splint ("secure programming lint") is a lint implementation, i.e. a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint.
Questions tagged [splint]
84 questions
2
votes
0 answers
Using Binary Constants (prefix 0b) In Code Processed by Splint
According to the GCC website and the SDCC Manual§3.5.7, both GCC and SDCC allow the use of binary constants such as this one, where the decimal number 2 is represented: 0b0010
Unfortunately, splint does not seem to handle this well resulting in a…
EchoLynx
- 410
- 5
- 11
2
votes
2 answers
What is the meaning of this splint warning and what might I be doing wrong?
This is the line of code:
bool cpfs_utimens(struct Cpfs *, char const *path, struct timespec const[2]);
Running splint 3.1.2 generates this warning:
cpfs.h:21:74: Function parameter times declared as manifest array (size
constant…
Matt Joiner
- 112,946
- 110
- 377
- 526
2
votes
1 answer
Memory leak after using free() in destroyer function in c (according to splint)
I am relearning C, and using splint to test my source code.
I am trying to do the following:
create a structure with a "constructor" function
destroy the structure with a "destructor" function, which frees the memory of the structure.
However,…
hilcharge
- 1,515
- 3
- 12
- 18
2
votes
1 answer
Splint unable to check maxSet on pointer to stack variable
I have a program that does something like the following:
#include
#include
int f(char *result)
{
if (result != NULL)
{
*result = 'a';
}
return 0;
}
int main ()
{
char s = 0;
(void)f(&s);
…
markw
- 620
- 3
- 14
2
votes
2 answers
C Character from literal Splint warns of incompatible types
I have a program that uses unsigned chars to represent integers with a small range. I find myself needing to clear them to 0 in several different parts of the program, I have also recently started using splint and apparently:
unsigned char c =…
jayjay
- 1,017
- 1
- 11
- 23
2
votes
2 answers
Splint: "Value strings[] used before definition" with dynamic array
I'm using a dynamic array of strings in C:
char** strings;
I initialize it:
int max = 10;
strings = malloc(sizeof(char*) * max);
And copy a couple of dummy strings:
char* str = "dummy";
for (int i = 0; i < max; i++) {
strings[i] =…
Olle Härstedt
- 3,799
- 1
- 24
- 57
2
votes
0 answers
C Static Analysers: setting up to automatically include all files that the IDE/compiler knows about
Do I have to manually tell the static analyser which files to include in the analysis?
I'm using a NetBeans-based IDE (MPLAB X) to program an embedded system in C (with the XC8 compiler). It is very easy to build the project, and when I add .c or .h…
Jodes
- 14,118
- 26
- 97
- 156
2
votes
1 answer
How to return memory pointer from argument to apply to splint
I met an issue to use splint. Here is the similar code
#include
#include
static void getMem(/*@null@*/void **out, size_t size)
{
if(out == NULL)
return;
*out = malloc(size);
}
int main(/*@unused@*/int argc,…
Catro
- 21
- 2
2
votes
3 answers
Removing null warnings in Splint
I have been trying out Splint with a C program I recently wrote and trying to understand and remove the warnings it gives. One I understand but can't understand how to remove it comes from the following code snippet:
static MyType_t *findById(const…
Makis
- 12,468
- 10
- 62
- 71
2
votes
1 answer
How do I trigger Splint's abstract type checker?
I want to use Splint to detect implicit casts between typedefs with the same underlying type, such as in the following code:
typedef int counter;
typedef int delta;
static int func(int a, int b, int c)
{
return a + b + c;
}
int main(void)
{
…
detly
- 29,332
- 18
- 93
- 152
2
votes
1 answer
splint how to perform taint analysis
How to perform Taint Analysis using Splint?
I have installed Splint on my Ubuntu 12.04. Created a small test case as below:
#include
#include
int main(int argc, char *argv[]) {
char a[10];
strncpy(a,argv[1],10);
…
Romaan
- 2,645
- 5
- 32
- 63
1
vote
1 answer
Solving and fixing vulnerability pointed by the static analysis tool SPLINT
I was working on my project and tried to run splint to see some hidden vulnerability and improve the my quality of code and I ran splint on one of my .c files of the project and I came across these 4 warnings
Splint 3.1.2 --- 20 Feb…
Satyam Dwivedi
- 142
- 9
1
vote
2 answers
Why does splint suggest that { 0 } doesn't really initialize all elements to zero in C: Initializer does not define all elements of a declared array
In this piece of code (the whole file contains only one line):
char buffer[256] = { 0 };
Checked with Splint, I got the following hint:
foo.c(1,20): Initializer block for buffer has 1 element, but declared as char
[256]: 0
…
user26742873
- 919
- 6
- 21
1
vote
2 answers
PTHREAD_COND_INITIALIZER vs Splint
I have the following code
static pthread_mutex_t watchdogMutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_cond_t watchdogCond = PTHREAD_COND_INITIALIZER;
and I get the following errors/warnings when using Splint
Static watchdogCond._data._mutex…
some_id
- 29,466
- 62
- 182
- 304
1
vote
4 answers
What is the differences about struct in C99 to ANSI-C?
This code doesn't appear to be correct in ANSI-C, but ok in C99 :
struct a { int x; int y; } z;
What are the differences about struct in C99 and ANSI-C ?
Edit: I forgot the "a", my bad. This code compiles ok with gcc in C99 mode, but is a parse…
ofaurax
- 1,417
- 1
- 20
- 27