Static code Analysis for enhancing software quality

[nikileshsa]

Good day everyone.
                        I am thinking of performing a static code analysis of the source code for possible security and code problems before every release. I think this will help to enhance the software quality.

I wish to see static source code analysis to be an integral part of the Bitcoin development process. I am not sure if the present code was checked for possible buffer overflow attacks or null pointer dereferencing problems or other critical code problems.


Any suggestions in these lines are welcome.

1) Which static code analsysis should we prefer or any good new static code analysis tools you are aware of which is FREE?
2) How can we ensure every developer is forced to make this a mandatory step in the development process?



 

[nikileshsa]

Well...here I am posting possible code problems and security vulnerabilities  found by Cppcheck tool.


juba@ubuntu:~/.ssh/bitcoin/src$ cppcheck --all bitcoin/src/
bitcoin/src/db.h:49]: (possible error) Memory leak: CDB::pdb
bitcoin/src/ui.cpp:1954]: (possible error) Memory leak: pdialog
bitcoin/src/uibase.cpp...
[/home/juba/.ssh/bitcoin/src/uibase.h:74]: (possible error) Memory leak: CMainFrameBase::m_menubar
[/home/juba/.ssh/bitcoin/src/uibase.h:75]: (possible error) Memory leak: CMainFrameBase::m_menuFile
[/home/juba/.ssh/bitcoin/src/uibase.h:76]: (possible error) Memory leak: CMainFrameBase::m_menuHelp
[/home/juba/.ssh/bitcoin/src/uibase.h:79]: (possible error) Memory leak: CMainFrameBase::m_staticText32
[/home/juba/.ssh/bitcoin/src/uibase.h:80]: (possible error) Memory leak: CMainFrameBase::m_buttonNew
[/home/juba/.ssh/bitcoin/src/uibase.h:81]: (possible error) Memory leak: CMainFrameBase::m_buttonCopy
[/home/juba/.ssh/bitcoin/src/uibase.h:83]: (possible error) Memory leak: CMainFrameBase::m_staticText41
[/home/juba/.ssh/bitcoin/src/uibase.h:84]: (possible error) Memory leak: CMainFrameBase::m_staticTextBalance
[/home/juba/.ssh/bitcoin/src/uibase.h:86]: (possible error) Memory leak: CMainFrameBase::m_choiceFilter
[/home/juba/.ssh/bitcoin/src/uibase.h:87]: (possible error) Memory leak: CMainFrameBase::m_notebook
[/home/juba/.ssh/bitcoin/src/uibase.h:88]: (possible error) Memory leak: CMainFrameBase::m_panel9
[/home/juba/.ssh/bitcoin/src/uibase.h:89]: (possible error) Memory leak: CMainFrameBase::m_panel91
[/home/juba/.ssh/bitcoin/src/uibase.h:90]: (possible error) Memory leak: CMainFrameBase::m_panel92
[/home/juba/.ssh/bitcoin/src/uibase.h:91]: (possible error) Memory leak: CMainFrameBase::m_panel93
[/home/juba/.ssh/bitcoin/src/uibase.h:117]: (possible error) Memory leak: CMainFrameBase::m_menuOptions
[/home/juba/.ssh/bitcoin/src/uibase.h:119]: (possible error) Memory leak: CMainFrameBase::m_textCtrlAddress
[/home/juba/.ssh/bitcoin/src/uibase.h:120]: (possible error) Memory leak: CMainFrameBase::m_listCtrlAll
[/home/juba/.ssh/bitcoin/src/uibase.h:121]: (possible error) Memory leak: CMainFrameBase::m_listCtrlSentReceived
[/home/juba/.ssh/bitcoin/src/uibase.h:122]: (possible error) Memory leak: CMainFrameBase::m_listCtrlSent
[/home/juba/.ssh/bitcoin/src/uibase.h:123]: (possible error) Memory leak: CMainFrameBase::m_listCtrlReceived
[/home/juba/.ssh/bitcoin/src/uibase.h:138]: (possible error) Memory leak: CTxDetailsDialogBase::m_htmlWin
[/home/juba/.ssh/bitcoin/src/uibase.h:139]: (possible error) Memory leak: CTxDetailsDialogBase::m_buttonOK
[/home/juba/.ssh/bitcoin/src/uibase.h:160]: (possible error) Memory leak: COptionsDialogBase::m_listBox
[/home/juba/.ssh/bitcoin/src/uibase.h:161]: (possible error) Memory leak: COptionsDialogBase::m_scrolledWindow
[/home/juba/.ssh/bitcoin/src/uibase.h:162]: (possible error) Memory leak: COptionsDialogBase::m_panelMain
[/home/juba/.ssh/bitcoin/src/uibase.h:164]: (possible error) Memory leak: COptionsDialogBase::m_checkBoxStartOnSystemStartup
