Hi Michael, Thank you for running the static code analysis on openhpi and finding issues. Thank you very much for pursuing the fixes. Could you please go ahead and file a defect in the sourceforge? When you generate a patch, please do test it and upload it to the bug.
The spreadsheets got expanded in the web archive to one field per line and it is not readable at https://sourceforge.net/p/openhpi/mailman/openhpi-devel/ Regards Mohan On Thu, 2017-12-21 at 21:25 +0000, Beavington, Michael wrote: > I realized the spreadsheet has details, but no specifics of each > error. I need to massage the data from two files to get something > readable. I’ll send that tomorrow. > > > > From: Beavington, Michael > Sent: Thursday, December 21, 2017 12:09 PM > To: '[email protected]' > <[email protected]> > Subject: Static code analysis on OpenHPI 3.7.0 > > > > > RE: Discussion on bugs found using static code analysis tool on > OpenHPI 3.7.0. > > > > We (Ribbon Communications) were looking at OpenHPI and I’ve run the > code through static code analysis and found a few hundred errors. > There are a lot of useless bugs, but there are also quite a few > serious issues. I’m doing this because we believe we’ve hit a resource > leak. > > > > This is my first post in the group. I’d like to share our findings. > I’ve attached the xls file of the c/c++ defects (no defects were > found in the python code). I suspect it will get stripped off. We are > likely going to pursue fixing some of the resource issues. > > > > Some moderator have a suggestion on how to proceed? > > > > Mike Beavington > > Ribbon Communications > > +1-613-287-5364 > [email protected] > 40 Hines Rd, Suite 500, > Ottawa, ON K2K 2M5 > > > > Example output of High issues (excluding uninitialized scalars) > > > > CID > > > Type > > > Impact > > > Category > > > File > > > Function > > > > 26221 > > > Out-of-bounds access > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/clients/hpixml/main.cpp > > > main > > > > 26222 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/baselib/conf.c > > > add_domain_conf > > > 26223 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/ipmidirect/ipmi.cpp > > > AllocConnection > > > 26224 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/baselib/conf.c > > > process_domain_token > > > 26225 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/watchdog/watchdog.c > > > watchdog_open > > > 26226 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/dynamic_simulator/new_sim_file_util.cpp > > > process_textbuffer > > > 26227 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_event.c > > > snmp_bc_findevent4dupstr > > > 26228 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/hpi_shell/ctrl_inv.c > > > set_control_state > > > 26229 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_discover_bc.c > > > snmp_bc_discover > > > 26230 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/openhpid/conf.c > > > process_global_param > > > 26231 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/dynamic_simulator/new_sim_text_buffer.cpp > > > AsciiToLanguage > > > 26232 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/utils/sahpi_struct_utils.c > > > oh_encode_sensorreading > > > 26233 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/openhpid/conf.c > > > oh_get_global_param > > > 26234 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/hpi_shell/fumi.c > > > show_component_info > > > 26235 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/openhpid/plugin.c > > > oh_get_handler_info > > > 26236 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_event.c > > > snmp_bc_log2event > > > 26237 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_text_buffer.cpp > > > AsciiToLanguage > > > 26238 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/openhpid/server.cpp > > > dehash_handler_cfg > > > 26239 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/clients/ohparam.c > > > execglobalparamset > > > 26240 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/hpi_shell/show.c > > > show_attrs > > > 26241 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/baselib/ohpi.cpp > > > __dehash_config > > > 26242 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_discover_bc.c > > > snmp_bc_rediscover > > > 26243 > > > Buffer not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/hpi_shell/cmdparser.c > > > ui_print > > > > 26304 > > > Various > > > High > > > Various > > > openhpi-3.7.0/hpi_shell/cmdparser.c > > > cmd_parser > > > 26329 > > > Resource > leak in > object > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/dynamic_simulator/new_sim_file_util.cpp > > > SimulatorToken > > > 26341 > > > Overflowed > pointer > read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/clients/hpithres.c > > > mod_sen > > > > 26349 > > > Memset > fill value > of '0' > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_sensor.c > > > snmp_bc_get_logical_sensors > > > 26351 > > > Memset > fill value > of '0' > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_discover_bc.c > > > snmp_bc_rediscover > > > 26354 > > > Memset > fill value > of '0' > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_discover_bc.c > > > snmp_bc_discover_switch_i > > > 26369 > > > Memset > fill value > of '0' > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_discover_bc.c > > > snmp_bc_discover > > > 26400 > > > Memset > fill value > of '0' > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_discover_bc.c > > > snmp_bc_discover_mm_i > > > 26411 > > > Memset > fill value > of '0' > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_sensor.c > > > snmp_bc_get_slot_power_sensor > > > 26511 > > > Out-of-bounds write > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_sel.c > > > snmp_bc_bulk_selcache > > > 26525 > > > Out-of-bounds access > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/plugins/dynamic_simulator/new_sim_dimi.cpp > > > NewSimulatorDimi > > > 26532 > > > Out-of-bounds access > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/utils/sahpi_struct_utils.c > > > oh_fprint_sensorrec > > > 26535 > > > Out-of-bounds write > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/hpi_shell/show.c > > > print_thres_value > > > 26544 > > > Out-of-bounds read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/clients/hpiwdt.c > > > show_wdt > > > 26547 > > > Out-of-bounds read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_sensor_threshold.cpp > > > IpmiModifierUnitToString > > > 26572 > > > Out-of-bounds access > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/plugins/dynamic_simulator/new_sim_dimi.cpp > > > NewSimulatorDimi > > > 26578 > > > Out-of-bounds write > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_utils.c > > > snmp_bc_extend_ep > > > 26580 > > > Out-of-bounds access > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/utils/sahpi_struct_utils.c > > > oh_fprint_rdr > > > 26583 > > > Out-of-bounds read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_sensor_threshold.cpp > > > IpmiUnitTypeToString > > > 26608 > > > Out-of-bounds read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/hpi_shell/show.c > > > lsres_sort > > > 26613 > > > Out-of-bounds write > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/snmp/snmp_utils.c > > > snmp_get > > > 26618 > > > Out-of-bounds read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/hpi_shell/show.c > > > lsres_sort > > > 26630 > > > Out-of-bounds read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/clients/hpiwdt.c > > > show_wdt > > > 26636 > > > Out-of-bounds read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/utils/epath_utils.c > > > oh_derive_string > > > 26639 > > > Out-of-bounds read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_sensor_threshold.cpp > > > IpmiRateUnitToString > > > 26646 > > > Out-of-bounds access > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/hpi_shell/show.c > > > show_attrs > > > 26650 > > > Out-of-bounds access > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/hpi_shell/fumi.c > > > show_component_info > > > 26816 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/dynamic_simulator/new_sim_file_annunciator.cpp > > > process_token > > > 26817 > > > Resource > leak > > > High > > > Resource > leaks > > > /usr/include/c++/4.6.3/bits/stl_list.h > > > _M_insert > > > 26818 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi.cpp > > > GetParams > > > 26819 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/openhpid/server.cpp > > > oh_server_run > > > 26820 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_sel.cpp > > > AddAsyncEvent > > > 26821 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/test_agent/abi.cpp > > > oh_open > > > > 26822 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/openhpid/server.cpp > > > oh_server_run > > > 26823 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/openhpid/server.cpp > > > oh_server_run > > > 26824 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/dynamic_simulator/new_sim_file_dimi.cpp > > > process_token > > > 26826 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_domain.cpp > > > cIpmiDomain > > > 26827 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_domain.cpp > > > CheckTca > > > > 26828 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_mc_vendor.cpp > > > CreateSensorDiscrete > > > 26829 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/clients/hpipower.c > > > main > > > > 26830 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_mc_vendor.cpp > > > CreateSensorHotswap > > > 26831 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_domain.cpp > > > HandleEvent > > > 26832 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/baselib/session.cpp > > > DoRpc > > > > 26833 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/utils/sahpi_gcrypt_utils.c > > > oh_crypt > > > > 26834 > > > Resource > leak > > > High > > > Resource > leaks > > > /usr/include/c++/4.6.3/bits/stl_list.h > > > _M_insert > > > 26835 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/watchdog/watchdog.c > > > watchdog_discover_resources > > > 26836 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/dynamic_simulator/new_sim_file.cpp > > > process_rpt_token > > > 26837 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_sdr.cpp > > > CreateFullSensorRecords > > > 26838 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/openhpid/openhpid-posix.cpp > > > check_pidfile > > > 26839 > > > Resource > leak > > > High > > > Resource > leaks > > > /usr/include/c++/4.6.3/bits/stl_list.h > > > _M_insert > > > 26840 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/watchdog/watchdog.c > > > watchdog_discover_resources > > > 26841 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_mc_vendor.cpp > > > CreateSensorThreshold > > > 26842 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_mc_vendor.cpp > > > InitFactory > > > 26843 > > > Resource > leak > > > High > > > Resource > leaks > > > /usr/include/c++/4.6.3/bits/stl_list.h > > > _M_insert > > > 26844 > > > Resource > leak > > > High > > > Resource > leaks > > > /usr/include/c++/4.6.3/bits/stl_list.h > > > _M_insert > > > 26845 > > > Resource > leak > > > High > > > Resource > leaks > > > /usr/include/c++/4.6.3/bits/stl_list.h > > > _M_insert > > > 26846 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/utils/sahpi_gcrypt_utils.c > > > oh_crypt > > > > 26847 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_mc_vendor.cpp > > > CreateEntityPath > > > 26848 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/dynamic_simulator/new_sim_file_fumi.cpp > > > process_token > > > 26849 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/baselib/session.cpp > > > ohc_sess_open > > > 26850 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/dynamic_simulator/new_sim_file_inventory.cpp > > > process_token > > > 26851 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_domain.cpp > > > HandleAsyncEvent > > > 26852 > > > Resource > leak > > > High > > > Resource > leaks > > > openhpi-3.7.0/hpi_shell/session.c > > > open_session > > > 26854 > > > Destination buffer too small > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/hpi_shell/show.c > > > print_rpt_paths > > > 26858 > > > Destination buffer too small > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/hpi_shell/commands.c > > > set_tag > > > > 26871 > > > Unbounded > source > buffer > > > High > > > Memory - > corruptions > > > openhpi-3.7.0/clients/ohparam.c > > > main > > > > 26878 > > > String not > null > terminated > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/utils/sahpi_gcrypt_utils.c > > > oh_crypt > > > > 26892 > > > Various > > > High > > > Various > > > openhpi-3.7.0/openhpid/safhpi.c > > > saHpiEventGet > > > 26943 > > > Uninitialized pointer read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_mc_vendor.cpp > > > FindResource > > > 27069 > > > Uninitialized pointer read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/snmp_bc/t/snmp_bc_sel.c > > > snmp_bc_bulk_selcache > > > 27071 > > > Uninitialized pointer read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/utils/sahpi_gcrypt_utils.c > > > oh_crypt > > > > 27089 > > > Uninitialized pointer read > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/utils/sahpi_gcrypt_utils.c > > > oh_crypt > > > > 27109 > > > Use after > free > > > High > > > Memory - > illegal > accesses > > > openhpi-3.7.0/plugins/ipmidirect/ipmi_con.cpp > > > ~cIpmiCon > > > > > > > > > > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Openhpi-devel mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openhpi-devel ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openhpi-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openhpi-devel
