2008/8/28 Austin English austinenglish@gmail.com:
I had a discussion with Dan about adding Flawfinder to the patchwatcher. Currently, it's got some pretty generic errors, but it seems able to test only patches, so we wouldn't be flooded with old nonbugs (or we could set up a blacklist of safe errors). For reference, I've run it on today's git. I'm attaching the full log, as well as a condensed version of the most common errors (1 per error type). Looks like a lot of chances for buffer overflows..
Thoughts?
+1
This looks good, but there does seem to be a large amount of noise and it seems to generate warnings without being able to identify correct usage.
These issues will need to be verified (i.e. the NULL DACLs used in the tests and the potential buffer overflows).
It would be interesting to see what results sparse and smatch generate, and if they (or valgrind) can be extended to identify these (with the possibility of ignoring them on correct usage) and more.
This could also be extended to the resources: checking that there are no duplicate mnemonics, that controls that need a label have one and other usability issues.
- Reece