GitLab

After #13036 (moved) was committed, clang --analyze continued to produce 2 existing NULL pointer dereference warnings; and 1 new uninitialised variable warning. I am compiling tor from git source on OS X.

== 01-in6-addr32-not-null.patch

The NULL pointer warnings on the return value of tor_addr_to_in6_addr32() are incorrect. But clang can't work this out itself due to limited analysis depth. To teach the analyser that the return value is safe to dereference, I applied tor_assert to the return value. This assert can optionally be wrapped in:

#if !defined(__clang_analyzer__) || PARANOIA

or similar, if performance is an issue in this code. The assertion silences the spurious warning.

== 02-dirserv-init-msg.patch

At this point in the code, msg has been set to a string constant. But the tor code checks that msg is not NULL, and the redundant NULL check confuses the analyser:

      log_info(LD_DIRSERV, "Router %s is now rejected: %s",
               description, msg?msg:"");

To avoid this spurious warning, the patch initialises msg to NULL.

== clang --analyze clean!

Once these patches are applied, tor is clang --analyze clean, except for dead stores. (Which I trust the optimiser to remove in most cases.)

== git version

These warnings occur in the git source of tor 0.2.6.?-alpha around 14 September 2014 e.g. commit d6b2a1709d28c656dadc019fb24145e6ac400771