automated cppcheck for gnupg
Leo Gaspard
ekleog at gmail.com
Tue Apr 15 21:22:30 CEST 2014
On Tue, Apr 15, 2014 at 03:05:55PM -0400, Hans-Christoph Steiner wrote:
> As part of all the C/C++ jobs that we run on our jenkins build server, I set
> up cppcheck on them. It is a static code analyzer that has caught some of our
> mistakes (a kin to heartbleed, they are easy to make in C).
>
> I have cppcheck running on the gnupg jobs that are already running there. It
> does not seem to be pointing to anything too alarming, but it does claim a
> number of memory leaks:
Given that you report errors such as
> deallocDealloc Deallocating a deallocated pointer: hd
(and others, including null dereferences), that could possibly be security flaws
(don't know, didn't look at the code), I suggest that, next time, you report it
to Werner by private email instead of using a public mailing list.
Just my two cents !
Leo
More information about the Gnupg-devel
mailing list