Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V39/analyzer extra stuff #4730

Draft
wants to merge 43 commits into
base: master
Choose a base branch
from
Draft

V39/analyzer extra stuff #4730

wants to merge 43 commits into from

Conversation

elliefm
Copy link
Contributor

@elliefm elliefm commented Nov 7, 2023
edited
Loading

This sits on top of #4724, will need rebasing once that lands. The real contents here are the commits starting with "WIP".

This contains all the stuff where there's either a real problem that I haven't worked out how to solve properly, or where I needed to add stuff just to shut up a false positive from the static analyzer.

Even with all these commits, a few source files still don't build cleanly with -fanalyze yet. In particular, all the code generated by flex/bison. Also, jmap_contact.c, httpd.c, and http_jwt.testc are others I remember at the time of writing. For these files, I had to compile them individually without -fanalyze due to things I couldn't fix nor shut up.

With these commits, and a lot of CPU time and RAM, you can build all of Cyrus (with exceptions as above) under the analyzer, and successfully run the cunit and cassandane tests.

@elliefm
com_err/et/init_et: remove tricky malloc
46ef7a4 
This used a junk wrapper struct to allocate two structs in a single malloc,
which is confusing to the gcc static analyzer.

Instead, just use two allocations...

Nothing cleans these up, so they would still be leaked in practice, except
that Cyrus never calls this function anyway.
@elliefm
prometheus: fix handling of prometheus_init failure
07b2394
@elliefm
promstatsd: use xzmalloc
2bf439b
@elliefm
cyr_virusscan: tempfile error checking
dad96e7
@elliefm
ctl_backups: assert that cmd_lock_one got an fname
12d6720
@elliefm
nntpd: ret arg to open_group() may be NULL
ec486b3
@elliefm
ctl_mboxlist: use xmalloc et al
d546064
@elliefm
dav_util: handle failure from dav_get_validators
2b08429
@elliefm
lmtpd: use struct buf for growing buffer
bb68ddb
@elliefm
sieve/message: assert invariants
4120372
@elliefm
annotate: assert invariants
db77e5a
@elliefm
index: differentiate count and counter
d45bf0c
@elliefm
mailbox: assert assumptions
27f2394
@elliefm
mboxevent: use xstrdup, assert assumptions
c597c18
@elliefm
search_xapian: ignore *V* record during reindex
0347fb1
@elliefm
http_caldav: shush static analyzer
da3c8ba 
it doesn't understand that we only won't have a *comp if there
was an error already, so just check for *comp too
@elliefm
http_dav: shush static analyzer
6c8030c 
it doesn't understand that we only won't have a *param if there
was an error already, so just check for *param too
@elliefm
http_dav_sharing: fix uninitialised value
89ec4df
@elliefm
jmap_sieve: handle missing id in script_findblob
5cc3a9e
@elliefm
annotate.testc: fix use of uninitialised value
3fcbc81
@elliefm
http_jwt.testc: use _FATAL asserts for fopen failures
b5b5b30
@elliefm
WIP assert: mark assertionfailed as noreturn
cb35bce 
not sure if this helps or is complete
@elliefm
WIP charset: assert that we got a defaultcs
9396fbb
@elliefm
WIP mupdate: avoid hypothetical null derefs
e8b37c6
@elliefm
WIP ical_support: weird icalcomponent_get_utc_timespan complaint
fe4410f 
GCC static analyser complains that the year field of due and created
are uninitialized, but only when memcpying them over period.end, even
though it might have just successfully memcpy'd it over period.start
without complaint.

Even weirder: replacing the memcpy's with assignments stops it
complaining, even though it should not have made any difference.

Might be a GCC bug?  But I need to shut it up to get on with fixing
the real complaints...

gcc (Debian 12.2.0-14) 12.2.0

imap/ical_support.c: In function 'icalcomponent_get_utc_timespan':
imap/ical_support.c:1223:25: error: use of uninitialized value '*(unsigned char (*)[40])((char *)&due + offsetof(struct icaltimetype, year))' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
 1223 |                         memcpy(&period.end, &due, sizeof(struct icaltimetype));

...

imap/ical_support.c:1251:25: error: use of uninitialized value '*(unsigned char (*)[40])((char *)&created + offsetof(struct icaltimetype, year))' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
 1251 |                         memcpy(&period.end, &created, sizeof(struct icaltimetype));
@elliefm
WIP ical_support: parse_target_path track tail carefully
698db46 
Not sure if this is necessary, but it shuts up the static analyzer...
@elliefm
WIP conversations: assert when no folder found
3d199d6 
what does this case really mean?
@elliefm
WIP index: overcheck some bounds
ec04658 
analyzer doesn't understand that msgdata is only NULL when nmsgs
is zero, but if nmsgs is zero we weren't doing anything anyway.
need to shut it up so i can continue...
@elliefm
WIP index: possibly bad list building here?
b11f191 
analyzer doesn't understand that last is only null when we haven't
found a list head yet...

but surely we need to reset it to null when starting a new list!
@elliefm
WIP search_query: shut up FP from analyzer
578e742
@elliefm
WIP search_xapian: fixes and shushes
3f5123e
@elliefm
WIP http_caldav: component with invalid child component?
6f9206c
@elliefm
WIP http_carddav: need to check for mandatory properties?
579db07
@elliefm
WIP http_dav: handle xmlNew* failures?
f2033ca 
assuming these only fail on out-of-memory...
@elliefm
WIP http_dav_sharing: check we got a propstat?
968d14b
@elliefm
WIP http_dav_sharing: shush analyzer fp?
a8d19aa
@elliefm
WIP http_dblookup: shush double-free fp from analyzer
857e295 
free(NULL) is a no-op, but it looks like the static analyzer's
free wrapper doesn't know that, and treats two calls to free(NULL)
in the same function as if NULL were being freed twice, and then
complains about a double-free!
@elliefm
WIP http_proxy: assert some assumptions?
0b49df6
@elliefm
WIP httpd: shush analyzer fp
22f1b3b
@elliefm
WIP jmap_backup: shush analyzer fp
d9669b9
@elliefm
WIP jmap_calendar: might not have principalid?
8c7434d
@elliefm
WIP jmap_contact: bad but not sure how to fix
6a73d63 
ckind may be null and _jsunknown_to_vcard does not change that,
but we try to deref it anyway
@elliefm
WIP jmap_sieve: shush analyzer fp
4426776 
if no scriptid, we exited above from the parser.invalid check
@elliefm elliefm mentioned this pull request Nov 7, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Do Not Merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@elliefm