Re: Some possible defects in the source code

Thu, 04 Aug 2016 07:48:51 -0700 

Fixes for all these issues are now commited. Thanks!

.... Ken


On 3 August 2016 at 03:37,  <support.a...@npo-echelon.ru> wrote:
> Greetings!
>
> We've checked your source code with static analyzer 
> "AppChecker":https://npo-echelon.ru/en/solutions/appchecker.php and found 
> some possible defects in your source code:
>
> 1)
> File - src/usr.sbin/map-mbone/mapper.c, line 498
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/map-mbone/mapper.c?rev=1.23
>
>             if (nb_i->addr == nb_n->addr) {
>                 if (nb_i->metric != nb_n->metric
>                 || nb_i->threshold != nb_i->threshold)
>
> nb_i->threshold is comparing with itself. I guess there should be nb_n
>
> 2)
> File - src/sbin/pfctl/pfctl_optimize.c, line 1078
> http://cvsweb/src/sbin/pfctl/pfctl_optimize.c?rev=1.35&content-type=text/x-cvsweb-markup
>
>         if (strcmp(a->dst.addr.v.ifname, b->dst.addr.v.ifname) != 0 ||
>             a->dst.addr.iflags != a->dst.addr.iflags ||
>             memcmp(&a->dst.addr.v.a.mask, &b->dst.addr.v.a.mask,
>             sizeof(a->dst.addr.v.a.mask)))
>
>
> a->dst.addr.iflags is comparing with itself. I guess it should be b->
>
> 3)
> File - src/sbin/pfctl/pfctl_optimize.c, line 1150
> http://cvsweb/src/sbin/pfctl/pfctl_optimize.c?rev=1.35&content-type=text/x-cvsweb-markup
>
> if (strcmp(a->src.addr.v.ifname, b->src.addr.v.ifname) != 0 ||
>             a->src.addr.iflags != a->src.addr.iflags ||
>             memcmp(&a->src.addr.v.a.mask, &b->src.addr.v.a.mask,
>             sizeof(a->src.addr.v.a.mask)))
>
>
> a->src.addr.iflags is comparing with itself. I guess it should be b->
>
> 4)
> File - src/usr.sbin/mtrace/mtrace.c, line 1060
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/mtrace/mtrace.c?rev=1.35
>
> if ((n->tr_inaddr != b->tr_inaddr) || (n->tr_inaddr != b->tr_inaddr))
>
> (n->tr_inaddr != b->tr_inaddr) is checked twice
>
> 5)
> File - src/usr.bin/infocmp/infocmp.c, line 631
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.bin/infocmp/infocmp.c
>
> if (strnames[i][0] == 'k' && strnames[i][0] == 'f')
>
> strnames[i][0] can't be equal to 'k' and 'f' at the same time - so the 
> expression is always false.
>
> All these possible defects were found by Echelon team with AppChecker static 
> analyzer.
>
>
>

Reply via email to