You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2013/11/03 11:06:46 UTC
[Bug 55738] New: PVS-Studio: few issues
https://issues.apache.org/bugzilla/show_bug.cgi?id=55738
Bug ID: 55738
Summary: PVS-Studio: few issues
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: bugs@httpd.apache.org
Reporter: karpov@viva64.com
Hello. I am recheck httpd-trunk 2.5.0 and find few issues.
I am use PVS-Studio Static Code Analyzer http://www.viva64.com/
Suspicious:
V528 It is odd that pointer to 'char' type is compared with the '\0' value.
Probably meant: ** ctx->re_source == '\0'. libhttpd util_expr_eval.c 167
V528: http://www.viva64.com/en/d/0117/
typedef struct {
....
const char **re_source;
....
} ap_expr_eval_ctx_t;
static const char *ap_expr_eval_re_backref(ap_expr_eval_ctx_t *ctx, unsigned
int n)
{
int len;
if (!ctx->re_pmatch || !ctx->re_source ||
*ctx->re_source == '\0' ||
ctx->re_nmatch < n + 1)
return "";
....
}
-------------------------------------------------------------------------------
V597 The compiler could delete the 'memset' function call, which is used to
flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase
the private data. apr apr_md4.c 362
V597: http://www.viva64.com/en/d/0208/
static void MD4Transform(apr_uint32_t state[4], const unsigned char block[64])
{
apr_uint32_t a = state[0], b = state[1],
c = state[2], d = state[3],
x[APR_MD4_DIGESTSIZE];
....
/* Zeroize sensitive information. */
memset(x, 0, sizeof(x));
}
V597 The compiler could delete the 'memset' function call, which is used to
flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to
erase the private data. apr apr_md5.c 436
V597 The compiler could delete the 'memset' function call, which is used to
flush 'final' buffer. The RtlSecureZeroMemory() function should be used to
erase the private data. apr apr_md5.c 662
V597 The compiler could delete the 'memset' function call, which is used to
flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to
erase the private data. aprutil apr_md5.c 436
V597 The compiler could delete the 'memset' function call, which is used to
flush 'final' buffer. The RtlSecureZeroMemory() function should be used to
erase the private data. aprutil apr_md5.c 662
V597 The compiler could delete the 'memset' function call, which is used to
flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase
the private data. aprutil apr_md4.c 362
V597 The compiler could delete the 'memset' function call, which is used to
flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase
the private data. htdbm passwd_common.c 165
-------------------------------------------------------------------------------
V614 Potentially uninitialized pointer 'wch' used. apr start.c 58
V614: http://www.viva64.com/en/d/0230/
static int warrsztoastr(const char * const * *retarr,
const wchar_t * arrsz, int args)
{
const apr_wchar_t *wch;
....
if (args < 0) {
for (args = 1, wch = arrsz; wch[0] || wch[1]; ++wch)
if (!*wch)
++args;
}
wsize = 1 + wch - arrsz;
....
}
-------------------------------------------------------------------------------
V654 The condition 'retry < 2' of loop is always true. mod_proxy_wstunnel
mod_proxy_wstunnel.c 436
V654: http://www.viva64.com/en/d/0275/
static int proxy_wstunnel_handler(....)
{
int retry;
....
retry = 0;
while (retry < 2) {
char *locurl = url;
....
// Variable 'retry' is not used
....
}
....
}
----
Best regards,
Andrey Karpov
Ph.D. in Mathematics, CTO
OOO "Program Verification Systems" (Co Ltd)
URL: www.viva64.com
E-Mail: karpov@viva64.com
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org