cppcheck 1.89 enabled certain value flow analysis mechanisms [1] which
trigger null pointer dereference false positives in lib/dns/rpz.c:
lib/dns/rpz.c:584:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
^
lib/dns/rpz.c:1425:44: note: Calling function 'adj_trigger_cnt', 4th argument '(void*)0' value is 0
adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
^
lib/dns/rpz.c:584:7: note: Null pointer dereference
if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
^
lib/dns/rpz.c:598:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
^
lib/dns/rpz.c:1425:44: note: Calling function 'adj_trigger_cnt', 4th argument '(void*)0' value is 0
adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
^
lib/dns/rpz.c:598:7: note: Null pointer dereference
if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
^
lib/dns/rpz.c:612:7: warning: Possible null pointer dereference: tgt_ip [nullPointer]
if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
^
lib/dns/rpz.c:1425:44: note: Calling function 'adj_trigger_cnt', 4th argument '(void*)0' value is 0
adj_trigger_cnt(rpzs, rpz_num, rpz_type, NULL, 0, true);
^
lib/dns/rpz.c:612:7: note: Null pointer dereference
if (KEY_IS_IPV4(tgt_prefix, tgt_ip)) {
^
It seems that cppcheck no longer treats at least some REQUIRE()
assertion failures as fatal, so add extra assertion macro definitions to
lib/isc/include/isc/util.h that are only used when the CPPCHECK
preprocessor macro is defined; these definitions make cppcheck 1.89
behave as expected.
There is an important requirement for these custom definitions to work:
cppcheck must properly treat abort() as a function which does not
return. In order for that to happen, the __GNUC__ macro must be set to
a high enough number (because system include directories are used and
system headers compile attributes away if __GNUC__ is not high enough).
__GNUC__ is thus set to the major version number of the GCC compiler
used, which is what that latter does itself during compilation.
[1] https://github.com/danmar/cppcheck/commit/
aaeec462e6d96bb70c2b1cf030979d09e2d7c959
(cherry picked from commit
abfde3d543576311ce5d32089d774a360b7edc9f)
.cppcheck: &cppcheck_job
<<: *default_triggering_rules
stage: postcheck
+ before_script:
+ - export GCC_VERSION=$(gcc --version | sed -n 's/.*\([0-9]\+\)\.[0-9]\+\.[0-9]\+.*/\1/p')
+ - sed -i "/gcc\",/a\"-DCPPCHECK\", \"-D__STDC__\", \"-D__GNUC__=${GCC_VERSION}\"," compile_commands.json
script:
- *run_cppcheck
after_script:
#define _assert_int_not_equal(a, b, f, l) \
(((a) != (b)) ? (void)0 : (_assert_int_not_equal(a, b, f, l), abort()))
#else /* UNIT_TESTING */
+
+#ifndef CPPCHECK
+
/*
* Assertions
*/
/*% Invariant Assertion */
#define INVARIANT(e) ISC_INVARIANT(e)
+#else /* CPPCHECK */
+
+/*% Require Assertion */
+#define REQUIRE(e) if (!(e)) abort()
+/*% Ensure Assertion */
+#define ENSURE(e) if (!(e)) abort()
+/*% Insist Assertion */
+#define INSIST(e) if (!(e)) abort()
+/*% Invariant Assertion */
+#define INVARIANT(e) if (!(e)) abort()
+
+#endif /* CPPCHECK */
+
#endif /* UNIT_TESTING */
/*
projects / thirdparty / bind9.git / commitdiff
