OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
John-Mark Gurney
jmg at funkthat.com
Wed Apr 23 17:54:01 UTC 2014
Erik Cederstrand wrote this message on Wed, Apr 23, 2014 at 12:06 +0200:
> Den 23/04/2014 kl. 03.12 skrev Ronald F. Guilmette <rfg at tristatelogic.com>:
> >
> > In message <20140423010054.2891E143D098 at rock.dv.isc.org>,
> > Mark Andrews <marka at isc.org> wrote:
> >
> >> As for the number of CLANG analysis warnings. Clang has false
> >> positives
> >
> > Please define your terms.
> >
> > I do imagine that the truth or falsehood of your assertion may depend
> > quite substantally on what one does or does not consider a "false
> > positive" in this context.
>
> Have a look at the ~10.000 reports at http://scan.freebsd.your.org/freebsd-head/ (unavailable ATM). Silly things are reported like missing return at the end of main()
Considering that this is legal C99, it is very silly, from 5.1.2.2.3 of
the C99 spec:
reaching the } that terminates the main function returns a value of 0.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-security
mailing list