Hi, $ make -i -k # gcc-11 with -fanalyzer
gcc -Wall -W -O2 -fanalyzer -c -o buffer.o buffer.c gcc -Wall -W -O2 -fanalyzer -c -o carg_parser.o carg_parser.c gcc -Wall -W -O2 -fanalyzer -c -o global.o global.c gcc -Wall -W -O2 -fanalyzer -c -o io.o io.c gcc -Wall -W -O2 -fanalyzer -DPROGVERSION=\"1.17\" -c -o main.o main.c gcc -Wall -W -O2 -fanalyzer -c -o main_loop.o main_loop.c gcc -Wall -W -O2 -fanalyzer -c -o regex.o regex.c gcc -Wall -W -O2 -fanalyzer -c -o signal.o signal.c signal.c: In function ‘sighup_handler.part.0’: signal.c:57:9: warning: leak of ‘<unknown>’ [CWE-401] [-Wanalyzer-malloc-leak] 57 | if( len && hup ) /* hup filename */ | ^ ‘sighup_handler.part.0’: events 1-8 | | 49 | if( last_addr() && modified() && | | ^ | | | | | (1) following ‘true’ branch... |...... | 52 | char * const s = getenv( "HOME" ); | | ~~~~~~~~~~~~~~~~ | | | | | (2) ...to here | 53 | const int len = ( s ? strlen( s ) : 0 ); | | ~~~ | | | | | (3) following ‘false’ branch (when ‘s’ is NULL)... | 54 | const int need_slash = ( ( !len || s[len-1] != '/' ) ? 1 : 0 ); | 55 | char * const hup = ( ( len + need_slash + (int)sizeof hb < path_max( 0 ) ) ? | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ...to here | 56 | (char *) malloc( len + need_slash + sizeof hb ) : 0 ); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | | | | (6) ...to here (5) following ‘true’ branch... | | (7) allocated here | 57 | if( len && hup ) /* hup filename */ | | ~ | | | | | (8) ‘<unknown>’ leaks here; was allocated at (7) | gcc -Wall -W -O2 -fanalyzer -o ed buffer.o carg_parser.o global.o io.o main.o main_loop.o regex.o signal.o cat ./red.in > red chmod a+x red ================================================================================ $ scan-build make -i -k # clang-12 scan-build: Using '/usr/bin/clang-12' for static analysis /usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o buffer.o buffer.c /usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o carg_parser.o carg_parser.c carg_parser.c:239:27: warning: Potential leak of memory pointed to by 'non_options' [unix.Malloc] if( !tmp ) return 0; ^ 1 warning generated. /usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o global.o global.c global.c:94:10: warning: Access to field 'q_forw' results in a dereference of a null pointer (loaded from variable 'bp') [core.NullDereference] bp = bp->q_forw; ^~~~~~~~~~ 1 warning generated. /usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o io.o io.c /usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -DPROGVERSION=\"1.17\" -c -o main.o main.c /usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o main_loop.o main_loop.c /usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o regex.o regex.c /usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -c -o signal.o signal.c signal.c:183:21: warning: Array access (from variable 'buf') results in a null pointer dereference [core.NullDereference] while( ( buf[i++] = ( (*p == '\\' ) ? *++p : *p ) ) ) ~~~ ^ 1 warning generated. /usr/bin/../libexec/ccc-analyzer -Wall -W -O2 -o ed buffer.o carg_parser.o global.o io.o main.o main_loop.o regex.o signal.o cat ./red.in > red chmod a+x red scan-build: Analysis run complete. scan-build: 3 bugs found. scan-build: Run 'scan-view /tmp/scan-build-2021-03-09-135759-14937-1' to examine bug reports. ================================================================================ $ cppcheck --force -v . # cppcheck-2.3 (--enable=all is too verbose) Checking buffer.c ... Defines: Undefines: Includes: Platform:Native buffer.c:577:9: error: Memory pointed to by 'ustack' is freed twice. [doubleFree] free( ustack ); ^ buffer.c:568:28: note: Memory pointed to by 'ustack' is freed twice. if( ustack ) new_buf = realloc( ustack, new_size ); ^ buffer.c:577:9: note: Memory pointed to by 'ustack' is freed twice. free( ustack ); ^ 1/8 files checked 18% done Checking carg_parser.c ... Defines: Undefines: Includes: Platform:Native 2/8 files checked 27% done Checking global.c ... Defines: Undefines: Includes: Platform:Native 3/8 files checked 30% done Checking io.c ... Defines: Undefines: Includes: Platform:Native 4/8 files checked 41% done Checking main.c ... Defines: Undefines: Includes: Platform:Native 5/8 files checked 50% done Checking main_loop.c ... Defines: Undefines: Includes: Platform:Native 6/8 files checked 80% done Checking regex.c ... Defines: Undefines: Includes: Platform:Native 7/8 files checked 94% done Checking signal.c ... Defines: Undefines: Includes: Platform:Native Checking signal.c: SA_RESTART... Checking signal.c: SIGWINCH... Checking signal.c: TIOCGWINSZ... 8/8 files checked 100% done ================================================================================ Thanks.