New compile warnings...

Gary E. Miller gem at rellim.com
Sun Nov 7 21:32:17 UTC 2021 

Yo Hal!

On Sat, 06 Nov 2021 16:07:20 -0700
Hal Murray <halmurray at sonic.net> wrote:

> > BUg or not, gcc should compile NTPsec.  

> Where did you get the version you are using?  Can you double check
> the download and install?

I tried this on different host: Gentoo unstable on amd64.

gcc version:

# gcc-config -l
 [1] x86_64-pc-linux-gnu-11.2.0 *

It compiles fine, until I add this:

     export CFLAGS="-Wvla -fanalyzer"

Then I get the warnings.

I have done a rebuild world in the last 30 days, so the install and hardware
are fine.

Looking at the messages.  This one is valid:

[246/310] Compiling ntpd/refclock_conf.c
../../ntpd/ntp_monitor.c: In function ‘mon_get_oldest_age’:
../../ntpd/ntp_monitor.c:295:18: warning: dereference of NULL ‘0’ [CWE-476] [-Wa
nalyzer-null-dereference]
  295 |     now -= oldest->last;
      |            ~~~~~~^~~~~~

This one is valid, if malloc() fails:

[272/310] Compiling ntpd/ntp_loopfilter.c
../../ntpd/refclock_trimble.c: In function ‘sendsupercmd’:
../../ntpd/refclock_trimble.c:203:23: warning: dereference of possibly-NULL ‘tx.
data’ [CWE-690] [-Wanalyzer-possible-null-dereference]
  203 |         *buffer->data = DLE;
      |                       ^

ASimilarly:

[282/310] Compiling ntpfrob/pps-api.c
../../ntpd/ntp_scanner.c: In function ‘lex_push_file’:
../../ntpd/ntp_scanner.c:429:55: warning: dereference of possibly-NULL ‘baselist
’ [CWE-690] [-Wanalyzer-possible-null-dereference]
  429 |                                 baselist[basecount++] = strdup(dp->d_nam
e);
      |                                 ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~
~~

That can happen if you run out of memory from failure to check strdup() return.

So two missing NULL checks (malloc() and strduo()).

The other one is a failure in ntp_lists, which I don't understand how to fix.


RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20211107/74a6fa04/attachment.bin>

More information about the devel mailing list