[/home/juba/.ssh/bitcoin/src/uibase.h:165]: (possible error) Memory leak: COptionsDialogBase::m_checkBoxMinimizeToTray
[/home/juba/.ssh/bitcoin/src/uibase.h:166]: (possible error) Memory leak: COptionsDialogBase::m_checkBoxUseUPnP
[/home/juba/.ssh/bitcoin/src/uibase.h:167]: (possible error) Memory leak: COptionsDialogBase::m_checkBoxMinimizeOnClose
[/home/juba/.ssh/bitcoin/src/uibase.h:168]: (possible error) Memory leak: COptionsDialogBase::m_checkBoxUseProxy
[/home/juba/.ssh/bitcoin/src/uibase.h:170]: (possible error) Memory leak: COptionsDialogBase::m_staticTextProxyIP
[/home/juba/.ssh/bitcoin/src/uibase.h:171]: (possible error) Memory leak: COptionsDialogBase::m_textCtrlProxyIP
[/home/juba/.ssh/bitcoin/src/uibase.h:172]: (possible error) Memory leak: COptionsDialogBase::m_staticTextProxyPort
[/home/juba/.ssh/bitcoin/src/uibase.h:173]: (possible error) Memory leak: COptionsDialogBase::m_textCtrlProxyPort
[/home/juba/.ssh/bitcoin/src/uibase.h:175]: (possible error) Memory leak: COptionsDialogBase::m_staticText32
[/home/juba/.ssh/bitcoin/src/uibase.h:176]: (possible error) Memory leak: COptionsDialogBase::m_staticText31
[/home/juba/.ssh/bitcoin/src/uibase.h:177]: (possible error) Memory leak: COptionsDialogBase::m_textCtrlTransactionFee
[/home/juba/.ssh/bitcoin/src/uibase.h:178]: (possible error) Memory leak: COptionsDialogBase::m_panelTest2
[/home/juba/.ssh/bitcoin/src/uibase.h:180]: (possible error) Memory leak: COptionsDialogBase::m_staticText321
[/home/juba/.ssh/bitcoin/src/uibase.h:181]: (possible error) Memory leak: COptionsDialogBase::m_staticText69
[/home/juba/.ssh/bitcoin/src/uibase.h:182]: (possible error) Memory leak: COptionsDialogBase::m_buttonOK
[/home/juba/.ssh/bitcoin/src/uibase.h:183]: (possible error) Memory leak: COptionsDialogBase::m_buttonCancel
[/home/juba/.ssh/bitcoin/src/uibase.h:184]: (possible error) Memory leak: COptionsDialogBase::m_buttonApply
[/home/juba/.ssh/bitcoin/src/uibase.h:212]: (possible error) Memory leak: CAboutDialogBase::m_bitmap
[/home/juba/.ssh/bitcoin/src/uibase.h:214]: (possible error) Memory leak: CAboutDialogBase::m_staticText40
[/home/juba/.ssh/bitcoin/src/uibase.h:216]: (possible error) Memory leak: CAboutDialogBase::m_staticTextMain
[/home/juba/.ssh/bitcoin/src/uibase.h:219]: (possible error) Memory leak: CAboutDialogBase::m_buttonOK
[/home/juba/.ssh/bitcoin/src/uibase.h:226]: (possible error) Memory leak: CAboutDialogBase::m_staticTextVersion
[/home/juba/.ssh/bitcoin/src/uibase.h:243]: (possible error) Memory leak: CSendDialogBase::m_staticTextInstructions
[/home/juba/.ssh/bitcoin/src/uibase.h:245]: (possible error) Memory leak: CSendDialogBase::m_bitmapCheckMark
[/home/juba/.ssh/bitcoin/src/uibase.h:246]: (possible error) Memory leak: CSendDialogBase::m_staticText36
[/home/juba/.ssh/bitcoin/src/uibase.h:247]: (possible error) Memory leak: CSendDialogBase::m_textCtrlAddress
[/home/juba/.ssh/bitcoin/src/uibase.h:248]: (possible error) Memory leak: CSendDialogBase::m_buttonPaste
[/home/juba/.ssh/bitcoin/src/uibase.h:249]: (possible error) Memory leak: CSendDialogBase::m_buttonAddress
[/home/juba/.ssh/bitcoin/src/uibase.h:250]: (possible error) Memory leak: CSendDialogBase::m_staticText19
[/home/juba/.ssh/bitcoin/src/uibase.h:251]: (possible error) Memory leak: CSendDialogBase::m_textCtrlAmount
[/home/juba/.ssh/bitcoin/src/uibase.h:252]: (possible error) Memory leak: CSendDialogBase::m_staticText20
[/home/juba/.ssh/bitcoin/src/uibase.h:253]: (possible error) Memory leak: CSendDialogBase::m_choiceTransferType
[/home/juba/.ssh/bitcoin/src/uibase.h:257]: (possible error) Memory leak: CSendDialogBase::m_buttonSend
[/home/juba/.ssh/bitcoin/src/uibase.h:258]: (possible error) Memory leak: CSendDialogBase::m_buttonCancel
