Re: Clang 3.3 Analyzer Results

Hi,

On 11 Listopad 2013, 7:33, Jeffrey Walton wrote:
> I've been tasked with a quick acceptance check of Postgres for an
> upcoming project. It's a quick check, so its limited to Clang's
> analyzer and sanitizers.
>
> The analyzer is reporting some findings, and some of the findings look
> legitimate.
>
> For example, it looks like there's a double `free` occurring in
> streamutil.c (around line 115). Here's a screen capture of it under
> scan-view: http://postimg.org/image/3ph4hkyav/. From the capture, it
> looks like `password` should be set to NULL after `free` because Clang
> found a path to get back to the top of the loop (which will free
> `password` again`).

Probably. From a quick glance at streamutil.c, it seems to have other
issues too, not just the double free. For example it does a free on the
password, but then uses the value for dbpassword (not sure if that code
path actually is possible - maybe it always gets into the branch with
password prompt).

> There's some others of interest, too. For example, Divide by Zero and
> Buffer Overflows. Here's the index.html from the scan-view report:
> http://postimg.org/image/tn2ovjout/.
>
> The scan-view tar ball is a 5.5 megabytes in size (its HTML based with
> a lot of mouse over markup to help understand flows), and I'm not sure
> the bug reporter will take it. Plus the developers may not want it
> added to the bug reporter.
>
> Would someone know the best way to get this to the right folks?
>
> Thanks in advance. (And sorry reporting to pgsql-general - the
> developer list states emails must go elsewhere first).

IMHO pgsql-hackers is the right audience for reports like this. The 'must
ask somewhere else first' is meant for regular questions that are not that
closely related to postgresql development, and are likely to be answered
in the generic mailing lists.

Please, upload the HTML report somewhere and post a link. If it's easier
to the clang analysis, maybe post instructions on how to do that.

regards
Tomas