Hi, As you may have noticed, I have been using clang's static analyzer for a few months and submitted fixes for bugs that it found. There are also many minor issues in the code (memory leaks, dead assignments, etc.) which introduce much noise and make it harder to find real issues. For example if a reported "dead variable assignment" is about the return value of a function which would need to be checked and the wrong variable is used in the check, this would be detected by the analyzer but would be in the noise of other minor issues.
Therefore this patchset (and the ones that I would like to send in the following weeks) is about reducing this noise. I am starting with libsepol/src/module_to_cil.c and while cleaning up the commits I have written in order to use clang's static analyzer, I stumbled upon some other local commits I forgot to send, which fix more important bugs (like a missing call to va_end(), in the last patch). This explains why there are other files which are modified. Here is the git shortlog: Nicolas Iooss (7): libsepol: cil: silence clang analyzer false positive libsepol: do not leak memory if list_prepend fails libsepol: remove some dead assignments libsepol: do not call malloc with 0 byte libsepol: remove unused variable checkpolicy: destroy the class datum if it fails to initialize libsepol: destroy the copied va_list checkpolicy/module_compiler.c | 1 + libsepol/cil/src/cil_tree.c | 2 +- libsepol/src/kernel_to_common.c | 3 +++ libsepol/src/module_to_cil.c | 21 +++++++++++++-------- 4 files changed, 18 insertions(+), 9 deletions(-) Cheers, Nicolas -- 2.17.0 _______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
