Hello, thank you for your report. These issues should now be fixed on the git repository. Would you be able to check out the latest git and re-run your tool?
Thanks, Patrick On 08/19/2016 02:43 AM, [email protected] wrote: > This message originally contained an attachment that has been removed for > your protection. The removed attachment had a file extension that is commonly > used to package malicious content. If you were expecting the file, please > contact the sender to arrange for an alternate delivery option. If you have > questions about the attachment removal process, you are also welcome to > contact the IT Service Center at [email protected] or 303-735-4357 (5-HELP > from a campus phone). To learn more about these malicious file types, please > go to > http://www.colorado.edu/oit/services/messaging-collaboration/e-mail-delivery-management/email-attachments > . > > Dear GSL Developers, > > We have analyzed GSL-2.1 (also GSL-1.16) with our symbolic execution > (static) tool Canalyze [1] and detected 14 bugs, including following two > kinds: > 1) Use of undefined values (3): variables are not initialized and are used > later. > 2) Memory leak (11): do not free an allocated pointer. > We should point out that all the bugs are checked by ourselves, which maybe > false positives, i.e., the bugs will not happened in actuality. > > Our reports are very readable, which are attached with this email. Each > report depicts one bug detected. We have written a document, within the > attachment, for how to read the reports, which will cost your less than one > minute to read. For each of the bug report, the developers of other > applications analyzed by our tool gave the feedback of “I gave each bug no > more than 2 minutes to check whether the bug is a real bug ore a false > positive”. > > 1, An example of bug detected > One bug detected is exampled as followed: > > In the example above, we analyzed the function “gen_schur_standardize1()” of > the file “gen.c” (which is depicted in the complete report) and detected a > bug at line 1570 of this function: use the variable “top”, which is not > initialized. The “top” should be initialized at the true branch of “if” > statement at line 1565. However, there is another path that passes the false > branch, with “w->needtop” is false, and reach the statement at line 1570. > Thus, the bug is triggered. > > References > > [1] Canalyze, home page, http://lcs.ios.ac.cn/~xuzb/canalyze/index.html > > > > Xingming Wu > Institute of Software, Chinese Academy of Sciences > Beijing, China > Email: [email protected] > > > This message originally contained an attachment that has been removed for > your protection. The removed attachment had a file extension that is commonly > used to package malicious content.
