[Softhsm-develop] static analysis results for git a9239137c73bf5e482accc5af8a4c1bbd375b394

Petr Spacek pspacek at redhat.com
Fri Mar 27 12:46:17 UTC 2015


Hello!

Someone mentioned that you are working towards SoftHSM v2.0.0 release so it
sounds like the right time to run static code analysis again.

Fresh results from git head a9239137c73bf5e482accc5af8a4c1bbd375b394 are quite
impressive!

>From 143 defects detected back in September 2014 we are now down to 8 defects
detected today.

I'm attaching scan results to this e-mail.


Interestingly, gcc version 5.0.0 with -Wshadow option screams a lot and
produces more than 250 warnings about shadowed variables. I'm not sure if the
check makes sense in all cases but it is suspicious - these results are
attached in shadow-warnings.err.bz2.

I hope this will be useful to you.

Have a nice day!

-- 
Petr Spacek  @  Red Hat
-------------- next part --------------
Error: RESOURCE_LEAK (CWE-772):
softhsm-2.0.0GITa923913/src/bin/common/library.cpp:98: alloc_fn: Storage is returned from allocation function "dlopen".
softhsm-2.0.0GITa923913/src/bin/common/library.cpp:98: var_assign: Assigning: "pDynLib" = storage returned from "dlopen("/usr/lib64/pkcs11/libsofthsm2.so", 2)".
softhsm-2.0.0GITa923913/src/bin/common/library.cpp:105: leaked_storage: Variable "pDynLib" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK (CWE-772):
softhsm-2.0.0GITa923913/src/bin/common/library.cpp:94: alloc_fn: Storage is returned from allocation function "dlopen".
softhsm-2.0.0GITa923913/src/bin/common/library.cpp:94: var_assign: Assigning: "pDynLib" = storage returned from "dlopen(module, 2)".
softhsm-2.0.0GITa923913/src/bin/common/library.cpp:105: leaked_storage: Variable "pDynLib" going out of scope leaks the storage it points to.

Error: DEADCODE (CWE-561):
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2046: assignment: Assigning: "isRSA" = "true".
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2050: assignment: Assigning: "isRSA" = "true".
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2058: assignment: Assigning: "isRSA" = "true".
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2066: const: At condition "isRSA", the value of "isRSA" must be equal to 1.
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2066: dead_error_condition: The condition "isRSA" must be true.
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2087: dead_error_line: Execution cannot reach this statement: "return 112UL;".

Error: DEADCODE (CWE-561):
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2640: assignment: Assigning: "isRSA" = "true".
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2644: assignment: Assigning: "isRSA" = "true".
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2665: assignment: Assigning: "isRSA" = "true".
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2673: const: At condition "isRSA", the value of "isRSA" must be equal to 1.
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2673: dead_error_condition: The condition "isRSA" must be true.
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2694: dead_error_line: Execution cannot reach this statement: "return 112UL;".

Error: DEADCODE (CWE-561):
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:3491: assignment: Assigning: "isECDSA" = "true".
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:3549: const: At condition "isECDSA", the value of "isECDSA" must be equal to 1.
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:3549: dead_error_condition: The condition "isECDSA" must be true.
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:3589: dead_error_line: Execution cannot reach this statement: "return 112UL;".

Error: DEADCODE (CWE-561):
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:4304: assignment: Assigning: "isECDSA" = "true".
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:4362: const: At condition "isECDSA", the value of "isECDSA" must be equal to 1.
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:4362: dead_error_condition: The condition "isECDSA" must be true.
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:4402: dead_error_line: Execution cannot reach this statement: "return 112UL;".

Error: CHECKED_RETURN (CWE-252):
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLEVPHashAlgorithm.cpp:61: check_return: Calling "hashFinal" without checking return value (as is done elsewhere 11 out of 13 times).
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:3130: example_checked: Example 1: "session->getDigestOp()->hashFinal(digest)" has its value checked in "session->getDigestOp()->hashFinal(digest) == 0".
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2986: example_checked: Example 2: "session->getDigestOp()->hashFinal(digest)" has its value checked in "session->getDigestOp()->hashFinal(digest) == 0".
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLDSA.cpp:390: example_assign: Example 3: Assigning: "bFirstResult" = return value from "this->pCurrentHash->hashFinal(hash)".
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLDSA.cpp:395: example_checked: Example 3 (cont.): "bFirstResult" has its value checked in "bFirstResult".
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLEVPHashAlgorithm.cpp:99: example_checked: Example 4: "this->HashAlgorithm::hashFinal(hashedData)" has its value checked in "this->HashAlgorithm::hashFinal(hashedData)".
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLRSA.cpp:890: example_assign: Example 5: Assigning: "bFirstResult" = return value from "this->pCurrentHash->hashFinal(firstHash)".
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLRSA.cpp:903: example_checked: Example 5 (cont.): "bFirstResult" has its value checked in "bFirstResult".

Error: CHECKED_RETURN (CWE-252):
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLEVPHashAlgorithm.cpp:89: check_return: Calling "hashFinal" without checking return value (as is done elsewhere 11 out of 13 times).
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:3130: example_checked: Example 1: "session->getDigestOp()->hashFinal(digest)" has its value checked in "session->getDigestOp()->hashFinal(digest) == 0".
softhsm-2.0.0GITa923913/src/lib/SoftHSM.cpp:2986: example_checked: Example 2: "session->getDigestOp()->hashFinal(digest)" has its value checked in "session->getDigestOp()->hashFinal(digest) == 0".
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLDSA.cpp:390: example_assign: Example 3: Assigning: "bFirstResult" = return value from "this->pCurrentHash->hashFinal(hash)".
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLDSA.cpp:395: example_checked: Example 3 (cont.): "bFirstResult" has its value checked in "bFirstResult".
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLEVPHashAlgorithm.cpp:99: example_checked: Example 4: "this->HashAlgorithm::hashFinal(hashedData)" has its value checked in "this->HashAlgorithm::hashFinal(hashedData)".
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLRSA.cpp:890: example_assign: Example 5: Assigning: "bFirstResult" = return value from "this->pCurrentHash->hashFinal(firstHash)".
softhsm-2.0.0GITa923913/src/lib/crypto/OSSLRSA.cpp:903: example_checked: Example 5 (cont.): "bFirstResult" has its value checked in "bFirstResult".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/softhsm-develop/attachments/20150327/0c358157/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shadow-warnings.err.bz2
Type: application/x-bzip2
Size: 9434 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/softhsm-develop/attachments/20150327/0c358157/attachment.bin>


More information about the Softhsm-develop mailing list