Splint
Introduction
Splint is a static source code analysis tool for checking c language source code for coding errors and security vulnerabilities. It can be used to detect mistakes and errors within the wzdftpd source code.
Required source code changes
The following diff was applied to r1905 while using Splint 3.1.2 to remove all parsing warnings that Splint reported. Depending on which SVN version you use, you may need to make some changes to the wzdftpd source code before Splint works correctly.
svn diff
Index: wzd_all.h
===================================================================
--- wzd_all.h (revision 1905)
+++ wzd_all.h (working copy)
@@ -118,3 +118,6 @@
#endif /* WZD_USE_PCH */
+#ifndef PRIu64
+#define PRIu64 "ull"
+#endif
Index: wzd_threads.c
===================================================================
--- wzd_threads.c (revision 1905)
+++ wzd_threads.c (working copy)
@@ -69,9 +69,11 @@
#else /* HAVE_PTHREAD */
+#ifdef WIN32
struct thread_key_t {
DWORD key;
};
+#endif
#endif /* HAVE_PTHREAD*/
Index: wzd_site_user.c
===================================================================
--- wzd_site_user.c (revision 1905)
+++ wzd_site_user.c (working copy)
@@ -1406,6 +1406,8 @@
unsigned int is_gadmin;
unsigned int is_siteop;
wzd_user_t * me;
+ ListElmt * elmnt;
+ wzd_context_t * loop_context;
username = str_tok(param," \t\r\n");
if (!username) {
@@ -1439,8 +1441,6 @@
}
}
- ListElmt * elmnt;
- wzd_context_t * loop_context;
for (elmnt=list_head(context_list); elmnt; elmnt=list_next(elmnt)) {
loop_context = list_data(elmnt);
if (loop_context && loop_context->magic == CONTEXT_MAGIC) {
How to use
Change directory into your wzdftpd source code tree (checked out from SVN, no need to run CMake). Then type the following command to run Splint:
splint -I./libwzd-core -I./ +posixlib +unixstrictlib libwzd-core/*.c
Code warnings will be displayed to stdout (your terminal) or you can alternatively write the Splint output to a file by appending "> splint_output.log" to the end of the above command.
