Mike Hearn wrote:
On Thu, 06 Apr 2006 20:39:00 +0100, Mike Hearn wrote:
Yes, this is awesome news, so far every one I have checked is a real bug.
OK, that was a bit over-enthusiastic. A few of these are more tricky. EG:
* One was wrong, it didn't track the fact that the given variable was
initialized by a subroutine
* Another (missing NULL ptr check in LoadTypeLibEx) is right, but, I don't
think we want to add lots of missing NULL arg checks in the public API
implementations. An application will never pass NULL to this function
directly as otherwise it'd not work at all, so, a crash with a NULL arg
here probably is revealing some other bug.
Both of these were detected by internal inconsistencies. For example:
void foo(char *str)
{
*str = '\0';
...
if (str) strcpy(str, "bar");
}
It is NOT assuming that every function could receive a NULL, although it
looks like it does analysis within the same file to see if the function
could be called with NULL.
* It has identified a codepath through the server window station code
where a struct desktop could be dereffed without being initialized.
But I am not sure if this codepath is logically possible. Somebody
more familiar with that code (eg Alexandre) would have to check if
it could actually ever be taken or not.
I have a patch for this and yes it is logically possible. (Don't argue
with a computer over logic, it is far better than any human at it!)
--
Rob Shearman
