shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-21 09:33:57 +03:00
Code
56,035 Commits 36 Branches 648 Tags 226 MiB
v250-stable
Commit Graph

11 Commits

Author SHA1 Message Date
Frantisek Sumsal
a3f0533ffc ci: pack-ify our custom CodeQL queries and enable them in Actions 
Unlike LGTM, the CodeQL Action requires the custom queries to have their
own qlpack.yml file, so let's provide one.
 2021-12-07 14:57:09 +01:00
Frantisek Sumsal
c8fec8bf9b lgtm: detect more possible problematic scenarios 
1) don't ignore stack-allocated variables, since they may hide
   heap-allocated stuff (compound types)
2) check if there's a return between the variable declaration and its
   initialization; if so, treat the variable as uninitialized
3) introduction of 2) increased the query runtime exponentially, so
   introduce some optimizations to bring it back to some reasonable
   values
 2021-12-05 22:47:14 +01:00
Frantisek Sumsal
af18682136 lgtm: ignore certain cleanup functions 
as they don't do any illegal stuff even when used with an uninitialized
variable.
 2021-12-05 15:53:22 +01:00
Frantisek Sumsal
c7d70210fa lgtm: don't treat the custom note as a list of tags 
Just a cosmetic change.
 2021-12-02 16:56:54 +01:00
Frantisek Sumsal
863bff7548 lgtm: detect uninitialized variables using the __cleanup__ attribute 
This is a slightly modified version of the original
`cpp/uninitialized-local` CodeQL query which focuses only on variables
using the cleanup macros. Since this has proven to cause issues in the
past, let's panic on every uninitialized variable using any of the
cleanup macros (as long as they're written using the __cleanup__
attribute).

Some test results from a test I used when writing the query:

```
 #define _cleanup_foo_ __attribute__((__cleanup__(foo)))
 #define _cleanup_(x) __attribute__((__cleanup__(x)))

 static inline void freep(void *p) {
         *(void**)p = mfree(*(void**) p);
 }

 #define _cleanup_free_ _cleanup_(freep)

 static inline void foo(char **p) {
     if (*p)
         *p = free(*p);
 }

 int main(void) {
     __attribute__((__cleanup__(foo))) char *a;
     char *b;
     _cleanup_foo_ char *c;
     char **d;
     _cleanup_free_ char *e;
     int r;

     r = fun(&e);
     if (r < 0)
         return 1;

     puts(a);
     puts(b);
     puts(c);
     puts(*d);
     puts(e);

     return 0;
 }
```

```
+| test.c:23:14:23:14 | e | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:20:26:20:26 | e | e |
+| test.c:27:10:27:10 | a | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:16:45:16:45 | a | a |
+| test.c:29:10:29:10 | c | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:18:25:18:25 | c | c |
```
 2021-12-02 16:56:54 +01:00
Lennart Poettering
e2d0fa6feb lgtm: complain about accept() [people should use accept4() instead, due to O_CLOEXEC] 2019-04-10 20:03:38 +02:00
Lennart Poettering
9ff46eded2 lgtm: warn about strerror() use 2019-04-05 16:58:52 +02:00
Lennart Poettering
9b4805421e lgtm: beef up list of dangerous/questionnable API calls not to make 2019-04-02 12:45:46 +02:00
Evgeny Vereshchagin
7ba5ded9db lgtm: replace the query used for looking for fgets with a more general query 
to make it easier to comlain about `strtok` :-)

Inspired by https://github.com/systemd/systemd/pull/11963, which, in turn,
was prompted by https://github.com/systemd/systemd/pull/11555.
 2019-03-12 10:08:23 +01:00
Evgeny Vereshchagin
845702c638 lgtm: drop redundant newlines 2018-10-26 14:52:17 +02:00
Evgeny Vereshchagin
f86c1da283 lgtm: add a custom query for catching the use of fgets 
As everybody knows, nodoby really reads CODING_STYLE (especially
the last paragraph :-)) so let's utilize LGTM to help us catch the
use of fgets.
 2018-10-26 12:27:43 +02:00