Topic: PVS-Studio

I downloaded cyassl-2.4.0.zip and checked the project using PVS-Studio. One can say that I found nothing. Good code.
Drew attention to only two seats. Do not know if there is an error or not. Decided to write. Just in case.

1) V612 An unconditional 'return' within a loop. internal.c 7190

static int DoClientHello(....)
{
  ....
  while (ssl->options.resuming) {
    ....
    if (!session) {
      ....
      break;
    }
    if (MatchSuite(ssl, &clSuites) < 0) {
      ....
      return UNSUPPORTED_SUITE;
    }
    ....
    return ret;
  }
  return MatchSuite(ssl, &clSuites);
}  

Also:
V612 An unconditional 'return' within a loop. internal.c 7026

2) V614 Potentially uninitialized variable 'rhSize' used. sniffer.c 2255

static int ProcessMessage(....)
{
  int rhSize;
  ....
  notEnough = 0;
  ....
  if (sslBytes >= RECORD_HEADER_SZ) {
    if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
      ....
      return -1;
    }
  }
  else
    notEnough = 1;
  ....
  if (notEnough || rhSize > (sslBytes - RECORD_HEADER_SZ)) {
    ....
  }

  tmp = sslFrame + rhSize;   <<<---
  ....
}

Share

Re: PVS-Studio

Hi!

Thanks for the heads up.  I just pushed a commit to fix these warnings: https://github.com/cyassl/cyassl/commit … 7cc2d950b2

I tried to verify that this would remove the warnings but the viva64.com site appears to be down temporarily.  I'll do that once it's back up.

Thanks again for letting us know.

Share