Mike Hearn wrote:
On Thu, 06 Apr 2006 20:39:00 +0100, Mike Hearn wrote:
Yes, this is awesome news, so far every one I have checked is a real bug.
OK, that was a bit over-enthusiastic. A few of these are more tricky. EG:
- One was wrong, it didn't track the fact that the given variable was
initialized by a subroutine
- Another (missing NULL ptr check in LoadTypeLibEx) is right, but, I don't
think we want to add lots of missing NULL arg checks in the public API implementations. An application will never pass NULL to this function directly as otherwise it'd not work at all, so, a crash with a NULL arg here probably is revealing some other bug.
Both of these were detected by internal inconsistencies. For example:
void foo(char *str) { *str = '\0'; ... if (str) strcpy(str, "bar"); }
It is NOT assuming that every function could receive a NULL, although it looks like it does analysis within the same file to see if the function could be called with NULL.
- It has identified a codepath through the server window station code
where a struct desktop could be dereffed without being initialized. But I am not sure if this codepath is logically possible. Somebody more familiar with that code (eg Alexandre) would have to check if it could actually ever be taken or not.
I have a patch for this and yes it is logically possible. (Don't argue with a computer over logic, it is far better than any human at it!)