[llvmlinux] [GSoC: Static analysis] Report 0

PaX Team pageexec at freemail.hu
Mon Jun 17 17:16:00 UTC 2013


On 17 Jun 2013 at 15:33, Eduard Bachmakov wrote:

> Having glanced at a few of those, I have to
> say that some do look pretty real to me (e.g. report-LbUOdn.html ) but
> I'm not sure just how different the rules are for the kernel.

it's not a bug unless one of the callers passes in a ppi array without
a valid ata_port_info pointer in there. the few i randomly checked all
do it fine (and i bet that if there was a buggy caller here the null
deref would have triggered for users already ;).

> Quite a few issues (400-600) are related to garbage value assignment
> and propagation. How does that happen? Like this: "unsigned int
> uninitialized_var(msecs);" -- so no surprise there.

this particular issue can be worked around by defining uninitialized_var
differently when compiled with clang (only to discover that clang's uninit
variable analyzer can also be noisy ;).



More information about the LLVMLinux mailing list