Simon Josefsson simon@josefsson.org writes:
Clang-analyze on the code did not raise any errors in the core library, but some other minor issues in other code:
Thanks, I've reviewed the code in questions:
API Argument with 'nonnull' attribute passed null tools/sexp-conv.c 274
This is a call to strtol.
int width = strtol(optarg, &end , 0);
optarg shouldn't be NULL, but that's not really nettle's responsibility (-w has a required argument in the getopt_long call). Warning seems to be a false positive.
Dead store Dead assignment examples/io.c 88
Dead store Dead assignment examples/io.c 90
This is a minor real bug.
Logic error Dereference of null pointer tools/nettle-hash.c 204
Logic error Dereference of null pointer tools/nettle-hash.c 205
This is
length = alg->digest_size; else if (length > alg->digest_size)
and there's an if (!alg) die(...) earlier, where (at least for gcc) die is declared as __attribute((__noreturn__)). Warning seems to be a false positive.
But there's a related copy&paste error, since werror has the same declaration and it *does* return,
Logic error Dereference of null pointer examples/io.c 123
buffer[done] = '\0';
buffer is return value from a realloc call with a NULL check and return. The logic using feof and ferror looks a bit suspicious, but as long as feof is false just after fopen, things should be ok (and feof should not be set until one attempts to read).
Thanks, /Niels