[cfe-dev] Clang Analysis of several open source projects.

David Blaikie dblaikie at gmail.com
Thu May 12 10:07:17 PDT 2011


>
> e.g.
> http://lbalbalba.freezoka.net/ccc-analyzer/scan-build-openssl-1.0.0d/report-x3HkoT.html#EndPathis bad analysis (the branch stuff needs to understand bitmaps to fix it -
> hmm, that could be a fun project).
>

With only a cursory glance at the code - it looks like it's parsing network
traffic. Is it possible that the data is not in the correct format and
malicious/erroneous packets could be null? Or is it that some up-front
validation was done, but the data wasn't permanently converted at that time
but still used as a raw (though now verified correct) byte buffer?
- David

-- 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS d+@ s++: a-- C++++ ULS++ P L++ !E W++ N+ o? K? w(+) O? M@ V? PS+ PE@
Y+ PGP- t(+) 5 X+ R tv+ b+ DI++ D++ G+ e++ h- r y?
------END GEEK CODE BLOCK------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20110512/68e20a32/attachment.html>


More information about the cfe-dev mailing list