Re: Latest SQLite vs. Xcode's Analyze : 61 issues
Re: Latest SQLite vs. Xcode's Analyze : 61 issues
- Subject: Re: Latest SQLite vs. Xcode's Analyze : 61 issues
- From: Mark Wagner <email@hidden>
- Date: Fri, 14 Sep 2012 15:06:00 -0700
On Thu, Sep 13, 2012 at 12:31 AM, Dix Lorenz <email@hidden> wrote:
>
> On 13.09.2012, at 01:33, Jens Alfke <email@hidden> wrote:
>
>>> static int sqlite3OsRandomness(sqlite3_vfs *pVfs, int nByte, char *zBufOut){
>>> return pVfs->xRandomness(pVfs, nByte, zBufOut);
>>> }
>>> // Issue: Access to field 'xRandomness' results in a dereference of a null pointer (loaded from variable 'pVfs’)
>>
>> For example, this warning is only valid if the function is ever called with a NULL pVfs parameter.
>
> That's the difference. The analyzer is saying "This is code that can easily be misused. Consider rewriting it.", not "this code is wrong".
It's been a while since I poked around in the internals of SQLite's
VFS code, but I'm fairly sure there is no code path that permits a
NULL pointer to be passed to sqlite3OsRandomness, except through
deliberate malicious intent on the part of the end user. The
sqlite3OsRandomness function is not exposed to the user; rather, it
gets its parameters from a data structure that the user passes in to
one of the API functions. All constructors for that data structure
ensure that the pVFS element is not NULL, so the user would need to
modify an opaque data structure with the intent of sneaking a NULL
pointer where it shouldn't go. Sure, you can add additional checks
against it, but is it worth your time?
--
Mark Wagner
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden