On Mon, Sep 1, 2008 at 3:42 PM, Tim Schwartz <[EMAIL PROTECTED]> wrote: > So Austin, have you had a chance to have a discussion with Dan about > adding flawfinder to patchwatcher? > > On Aug 31, 2008, at 4:12 AM, [EMAIL PROTECTED] wrote: > >> Send wine-devel mailing list submissions to >> wine-devel@winehq.org >> >> To subscribe or unsubscribe via the World Wide Web, visit >> http://www.winehq.org/mailman/listinfo/wine-devel >> or, via email, send a message with subject or body 'help' to >> [EMAIL PROTECTED] >> >> You can reach the person managing the list at >> [EMAIL PROTECTED] >> >> When replying, please edit your Subject line so it is more specific >> than "Re: Contents of wine-devel digest..." >> >> >> Today's Topics: >> >> 1. Adding Flawfinder to Patchwatcher (Austin English) >> >> >> ---------------------------------------------------------------------- >> >> Message: 1 >> Date: Thu, 28 Aug 2008 15:59:20 -0500 >> From: "Austin English" <[EMAIL PROTECTED]> >> Subject: Adding Flawfinder to Patchwatcher >> To: "wine-devel@winehq.org" <wine-devel@winehq.org> >> Message-ID: >> <[EMAIL PROTECTED]> >> Content-Type: text/plain; charset="utf-8" >> >> I had a discussion with Dan about adding Flawfinder to the >> patchwatcher. Currently, it's got some pretty generic errors, but it >> seems able to test only patches, so we wouldn't be flooded with old >> nonbugs (or we could set up a blacklist of safe errors). For >> reference, I've run it on today's git. I'm attaching the full log, as >> well as a condensed version of the most common errors (1 per error >> type). Looks like a lot of chances for buffer overflows.. >> >> Thoughts? >> >> -Austin >> -------------- next part -------------- >> An embedded and charset-unspecified text was scrubbed... >> Name: flaws.txt >> Url: >> http://www.winehq.org/pipermail/wine-devel/attachments/20080828/fca404cc/attachment-0044.txt >> -------------- next part -------------- >> An embedded and charset-unspecified text was scrubbed... >> Name: trimmed.txt >> Url: >> http://www.winehq.org/pipermail/wine-devel/attachments/20080828/fca404cc/attachment-0045.txt >> >> ------------------------------ >> >> _______________________________________________ >> wine-devel mailing list - wine-devel@winehq.org >> http://www.winehq.org/mailman/listinfo/wine-devel >> >> >> End of wine-devel Digest, Vol 37, Issue 111 >> ******************************************* > > >
Seems Flawfinder is a bit too paranoid/dumb and flags every possible error, even ones that are non issues. Most people didn't seem to like the idea of integrating Flawfinder as a result. I've found a few other static analysis tools, I'm going to try them over the next few days and see if I can find one that gives a better balance. -Austin