On Mon, Apr 24, 2017 at 10:13 AM, Chet Ramey <[email protected]> wrote: [...] > I'd be interested in seeing the results. In my experience with similar > tools, the false positive ratio is very high.
Most of the "errors" identified are due to unused variables. It does have some interesting reports though: #1 optimized_assignment in variables.c does not check if xrealloc was successful (i.e. not NULL), so if it fails, strcpy will end up dereferencing a null pointer. #2 command_substitute in subst.c the value of old_pid is uninitialized when pipe() returns an error, so last_made_pid ends up being a garbage value. I modified the code to print the value of last_made_pid in `error_exit'. I don't know how last_made_pid is used, so I don't know if this is a problem or not. | dualbus@debian:~/src/gnu/bash$ ./bash -c 'ulimit -n 3; $(:); echo hi' | ./bash: cannot make pipe for command substitution: Too many open files | last_made_pid = -1074209592 | hi #3 parameter_brace_expand_indir in subst.c the value of `v' (SHELL_VAR pointer) when var_is_special > 0 is not defined, so `legal_identifier (name) && v == 0' relies on undefined behavior. I've attached the build log to https://savannah.gnu.org/support/index.php?109301
