Bug 55738 - PVS-Studio: few issues
PVS-Studio: few issues
Status: NEW
Product: Apache httpd-2
Classification: Unclassified
Component: All
2.5-HEAD
PC
: P2 normal (vote)
: ---
Assigned To: Apache HTTPD Bugs Mailing List
:
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2013-11-03 10:06 UTC by Andrey Karpov
Modified: 2013-11-03 10:06 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Karpov 2013-11-03 10:06:46 UTC
Hello. I am recheck httpd-trunk 2.5.0 and find few issues.
I am use PVS-Studio Static Code Analyzer http://www.viva64.com/

Suspicious:

V528 It is odd that pointer to 'char' type is compared with the '\0' value. Probably meant: ** ctx->re_source == '\0'. libhttpd util_expr_eval.c 167

V528: http://www.viva64.com/en/d/0117/

typedef struct {
  ....
  const char **re_source;
  ....
} ap_expr_eval_ctx_t;

static const char *ap_expr_eval_re_backref(ap_expr_eval_ctx_t *ctx, unsigned int n)
{
  int len;
  if (!ctx->re_pmatch || !ctx->re_source ||
      *ctx->re_source == '\0' ||
      ctx->re_nmatch < n + 1)
    return "";
  ....
}
-------------------------------------------------------------------------------
V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md4.c 362

V597: http://www.viva64.com/en/d/0208/

static void MD4Transform(apr_uint32_t state[4], const unsigned char block[64])
{
  apr_uint32_t a = state[0], b = state[1],
               c = state[2], d = state[3],
               x[APR_MD4_DIGESTSIZE];  
  ....
  /* Zeroize sensitive information. */
  memset(x, 0, sizeof(x));
}

V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md5.c 436
V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. apr apr_md5.c 662
V597 The compiler could delete the 'memset' function call, which is used to flush 'tmpbuf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. aprutil apr_md5.c 436
V597 The compiler could delete the 'memset' function call, which is used to flush 'final' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. aprutil apr_md5.c 662
V597 The compiler could delete the 'memset' function call, which is used to flush 'x' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. aprutil apr_md4.c 362
V597 The compiler could delete the 'memset' function call, which is used to flush 'buf' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. htdbm passwd_common.c 165
-------------------------------------------------------------------------------
V614 Potentially uninitialized pointer 'wch' used. apr start.c 58

V614: http://www.viva64.com/en/d/0230/

static int warrsztoastr(const char * const * *retarr,
                        const wchar_t * arrsz, int args)
{
  const apr_wchar_t *wch;
  ....

  if (args < 0) {
    for (args = 1, wch = arrsz; wch[0] || wch[1]; ++wch)
      if (!*wch)
       ++args;
  }
  wsize = 1 + wch - arrsz;
  ....
}
-------------------------------------------------------------------------------
V654 The condition 'retry < 2' of loop is always true. mod_proxy_wstunnel mod_proxy_wstunnel.c 436

V654: http://www.viva64.com/en/d/0275/

static int proxy_wstunnel_handler(....)
{
  int retry;
  ....
  retry = 0;
  while (retry < 2) {
    char *locurl = url;
    ....
    // Variable 'retry' is not used
    ....
  }
  ....
}

----
Best regards,
Andrey Karpov
Ph.D. in Mathematics, CTO
OOO "Program Verification Systems" (Co Ltd)
URL: www.viva64.com
E-Mail: karpov@viva64.com