Wireshark-dev: Re: [Wireshark-dev] wireshark and mozila dehydra

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: yami <yamisoe@xxxxxxxxx>
Date: Sun, 14 Jun 2009 16:32:15 +0800
Hi,

I tried llvm (clang's scan-build) after reading your post.
It is very easy to run scan-build,  and it seems good to find unused statements.
However for finding errors, false positives disappointed me.

I analyzed 4 'API' errors, but only one seems to be real error:
   at color_filter.c:173, variable "filter" might be NULL in 'strstr'.

I randomly choose 28 'logic error' results, such as 'null dereference', 'use of uninitialized value'. But all of them are false positives.

Some common false positive reasons are:
  1. assertions are not respected, scan-build usually assume ptr is NULL in "DISSECTOR_ASSERT(ptr)".
  2. goto statement is not handled correctly. For example, at dumpcap.c:988, variable "magic" is considered uninitialized if read() returns negative integer. But in this case, switch(magic) will not be executed.
  3. TRY is not handled correctly. For example, at packet-dcerpc.c:4204, "pdu_len" is considered uninitialized.


On Thu, Jun 11, 2009 at 12:52 AM, didier <dgautheron@xxxxxxxx> wrote:
Hi,
Has anyone played with mozilla dehydra (or llvm)?
https://developer.mozilla.org/en/Dehydra

It may be useful for finding errors like
....
if (tree) {
       foo = tvb_get_xx..
       offset += 2;
       ...
}
return offset;

or
if (!tree)
       return
expert_add_info(...)

in dissectors

Didier

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe