automated cppcheck for gnupg

[Hans-Christoph Steiner]

As part of all the C/C++ jobs that we run on our jenkins build server, I set
up cppcheck on them.  It is a static code analyzer that has caught some of our
mistakes (a kin to heartbleed, they are easy to make in C).

I have cppcheck running on the gnupg jobs that are already running there.  It
does not seem to be pointing to anything too alarming, but it does claim a
number of memory leaks:


libgcrypt/tests/rsacvt.c:426
	resourceLeak	Resource leak: input

libgcrypt/src/hmac256.c:510
	deallocDealloc	Deallocating a deallocated pointer: hd

libksba/src/cert.c:447
	nullPointer	Possible null pointer dereference: cert - otherwise it is
redundant to check if cert is null at line 445

libgcrypt/cipher/test-getrusage.c:49
	wrongPrintfScanfArgNum	fprintf format string has 7 parameters but only 0 are
given

libgcrypt/cipher/md.c:1251
	nullPointer	Possible null pointer dereference: spec - otherwise it is
redundant to check if spec is null at line 1247

libgcrypt/cipher/md.c:976
	nullPointer	Possible null pointer dereference: r - otherwise it is redundant
to check if r is null at line 971

libassuan/src/assuan.c:136
	nullPointer	Possible null pointer dereference: ctx - otherwise it is
redundant to check if ctx is null at line 135

gpgme/tests/gpg/t-eventloop.c:82
	autoVariables	Assigning address of local auto-variable to a function parameter.

gpgme/src/w32-io.c:797
	memleak	Memory leak: ctx

gpgme/src/w32-util.c:713
	memleak	Memory leak: tmpname



Also, in my experience, cppcheck does a better job when there are fewer little
hacks like:

pinentry/gtk+-2/gtksecentry.h:188 syntaxError
	Invalid number of character ({) when these macros are defined:
'MAKE_EMACS_HAPPY;__cplusplus'


So the question is whether these should be automatically reported to
committers, like build errors and test errors?  Are there any other static
code analyzers that we can run there?

.hc

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81