HP UX Web Development Tools manual Example 57 Use of pointer after free

Page 50

Example 57 Use of pointer after free

When there is reference to a memory through a pointer that has been previously freed, cadvise detects such potential issues as Use After Free cases.

For example, see the following code:

void use_after_free ()

{

char *p = malloc (20); strcpy (p, "hello"); free (p);

*p = 'c';

}

In such cases, cadvise generates the following error:

free.c", line 5, procedure use_after_free: warning #20205-D: Pointer is used after free

Example 58 Allocator/deallocator mismatch

Cadvise flags situations where memory has been allocated through a certain type of allocator, such as malloc, but is being freed with an unmatched deallocator, such as delete. This issue is particularly important in C++ applications where the memory is allocated using a operator array new but it is calling simply delete, instead of array delete.

For example, see the following code:

#include <malloc.h> void free1 ()

{

int i;

char* p = new char(10); free (p);

}

In such cases, cadvise generates the following warning:

"mismatch1.cpp", line 8, procedure free1: warning #20210-D: Mismatch in allocation and deallocation

50 Categories of diagnostics with examples

Image 50
Contents HP Code Advisor C.02.20 User Guide Page Contents Contents Intended audience Document conventions and symbolsAbout this document Related informationHP encourages your comments Cadvise-help@lists.hp.comIntroduction FeaturesCadvise user interface Features Cadvise user interfaceAdvanced static code analysis $ cadvise cc -c hello.cSupported compilers $ cadvise -pdb ./mypdb +wlint aCC hello.cppSupported platforms Installing Cadvise Using CadviseSteps in using cadvise Getting startedInvoking Cadvise See the following makefile content Using Cadvise as a wrapper around Compiler or LinkerFor information on PDB, see Using the Program Database PDB Integrating Cadvise with the makefiles and build processExample 2 Sample wrapper script Enabling different categories of diagnostic messagesGenerating code complexity metrics Example 3 Generating code complexity metrics Objfile.metricsGenerating code complexity metrics Example 4 Code complexity metrics $ cat /tmp/example.c+wcodeguide=rules-library Source structure in the rules library Example 5 Writing a rule to enforce naming conventionUsing the Program Database PDB Deleting PDB PDB options tableSpecifying the PDB location Disabling locks in PDB operationsExample 8 Removing object file information from the PDB Creating a PDB snapshot at a specified locationDisplaying PDB version Example 9 Creating a PDB snapshotCross-file analysis options Using cross-file analysisUsage Crossfile=auto Example 15 Specifying the location of object files Suppressing warnings selectively Configuring diagnostic messagesDiagnostic configuration options table Enabling warnings selectivelyManaging warnings in a source file Interpreting selective warnings as errorsDisabling warnings in a macro Cadvise report report-options -pdb pdbdir Generating reportsReport generation options table Cadvise report report-options logfileGenerating detailed report Generating summary reportsGenerating file summary report $cadvise report -summary -pdb testpdb -noheaderExample 23 Generating detailed report To save reports, run the following commandGenerating Html report $ cadvise report -pdb testpdb -allGenerating XML report Printing diagnostics with specific diagnostic numbersFollowing example shows the command to generate XML report Example 24 Generating an XML report$ cadvise report -pdb testpdb -diag Suppressing diagnostics for specific filesGenerating reports based on severity Example 26 Generating reports based on severity$ cadvise report -pdb test.pdb -summary -exclude inflate.c Reporting diagnostics from specific filesReporting program complexity metrics $ cadvise report -pdb test.pdb -summary -include inflate.c$ cadvise report -pdb gzip.pdb +metrics -include inflate.c Generating report for a moduleExample 29 Reporting program complexity metrics Generating PDB comparison report Modifying the default severity level of a diagnosticSuppressing report header $ cadvise report -pdb test.pdb -summary -module test1Example 34 Generating detailed diff report with the header $ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -allExample 35 Generating diff report for any particular warning $ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -diag$ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -severity $ cadvise -pdb pdb1 cc one.c two.cReport options file $ cadvise report -pdb new.pdb -basepdb old.pdb -allGenerating consolidated report from multiple PDBs Example 42 Generating a report using -migration optionGenerate report for migration related warnings Example 41 Report options fileReport options interoperability Recommended process for analyzing the diagnostic messagesGenerating PDB diffs with multiple PDBs $ cadvise report -pdb 1.pdb2.pdb3.pdb4.pdb -allExample 45 Ignoring the -includeoption Example 44 Reporting options interoperability$ cadvise report -pdb test.pdb -diag 2549 -exclude b.c $ cadvise report -pdb test.pdb -summary -include a.cb.cHelp-h-H Example 48 Using -noabortMiscellaneous driver options Example 47 Displaying the list of cadvise optionsExample 51 Using -tee option Example 49 Using -nobuild optionFollowing command creates the file cadvdir/foo.cad Following example shows the usage of -nobuildoptionExample 52 Using +opts filename option Line generates the following messagesDetecting generic programming errors Categories of diagnostics with examplesCategories of diagnostics table Categories of diagnostics with examples Example 53 Null pointer dereference check Such cases, cadvise generates the following warningExample 54 Potential memory leak check Such cases, cadvise generates the following warningsExample 55 Out of bound access Example 56 Out of scope accessExample 58 Allocator/deallocator mismatch Such cases, cadvise generates the following errorExample 57 Use of pointer after free Example 60 Detecting 32-bit to 64-bit migraton issues Detecting 32-bit to 64-bit migraton issuesDetecting endianness migration issues Example 59 Signed bit field of lengthConsider the following code fragment Detecting potential security vulnerabilitiesExample 61 Detecting endian dependent code fragments Detecting multi-threaded programming issues This case, cadvise generates the following errorDetecting potential performance improvement opportunities Example 63 Detecting multi-threaded programming issuesRunning cadvise generates the following error Detecting potential performance improvement opportunities Fixing the warnings by source change Incompatibilities on PA-RISC based systems AC++ standard conformance and compatibility changesSymbols Index