Wireshark-dev: Re: [Wireshark-dev] new static code checker in town :cppcheck
From: Evan Huus <eapache@xxxxxxxxx>
Date: Wed, 8 Jan 2014 16:03:49 -0500
Yes, I've used it on-and-off for quite a while now. It can be quite
useful, though it does have a number of limitations. There is a shell
script in Wireshark trunk tools directory (tools/cppcheck/cppcheck.sh)
which will run cppcheck with a set of flags and other configurations
which I have found to be useful when analyzing Wireshark.

In general, I have found that between compiler warnings (our buildbot
runs GCC+Clang+MSVC+Coverity), and fuzz-testing (especially under
Valgrind), cppcheck doesn't add a whole lot of value. It's still worth
looking at occasionally of course.

Certain files (idl2wrs.c, lemon.c and others) are not actually part of
Wireshark proper, they are only used to generate code that ends up in
Wireshark, so I have never paid too much attention to warnings in
them.

On Wed, Jan 8, 2014 at 3:52 PM, Toralf Förster <toralf.foerster@xxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> It discovers a flaw in X (http://lists.x.org/archives/xorg-announce/2014-January/002389.html) so I gave it a try to the current git tree of boinc. And b/c the tool claims at its home page that it doesn't produce false positive I think it is worth to report the output here, or ?
>
>
> tfoerste@n22 ~/devel/wireshark $ cppcheck ./ --force --quiet
> [echld/echld-int.h:293]: (error) Invalid number of character ({) when these macros are defined: '__cplusplus'.
> [epan/dissectors/dcerpc/idl2wrs.c:3189]: (error) Buffer overrun possible for long command line arguments.
> [epan/dissectors/dcerpc/idl2wrs.c:1829]: (error) Memory leak: ptmpstr
> [epan/dissectors/dcerpc/idl2wrs.c:2402]: (error) Memory leak: ptmpstr
> [epan/dissectors/dcerpc/idl2wrs.c:2698]: (error) Memory leak: ptmpstr
>
> ...
>
> - --
> MfG/Sincerely
> Toralf Förster
> pgp finger print:1A37 6F99 4A9D 026F 13E2 4DCF C4EA CDDE 0076 E94E
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iF4EAREIAAYFAlLNunAACgkQxOrN3gB26U4+zwD/YgwmMYTnhEq0YHBjCLFa0Jwv
> hazTVe2xLlw8bGqM4JUA/3kV4hKX6D1q44LnlstRdQO24onYvQksYbZo913BkreF
> =zpFP
> -----END PGP SIGNATURE-----
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe