Note: Due to technical difficulties, the Archives are currently not up to date.
GMANE provides an alternative service for most mailing lists. c.f. bug 424647
the newer fortify/security work in gcc provides some nice checks which portage
doesnt currently flag. those are:
": warning: array subscript is below array bounds$"
": warning: array subscript is above array bounds$"
": warning: attempt to free a non-heap object"
": warning: .* called with .*bigger.* than .* destination buffer$"
": warning: call to .* will always overflow destination buffer$"
this should catch the kind of checks where people check for pointer math
overflow but dont realize that gcc optimizes it away:
": warning: assuming pointer wraparound does not occur when comparing "
these tend to be typos in code:
": warning: hex escape sequence out of range$"
": warning: [^ ]*-hand operand of comma .*has no effect$"
these too are typos/thinkos involving NULL instead of a value of 0, or
misordering of arguments:
": warning: converting to non-pointer type .* from NULL"
": warning: NULL used in arithmetic$"
": warning: passing NULL to non-pointer argument"
these tend to be thinkos which result in incorrect behavior:
": warning: the address of [^ ]* will always evaluate as"
": warning: the address of [^ ]* will never be NULL"
think "char foo[1234]" and later doing "if (foo) ..."
i cant see this being valid:
": warning: too few arguments for format"
or trying to return addresses to function locals:
": warning: reference to local variable .* returned"
": warning: returning reference to temporary"
": warning: function returns address of local variable"
-mike
|
| Attachment: |
|
signature.asc (This is a digitally signed message part.)
|
|