[/home/juba/.ssh/bitcoin/src/uibase.h:285]: (possible error) Memory leak: CSendingDialogBase::m_staticTextSending
[/home/juba/.ssh/bitcoin/src/uibase.h:286]: (possible error) Memory leak: CSendingDialogBase::m_textCtrlStatus
[/home/juba/.ssh/bitcoin/src/uibase.h:288]: (possible error) Memory leak: CSendingDialogBase::m_buttonOK
[/home/juba/.ssh/bitcoin/src/uibase.h:289]: (possible error) Memory leak: CSendingDialogBase::m_buttonCancel
[/home/juba/.ssh/bitcoin/src/uibase.h:314]: (possible error) Memory leak: CYourAddressDialogBase::m_staticText45
[/home/juba/.ssh/bitcoin/src/uibase.h:315]: (possible error) Memory leak: CYourAddressDialogBase::m_listCtrl
[/home/juba/.ssh/bitcoin/src/uibase.h:317]: (possible error) Memory leak: CYourAddressDialogBase::m_buttonRename
[/home/juba/.ssh/bitcoin/src/uibase.h:318]: (possible error) Memory leak: CYourAddressDialogBase::m_buttonNew
[/home/juba/.ssh/bitcoin/src/uibase.h:319]: (possible error) Memory leak: CYourAddressDialogBase::m_buttonCopy
[/home/juba/.ssh/bitcoin/src/uibase.h:320]: (possible error) Memory leak: CYourAddressDialogBase::m_buttonOK
[/home/juba/.ssh/bitcoin/src/uibase.h:321]: (possible error) Memory leak: CYourAddressDialogBase::m_buttonCancel
[/home/juba/.ssh/bitcoin/src/uibase.h:350]: (possible error) Memory leak: CAddressBookDialogBase::m_notebook
[/home/juba/.ssh/bitcoin/src/uibase.h:351]: (possible error) Memory leak: CAddressBookDialogBase::m_panelSending
[/home/juba/.ssh/bitcoin/src/uibase.h:353]: (possible error) Memory leak: CAddressBookDialogBase::m_staticText55
[/home/juba/.ssh/bitcoin/src/uibase.h:354]: (possible error) Memory leak: CAddressBookDialogBase::m_listCtrlSending
[/home/juba/.ssh/bitcoin/src/uibase.h:355]: (possible error) Memory leak: CAddressBookDialogBase::m_panelReceiving
[/home/juba/.ssh/bitcoin/src/uibase.h:357]: (possible error) Memory leak: CAddressBookDialogBase::m_staticText45
[/home/juba/.ssh/bitcoin/src/uibase.h:359]: (possible error) Memory leak: CAddressBookDialogBase::m_listCtrlReceiving
[/home/juba/.ssh/bitcoin/src/uibase.h:361]: (possible error) Memory leak: CAddressBookDialogBase::m_buttonDelete
[/home/juba/.ssh/bitcoin/src/uibase.h:362]: (possible error) Memory leak: CAddressBookDialogBase::m_buttonCopy
[/home/juba/.ssh/bitcoin/src/uibase.h:363]: (possible error) Memory leak: CAddressBookDialogBase::m_buttonEdit
[/home/juba/.ssh/bitcoin/src/uibase.h:364]: (possible error) Memory leak: CAddressBookDialogBase::m_buttonNew
[/home/juba/.ssh/bitcoin/src/uibase.h:365]: (possible error) Memory leak: CAddressBookDialogBase::m_buttonOK
[/home/juba/.ssh/bitcoin/src/uibase.h:382]: (possible error) Memory leak: CAddressBookDialogBase::m_buttonCancel
[/home/juba/.ssh/bitcoin/src/uibase.h:398]: (possible error) Memory leak: CGetTextFromUserDialogBase::m_staticTextMessage1
[/home/juba/.ssh/bitcoin/src/uibase.h:399]: (possible error) Memory leak: CGetTextFromUserDialogBase::m_textCtrl1
[/home/juba/.ssh/bitcoin/src/uibase.h:400]: (possible error) Memory leak: CGetTextFromUserDialogBase::m_staticTextMessage2
[/home/juba/.ssh/bitcoin/src/uibase.h:401]: (possible error) Memory leak: CGetTextFromUserDialogBase::m_textCtrl2
[/home/juba/.ssh/bitcoin/src/uibase.h:404]: (possible error) Memory leak: CGetTextFromUserDialogBase::m_buttonOK
[/home/juba/.ssh/bitcoin/src/uibase.h:405]: (possible error) Memory leak: CGetTextFromUserDialogBase::m_buttonCancel
14/15 files checked 93% done
Checking /home/juba/.ssh/bitcoin/src/util.cpp...
[/home/juba/.ssh/bitcoin/src/util.cpp:276]: (error) Mismatching allocation and deallocation: p
[/home/juba/.ssh/bitcoin/src/util.cpp:282]: (error) Mismatching allocation and deallocation: p
Checking /home/juba/.ssh/bitcoin/src/util.cpp: GUI...
Checking /home/juba/.ssh/bitcoin/src/util.cpp: __WXMAC_OSX__...
Checking /home/juba/.ssh/bitcoin/src/util.cpp: __WXMSW__...
15/15 files checked 100% done

