[Freeswitch-dev] Static analysis tool Cppcheck discovered many errors in FreeSWITCH code

Vladimir Mancic vmancic at ooma.com
Wed Aug 31 13:02:35 MSD 2016


Thanks!

________________________________
Od: freeswitch-dev-bounces at lists.freeswitch.org [freeswitch-dev-bounces at lists.freeswitch.org] u ime korisnika Ken Rice [krice at freeswitch.org]
Poslato: 30. avgust 2016 19:34
Za: freeswitch-dev at lists.freeswitch.org
Tema: Re: [Freeswitch-dev] Static analysis tool Cppcheck discovered many errors in FreeSWITCH code

Easiest way is via git… see https://freeswitch.org/stash/projects/FS/repos/freeswitch/browse  (we use stash which is bitbucket or sorta like github)

From: freeswitch-dev-bounces at lists.freeswitch.org [mailto:freeswitch-dev-bounces at lists.freeswitch.org] On Behalf Of Vladimir Mancic
Sent: Tuesday, August 30, 2016 12:19 PM
To: freeswitch-dev at lists.freeswitch.org
Subject: Re: [Freeswitch-dev] Static analysis tool Cppcheck discovered many errors in FreeSWITCH code

Thank you.

And how to get the latest master branch?


Vladimir

________________________________
Od: freeswitch-dev-bounces at lists.freeswitch.org<mailto:freeswitch-dev-bounces at lists.freeswitch.org> [freeswitch-dev-bounces at lists.freeswitch.org] u ime korisnika Michael Jerris [mike at jerris.com]
Poslato: 30. avgust 2016 16:05
Za: freeswitch-dev at lists.freeswitch.org<mailto:freeswitch-dev at lists.freeswitch.org>
Tema: Re: [Freeswitch-dev] Static analysis tool Cppcheck discovered many errors in FreeSWITCH code
The correct way to do this would be to run this on the latest master branch of freeswitch and file and potential issues as security issues in Jira.  Yes, many hundreds of issues have been fixed since 1.4 (1.4 is now eol) and we make use of static analysis tools.  Static analysis tools in general have very high false positive rate, we do our best to address issues found with them, but they require much more than running a tool and getting a report.  Every single one of those reports needs to be investigated, confirmed if its actually valid (typically 80%+ are not), reported.


On Aug 30, 2016, at 9:07 AM, Vladimir Mancic <vmancic at ooma.com<mailto:vmancic at ooma.com>> wrote:

Hi,

Static analysis tool Cppcheck discovered many errors in FreeSWITCH v1.4 code (memory leaks, resource leaks, double frees,...):

- memleak (76 occurances)
- memleakOnRealloc (12 occurances)
- resourceLeak (21 occurances)
- doubleFree (more than 100 occurances)

Is this known to the FreeSWITCH community, and has there been any work on it in more recent versions of FreeSWITCH?


Thanks,
Vladimir
<FreeSwitch-Cppcheck-Results.xml>_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
consulting at freeswitch.org<mailto:consulting at freeswitch.org>
http://www.freeswitchsolutions.com<http://www.freeswitchsolutions.com/>

Official FreeSWITCH Sites
http://www.freeswitch.org<http://www.freeswitch.org/>
http://wiki.freeswitch.org<http://wiki.freeswitch.org/>
http://www.cluecon.com<http://www.cluecon.com/>

FreeSWITCH-dev mailing list
FreeSWITCH-dev at lists.freeswitch.org<mailto:FreeSWITCH-dev at lists.freeswitch.org>
http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev<http://lists.freeswitch.org/mailman/options/freeswitch-dev>
http://www.freeswitch.org<http://www.freeswitch.org/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20160831/bc45a9d1/attachment.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-dev mailing list