On FreeBSD 13.0-RELEASE I see already an error when compiling
crossprocess.cpp.
git clone https://github.com/time-killer-games/CrossProcess.git crossprocess
cd crossprocess
clang++ -c crossprocess.cpp
Code:
crossprocess.cpp:474:11: error: cannot initialize a variable of type 'char *' with an rvalue of type 'const std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>::value_type *' (aka 'const char *')
char *exe = str1.data();
^ ~~~~~~~~~~~
1 error generated.
Then I changed the declaration on line 474 to
const char *exe = ... and got just the next error.
Code:
crossprocess.cpp:475:9: error: no matching function for call to 'sysctl'
if (sysctl(mib, 4, exe, &s, nullptr, 0) == 0) {
^~~~~~
/usr/include/sys/sysctl.h:1185:5: note: candidate function not viable: no known conversion from 'const char *' to 'void *' for 3rd argument; take the address of the argument with &
int sysctl(const int *, u_int, void *, size_t *, const void *, size_t);
^
1 error generated.
Now on line 475 I forced the
exe parameter to be of type
(char *), and then this compiles without errors. But this is not how it should be done. If the returned value of
str1.data() really and seriously points to a read only memory block, and then when
sysctl() tries to write to this block, that will lead to a crash.
clang++ --analyze -c crossprocess.cpp -o crossprocess.xml
Code:
crossprocess.cpp:633:11: warning: Branch condition evaluates to a garbage value [core.uninitialized.Branch]
if (cmdline) {
^~~~~~~
crossprocess.cpp:732:7: warning: Branch condition evaluates to a garbage value [core.uninitialized.Branch]
if (buffer) {
^~~~~~
2 warnings generated.
The XML file is a bit messy to read, and I prefer to see the results of the static analyzer in an IDE like Xcode. Anyway here it comes. This shows the problematic executions paths step by step giving the line of each step, and the condition which brings you to the next step.
crossprocess.xml
XML:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>clang_version</key>
<string>FreeBSD clang version 11.0.1 (git@github.com:llvm/llvm-project.git llvmorg-11.0.1-0-g43ff75f2c3fe)</string>
<key>diagnostics</key>
<array>
<dict>
<key>path</key>
<array>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>627</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>627</integer>
<key>col</key><integer>24</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>629</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>629</integer>
<key>col</key><integer>4</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>629</integer>
<key>col</key><integer>3</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>629</integer>
<key>col</key><integer>4</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>629</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>629</integer>
<key>col</key><integer>12</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>pop-up</string>
<key>location</key>
<dict>
<key>line</key><integer>629</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>629</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>629</integer>
<key>col</key><integer>12</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>extended_message</key>
<string>'procId' is non-null</string>
<key>message</key>
<string>'procId' is non-null</string>
</dict>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>629</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>629</integer>
<key>col</key><integer>12</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>630</integer>
<key>col</key><integer>5</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>630</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>630</integer>
<key>col</key><integer>21</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>630</integer>
<key>col</key><integer>21</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>630</integer>
<key>col</key><integer>29</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>Entering loop body</string>
<key>message</key>
<string>Entering loop body</string>
</dict>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>630</integer>
<key>col</key><integer>5</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>630</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>631</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>631</integer>
<key>col</key><integer>10</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>631</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>631</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>631</integer>
<key>col</key><integer>20</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>'cmdline' declared without an initial value</string>
<key>message</key>
<string>'cmdline' declared without an initial value</string>
</dict>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>631</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>631</integer>
<key>col</key><integer>10</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>632</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>632</integer>
<key>col</key><integer>23</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>632</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>632</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>632</integer>
<key>col</key><integer>55</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>Calling 'CmdlineFromProcId'</string>
<key>message</key>
<string>Calling 'CmdlineFromProcId'</string>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>557</integer>
<key>col</key><integer>1</integer>
<key>file</key><integer>0</integer>
</dict>
<key>depth</key><integer>1</integer>
<key>extended_message</key>
<string>Entered call from 'ProcIdFromParentProcIdSkipSh'</string>
<key>message</key>
<string>Entered call from 'ProcIdFromParentProcIdSkipSh'</string>
</dict>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>557</integer>
<key>col</key><integer>1</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>557</integer>
<key>col</key><integer>4</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>558</integer>
<key>col</key><integer>30</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>558</integer>
<key>col</key><integer>35</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>558</integer>
<key>col</key><integer>30</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>558</integer>
<key>col</key><integer>35</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>558</integer>
<key>col</key><integer>30</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>558</integer>
<key>col</key><integer>35</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>558</integer>
<key>col</key><integer>30</integer>
<key>file</key><integer>0</integer>
</dict>
<key>depth</key><integer>1</integer>
<key>extended_message</key>
<string>Returning without writing to '*buffer'</string>
<key>message</key>
<string>Returning without writing to '*buffer'</string>
</dict>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>558</integer>
<key>col</key><integer>30</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>558</integer>
<key>col</key><integer>35</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>558</integer>
<key>col</key><integer>30</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>558</integer>
<key>col</key><integer>35</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>632</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>632</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>632</integer>
<key>col</key><integer>55</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>Returning from 'CmdlineFromProcId'</string>
<key>message</key>
<string>Returning from 'CmdlineFromProcId'</string>
</dict>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>632</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>632</integer>
<key>col</key><integer>23</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>633</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>633</integer>
<key>col</key><integer>8</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>control</string>
<key>edges</key>
<array>
<dict>
<key>start</key>
<array>
<dict>
<key>line</key><integer>633</integer>
<key>col</key><integer>7</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>633</integer>
<key>col</key><integer>8</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
<key>end</key>
<array>
<dict>
<key>line</key><integer>633</integer>
<key>col</key><integer>11</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>633</integer>
<key>col</key><integer>17</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</dict>
</array>
</dict>
<dict>
<key>kind</key><string>event</string>
<key>location</key>
<dict>
<key>line</key><integer>633</integer>
<key>col</key><integer>11</integer>
<key>file</key><integer>0</integer>
</dict>
<key>ranges</key>
<array>
<array>
<dict>
<key>line</key><integer>633</integer>
<key>col</key><integer>11</integer>
<key>file</key><integer>0</integer>
</dict>
<dict>
<key>line</key><integer>633</integer>
<key>col</key><integer>17</integer>
<key>file</key><integer>0</integer>
</dict>
</array>
</array>
<key>depth</key><integer>0</integer>
<key>extended_message</key>
<string>Branch condition evaluates to a garbage value</string>
<key>message</key>
<string>Branch condition evaluates to a garbage value</string>
</dict>
</array>
<key>description</key><string>Branch condition evaluates to a garbage value</string>
<key>category</key><string>Logic error</string>
<key>type</key><string>Branch condition evaluates to a garbage value</string>
<key>check_name</key><string>core.uninitialized.Branch</string>
<!-- This hash is experimental and going to change! -->
<key>issue_hash_content_of_line_in_context</key><string>2fe90dc8eae113ac644d2d178c3bef04</string>
<key>issue_context_kind</key><string>function</string>
<key>issue_context</key><string>ProcIdFromParentProcIdSkipSh</string>
<key>issue_hash_function_offset</key><string>7</string>
...
So, clangs static analyzer points to 2 other potential crashers in your code.