ctrlaltca
commented
11 months ago I had a quick look at the first entries in the report.
The first 3 "bugs" are in the 3rdparty rijndael code.
The 4th "bug" (KviIrcSocket::flushSendQueue) assumes that the value of "KviOption_boolLimitOutgoingTraffic" is both true and false inside the same function.
The 5th bug (UglyBase64::byteswap_buffer) assumes that we are passing wrong parameters to a function.
KviModeEditor::KviModeEditor is even nicer, we have a Assuming 'pChan' is null and a lot of lines later the supposed bug Called C++ object pointer is null referring to pChan.
Maybe there's a few real bugs in the report, but the one i looked seems to be false positives mostly caused by KVIrc code being messy and clang making wild assumptions.
abazaba855
Hi,
Not sure if anybody is actually interested in a static analysis report of the kvirc codebase by clang, but just for fun I decided to give it a go. The full results in the html report are included in the attachment.
To me, it looks like the analyzer either is totally wrong, or the codebase needs some love :)
I ran the analysis on Fedora 38, with clang 16.
If you want to reproduce this for yourself, it's actually quite easy to do: run the 'scan-build' command in front of both the 'cmake' and the 'make' commands, and otherwise compile as usual (a debug build is preferred as the tool is supposed to pick up clues from that). Just make sure that the package that contains the clang command 'scan-build' is installed ('clang-analyzer' on Fedora). And from there on it's something like this :
git clone https://github.com/kvirc/kvirc.git mkdir ~/tmp/scan-build-kvirc mkdir build && cd build scan-build -o ~/tmp/scan-build-kvirc cmake ../kvirc -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=debug scan-build -o ~/tmp/scan-build-kvirc make