[Bug 3167] New: Bugs found by static tests

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed May 20 09:24:47 AEST 2020 

https://bugzilla.mindrot.org/show_bug.cgi?id=3167

            Bug ID: 3167
           Summary: Bugs found by static tests
           Product: Portable OpenSSH
           Version: 8.2p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tester7632 at web.de

Running the current version of openssh-portable through SonarQube
revealed a number of bugs.

While there are a lot of false positives or simply unimportant bugs, I
found several areas that seem like legitimate coding errors.


https://sonarcloud.io/project/issues?id=openssh-portable_allfeatures&open=AXIu_cwVij8m0Z5KWuok&resolved=false&types=BUG

https://sonarcloud.io/project/issues?id=openssh-portable_allfeatures&open=AXIu_cwVij8m0Z5KWuop&resolved=false&types=BUG

https://sonarcloud.io/project/issues?id=openssh-portable_allfeatures&open=AXIu_cwxij8m0Z5KWutU&resolved=false&types=BUG

https://sonarcloud.io/project/issues?id=openssh-portable_allfeatures&open=AXIu_c8Tij8m0Z5KWvbw&resolved=false&types=BUG

https://sonarcloud.io/project/issues?id=openssh-portable_allfeatures&open=AXIu_c2tij8m0Z5KWvEw&resolved=false&types=BUG

https://sonarcloud.io/project/issues?id=openssh-portable_allfeatures&open=AXIu_c21ij8m0Z5KWvE9&resolved=false&types=BUG


The complete report can be found here: 
https://sonarcloud.io/project/issues?id=openssh-portable_allfeatures&open=AXIu_c21ij8m0Z5KWvE9&resolved=false&types=BUG


At a first glance I found also issues in the test cases:

https://sonarcloud.io/project/issues?id=openssh-portable-tests&open=AXIu8yLf_34BaxGawOJ2&resolved=false&tags=pitfall&types=BUG

https://sonarcloud.io/project/issues?id=openssh-portable-tests&open=AXIu8yLf_34BaxGawOKT&resolved=false&severities=CRITICAL&types=BUG



I have not gone through all of the reported bugs yet.
The use after free bugs probably need some closer look.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list