klockwork source code analysis

Auke Kok sofar at foo-projects.org
Tue Aug 1 20:39:36 CEST 2006 

Nick Schermer wrote:
> What kind of defects and security vulnerabilities are we
> talking about? If they do static analysis (from website):
> we already use strcat, strcpy and sprintf 211x in
> all (all my checkouts) Xfce components.
> It's not that I'm against this, just curious...

Here's a quick overview of a _PART_ of the index. Note that this is only the 
list, it then hyperlinks on to the code with more data per item found.

the interface allows you to tag buglets as irrelevant etc so you can track 
them. This is a serious day-job if you do this for all of xfce :)

Cheers,

Auke


Critical (1)	New	Analyze	/Security Vulnerabilities/Buffer Overflow	ABR	Buffer 
Overflow - Array Index Out of Bounds	client.c	4579	n/a
[Manage Defect]
18	Error (3)	New	Analyze	/Defects/Null Pointer Dereference	NPD.FUNC.MUST 
Result of function that may return NULL will be dereferenced	clock.c	97	n/a
[Manage Defect]
19	Error (3)	New	Analyze	/Defects/Null Pointer Dereference	NPD.FUNC.MUST 
Result of function that may return NULL will be dereferenced	cups.c	423	n/a
[Manage Defect]
20	Error (3)	New	Analyze	/Defects/Null Pointer Dereference	RNPD.DEREF 
Suspicious dereference of pointer before NULL check	desktop-menuspec.c	163	n/a
[Manage Defect]
21	Warning (6)	New	Analyze	/Defects/Coding Style/Inconsistent Use of Types 
INCONSISTENT.LABEL	Inconsistent Case Labels	encoding.c	180	n/a
[Manage Defect]
22	Error (3)	New	Analyze	/Defects/Null Pointer Dereference	RNPD.CALL 
Suspicious dereference of pointer in function call before NULL check 
event-list.c	101	n/a
[Manage Defect]
23	Critical (1)	New	Analyze	/Defects/Null Pointer Dereference	NPD.GEN.MIGHT 
Null pointer may be dereferenced	event-list.c	101	n/a
[Manage Defect]
24	Error (3)	New	Analyze	/Defects/Null Pointer Dereference	NPD.FUNC.MUST 
Result of function that may return NULL will be dereferenced	event-list.c	221	n/a
[Manage Defect]
25	Error (3)	New	Analyze	/Defects/Null Pointer Dereference	NPD.FUNC.MUST 
Result of function that may return NULL will be dereferenced	event-list.c	363	n/a

More information about the Xfce4-dev mailing list