://savannah.nongnu.org/
- [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, bayard, 2012/05/18
- [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/18
- [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/18
- [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Simon Goldschmidt, 2012/05/20
- [lwip-devel] [bug #36492] Static Analysis on code 1.4.0,
bayard <=
- Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/23
- Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Simon Goldschmidt, 2012/05/23
- Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/23
- Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/23
- Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Sylvain Rochet, 2012/05/23
- Re: [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/23
- [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Mason, 2012/05/24
- [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, bayard, 2012/05/25
- [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Simon Goldschmidt, 2012/05/29
- [lwip-devel] [bug #36492] Static Analysis on code 1.4.0, Simon Goldschmidt, 2012/05/29