automated cppcheck for gnupg

Leo Gaspard ekleog at
Tue Apr 15 21:22:30 CEST 2014

On Tue, Apr 15, 2014 at 03:05:55PM -0400, Hans-Christoph Steiner wrote:
> As part of all the C/C++ jobs that we run on our jenkins build server, I set
> up cppcheck on them.  It is a static code analyzer that has caught some of our
> mistakes (a kin to heartbleed, they are easy to make in C).
> I have cppcheck running on the gnupg jobs that are already running there.  It
> does not seem to be pointing to anything too alarming, but it does claim a
> number of memory leaks:

Given that you report errors such as 
> 	deallocDealloc	Deallocating a deallocated pointer: hd
(and others, including null dereferences), that could possibly be security flaws
(don't know, didn't look at the code), I suggest that, next time, you report it
to Werner by private email instead of using a public mailing list.

Just my two cents !


More information about the Gnupg-devel mailing list