Travis-CI: clang static analyzer

[sjaeckel]

lulz @ the conversion from issue to PR

... it changes the author of the initial comment... @karel-m wrote all this...

------------------

Although I am not sure how to do it I believe that it might be possible to utilize clang static analyzer in our automated travis builds.

Manually you can start it like:

scan-build make -f makefile.unix all

Current develop throws following warnings

/usr/bin/../libexec/ccc-analyzer -c -I./testprof/ -I./src/headers/ -DLTC_SOURCE -O2  -o src/ciphers/anubis.o   -c -o src/ciphers/anubis.o src/ciphers/anubis.c
src/ciphers/anubis.c:1001:27: warning: The left operand of '^' is a garbage value
      kappa[0] = inter[0] ^ rc[r];
                 ~~~~~~~~ ^
1 warning generated.

/usr/bin/../libexec/ccc-analyzer -c -I./testprof/ -I./src/headers/ -DLTC_SOURCE -O2  -o src/encauth/ccm/ccm_memory.o   -c -o src/encauth/ccm/ccm_memory.o src/encauth/ccm/ccm_memory.c
src/encauth/ccm/ccm_memory.c:148:17: warning: Call to 'malloc' has an allocation size of 0 bytes
      pt_work = XMALLOC(ptlen);
                ^~~~~~~~~~~~~~
./src/headers/tomcrypt_custom.h:6:18: note: expanded from macro 'XMALLOC'
#define XMALLOC  malloc
                 ^
1 warning generated.

/usr/bin/../libexec/ccc-analyzer -c -I./testprof/ -I./src/headers/ -DLTC_SOURCE -O2  -o src/pk/asn1/der/utctime/der_decode_utctime.o   -c -o src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_decode_utctime.c
src/pk/asn1/der/utctime/der_decode_utctime.c:88:5: warning: Function call argument is an uninitialized value
    DECODE_V(out->YY, 100);
    ^~~~~~~~~~~~~~~~~~~~~~
src/pk/asn1/der/utctime/der_decode_utctime.c:38:9: note: expanded from macro 'DECODE_V'
   y  = char_to_int(buf[x])*10 + char_to_int(buf[x+1]); \
        ^~~~~~~~~~~~~~~~~~~
src/pk/asn1/der/utctime/der_decode_utctime.c:88:5: warning: Function call argument is an uninitialized value
    DECODE_V(out->YY, 100);
    ^~~~~~~~~~~~~~~~~~~~~~
src/pk/asn1/der/utctime/der_decode_utctime.c:38:34: note: expanded from macro 'DECODE_V'
   y  = char_to_int(buf[x])*10 + char_to_int(buf[x+1]); \
                                 ^~~~~~~~~~~~~~~~~~~~~
src/pk/asn1/der/utctime/der_decode_utctime.c:89:5: warning: Function call argument is an uninitialized value
    DECODE_V(out->MM, 13);
    ^~~~~~~~~~~~~~~~~~~~~
src/pk/asn1/der/utctime/der_decode_utctime.c:38:9: note: expanded from macro 'DECODE_V'
   y  = char_to_int(buf[x])*10 + char_to_int(buf[x+1]); \
        ^~~~~~~~~~~~~~~~~~~
src/pk/asn1/der/utctime/der_decode_utctime.c:89:5: warning: Function call argument is an uninitialized value
    DECODE_V(out->MM, 13);
    ^~~~~~~~~~~~~~~~~~~~~
src/pk/asn1/der/utctime/der_decode_utctime.c:38:34: note: expanded from macro 'DECODE_V'
   y  = char_to_int(buf[x])*10 + char_to_int(buf[x+1]); \
                                 ^~~~~~~~~~~~~~~~~~~~~
4 warnings generated.

[karel-m]

Another warnings in tests

rsa_test.c:533:6: warning: Value stored to 'cnt' is never read
     cnt = rsa_get_size(&key);
     ^     ~~~~~~~~~~~~~~~~~~

x86_prof.c:1489:7: warning: Potential leak of memory pointed to by 'buf'
      fprintf(stderr, "Warning the MAC tests requires AES and SHA1 to operate... so sorry\n");
      ^~~~~~~

[karel-m]

And in demos

   * /usr/bin/../libexec/ccc-analyzer demos/tv_gen.o
demos/tv_gen.c:738:29: warning: Division by zero
             key[z] = tag[z % len];
                          ~~^~~~~

   * /usr/bin/../libexec/ccc-analyzer demos/hashsum.o
In file included from ./src/headers/tomcrypt.h:9:0,
                 from demos/hashsum.c:10:
demos/hashsum.c: In function ‘check_file’:
demos/hashsum.c:107:16: error: array subscript has type ‘char’ [-Werror=char-subscripts]
             if(iscntrl(space[n])) {
                ^

[karel-m]

Warnings fixed and fixes merged to develop but I am leaving this issue open as we might want to try to add scan-build make .. to travis. IMO it would be better to merge improve/makefiles first.

[karel-m]

👍 please merge