Open geraldo-netto opened 3 years ago
@geraldo-netto Did you manually analyze the code paths that the static analyzer reported? Had a quick look and they seem like false positives to me.
Hi @yossigo ,
I have uploaded the full scan here: https://exdev.sourceforge.io/redis-6.2.1/ and I agree with you that at first sight they are false-positive but considering C limitations, I think it's better to be safe than sorry Also, some of those very rare conditions require as much as 115 steps to happen...
I hope this can be somehow useful
Cheers, Geraldo Netto
Thank you @geraldo-netto, I agree that C always calls for extra safety so additional manual analysis and judgement are always required.
I don't have the bandwidth for this at the moment but if anyone wants to pursue the analysis of this report, some real problems can be found and fixed.
Hi @yossigo !
Sure, I understand! :) I'll double-check and propose some patches later
Keep Rocking, Geraldo Ntto
Hi @geraldo-netto:
I also want to participate some case in your report. Maybe you could add some checkbox? 😸
Hi @OhBonsai ,
Sure, please, check https://clang-analyzer.llvm.org/ It might take a while for me to propose a fix for each thing, but let's keep it up!!! :)
Dear Friends,
while playing with static analysis (clang static analyser) on Redis 6.2.1, I found a few null pointer dereferences
on rax.c, there is this block:
Where we can avoid a null pointer dereference that can happen under rare conditions by applying the following change:
on redis-cli.c, there are 2 possible null pointer dereferences: The first one is this:
Where we can avoid a null pointer dereference that can happen under rare conditions by applying the following change:
The second one is this:
Where we can avoid a null pointer dereference that can happen under rare conditions by applying the following change:
Would you mind considering applying these changes?
Thank You so much, Geraldo Netto