Bug 60086 - PVS-Studio: Rechecking Apache HTTP Server
Summary: PVS-Studio: Rechecking Apache HTTP Server
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: All (show other bugs)
Version: 2.5-HEAD
Hardware: PC All
: P2 minor (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
: 60903 (view as bug list)
Depends on:
Reported: 2016-09-06 07:12 UTC by Andrey Karpov
Modified: 2018-05-28 19:25 UTC (History)
1 user (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Karpov 2016-09-06 07:12:20 UTC
Apache HTTP Server project continues to develop, and so does PVS-Studio analyzer, growing even more powerful with every new version. Let's see what we've got this time: http://www.viva64.com/en/b/0427/
Comment 1 Christophe JAILLET 2018-05-24 21:01:15 UTC
For the records and to give credit to your static analyzer, the "Suspicious expression" has been fixed in r1797550 and is recorded as a CVE (CVE-2017-7679)

"Incorrect check for an empty string" has been fixed in r1812307 and is now also spotted by gcc 8.1+

"Incrementing a pointer instead of the value" is a mystery to me. This code does not seem to be there anymore!

"Incorrect password clearing" is recorded as bug 58921.

"Uninitialized variable" is part of APR, not httpd itself. I'll apply a fix for that.

"Incorrect check of HRESULT" is fixed in r1832198.

"Superfluous operation?" is fixed in r1832200.

"Redundant condition" is fixed in r1832202.

Thanks for the report. This should have help us close a potential security issue much earlier :(
Anyway, any new analysis would be appreciated.
Comment 2 Christophe JAILLET 2018-05-28 19:25:49 UTC
*** Bug 60903 has been marked as a duplicate of this bug. ***