|
From: Nicholas N. <nj...@cs...> - 2005-05-24 13:04:29
|
On Tue, 24 May 2005, Madhu M Kurup wrote: > As part of some course work that I'm doing at Stanford, there was a need to > apply static code analysis to some particular free/open source software. I > asked for permission and then applied this analysis on Valgrind. The > symmetry of applying static analysis to *the* dynamic analysis software on > Linux is not lost on me :). The tool used was Prevent [1] from Coverity Inc > [2]. This is a tool in the same lineage that was used with great success on > other free/open source projects such as Linux, OpenBSD etc. Awesome! Thanks for doing this. > Additionally, another resource leak involving get_file_clo from vg_main.c is > probably intended as there's a little comment above the definition of > get_file_clo: > > /* Nb: malloc'd memory never freed -- kept throughout like argv, envp */ Hmm, looking at the code that comment is wrong -- the allocated memory gets copied later in augment_command_line(), and then there is a definite leak. The ones you've sent patches for mostly look pretty minor, but they're worth fixing. > I'll be sending more details for each, it is very possible that I could have > missed the intention of the code, so would it be possible for folks to look > at them and see if the indicator is really a problem? I'm currently going to > send them into the list, I can additionally open bugs if folks feel that > bugzilla is going to be a better interface. I'll definitely look soon at the ones in code that I understand. You haven't sent patches for all the files you mentioned (eg. vg_translate.c ac_main.c) -- are they coming, or are they ones you judged unimportant? Thanks again for doing this. N |