[Freeswitch-dev] Static analysis tool Cppcheck discovered many errors in FreeSWITCH code

Michael Jerris mike at jerris.com
Tue Aug 30 18:05:08 MSD 2016


The correct way to do this would be to run this on the latest master branch of freeswitch and file and potential issues as security issues in Jira.  Yes, many hundreds of issues have been fixed since 1.4 (1.4 is now eol) and we make use of static analysis tools.  Static analysis tools in general have very high false positive rate, we do our best to address issues found with them, but they require much more than running a tool and getting a report.  Every single one of those reports needs to be investigated, confirmed if its actually valid (typically 80%+ are not), reported.


> On Aug 30, 2016, at 9:07 AM, Vladimir Mancic <vmancic at ooma.com> wrote:
> 
> Hi,
> 
>  
> Static analysis tool Cppcheck discovered many errors in FreeSWITCH v1.4 code (memory leaks, resource leaks, double frees,...):
> 
>  
> - memleak (76 occurances)
> 
> - memleakOnRealloc (12 occurances)
> 
> - resourceLeak (21 occurances)
> 
> - doubleFree (more than 100 occurances)
> 
> 
> 
> Is this known to the FreeSWITCH community, and has there been any work on it in more recent versions of FreeSWITCH?
> 
> 
> 
> 
> 
> Thanks,
> 
> Vladimir
> 
> <FreeSwitch-Cppcheck-Results.xml>_________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org <mailto:consulting at freeswitch.org>
> http://www.freeswitchsolutions.com <http://www.freeswitchsolutions.com/>
> 
> Official FreeSWITCH Sites
> http://www.freeswitch.org <http://www.freeswitch.org/>
> http://wiki.freeswitch.org <http://wiki.freeswitch.org/>
> http://www.cluecon.com <http://www.cluecon.com/>
> 
> FreeSWITCH-dev mailing list
> FreeSWITCH-dev at lists.freeswitch.org <mailto:FreeSWITCH-dev at lists.freeswitch.org>
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev <http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev>
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev <http://lists.freeswitch.org/mailman/options/freeswitch-dev>
> http://www.freeswitch.org <http://www.freeswitch.org/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20160830/9eca16e8/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-dev mailing list