[FooDSt4mP]

It would probably be better to send this kind of information privately to the developers.  There is no need to post it publicly unless they ignore you.  There is a list of developers and their emails on www.bitcoin.org.

[nikileshsa]

It would probably be better to send this kind of information privately to the developers.  There is no need to post it publicly unless they ignore you.  There is a list of developers and their emails on www.bitcoin.org.

Thanks for your suggestion. I just tried to post these issues to generate a healthy discussion of the use of some robust static analysis tool for the bitcoin project.

I have raised these issues in the github bitcon.

 

[goatpig]

It would probably be better to send this kind of information privately to the developers.  There is no need to post it publicly unless they ignore you.  There is a list of developers and their emails on www.bitcoin.org.

Thanks for your suggestion. I just tried to post these issues to generate a healthy discussion of the use of some robust static analysis tool for the bitcoin project.

I have raised these issues in the github bitcon.

Just the some pointers from the client's GUI classes that aren't deallocated at clean up. Nothing serious, just messy coding.

[nikileshsa]

It would probably be better to send this kind of information privately to the developers.  There is no need to post it publicly unless they ignore you.  There is a list of developers and their emails on www.bitcoin.org.

Thanks for your suggestion. I just tried to post these issues to generate a healthy discussion of the use of some robust static analysis tool for the bitcoin project.

I have raised these issues in the github bitcon.

Just the some pointers from the client's GUI classes that aren't deallocated at clean up. Nothing serious, just messy coding.

Thanks for your analysis. These errors can be safely classified as minors bugs in the code.