Summary: | Some potential bugs reported by static analysis tool canalyze | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Zhenbo Xu <zhenbo1987> |
Component: | All | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | NEW --- | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 2.4.4 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux |
Description
Zhenbo Xu
2013-05-08 10:17:48 UTC
Thanks for the report. 1. Invalid. In the between of line 124 and 129 you can find: AP_DEBUG_ASSERT((pcm & SSL_PCM_EXISTS) || !(pcm & (SSL_PCM_ISREG|SSL_PCM_ISDIR|SSL_PCM_ISNONZERO))); So it is expected not to happen. This was introduced in r1180330 in the 2.4.x branch 2. r1503990 3. r1503991 8. Invalid At that point ctx->err can not be NULL. It has been set to err424_set or err424_delete which are allocated in the pool. Should the memory allocation fail, we would abort. 9. Invalid After the call you mention, we have AP_DEBUG_ASSERT(note != NULL); So it is expected not to be NULL. 12. r1504276 13. Invalid I think that you mean that 'groups' can be used uninitialized. If 'get_dbm_grp' just return, the status != APR_SUCCESS It is checked at line 231. So we are guaranteed that 'groups' is initialized when it is used. 14. same as 3 #15 is invalid. The code is guarded by AP_EXPR_FLAG_STRING_RESULT. See: AP_DEBUG_ASSERT((info->flags & AP_EXPR_FLAG_STRING_RESULT) == 0); in 'ap_expr_exec_re' |