Hello,
clang is indeed a great tool but since it does a lot more than just
static analysis.
For those cases where one wants source code analysis, especially
security oriented, I'd recommend flawfinder
[http://www.dwheeler.com/flawfinder].
This is a very good tool and it exists in the official repos for Debian,
Ubuntu and FC [and probably many others but these I checked]. It can
operate on both C and C++ source files [less relevant for the PHP engine
but good to know, right?].
I ran it against the PHP 5.2.11 sources and am now sorting through
results, patching suggestions may follow :)
May the source be with you,
Best regards,
Jess Portnoy
Michael Maclean wrote:
Hi,
Gwynne pointed me at the clang static analyser earlier on today, and so
I've run it against current PHP_5_3. In the course of messing with it,
it noticed a potential null dereference in ext/ftp - I've attached a
one-liner to fix it.
Michael
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
