/mmapfail

Simple shell script to detect bad checks of mmap() return value

Primary LanguageCThe UnlicenseUnlicense

mmapfail

Bash script to detect bad checks of mmap() return value

what?

The mmap() POSIX function returns MAP_FAILED or -1 when an error occurs. A common mistake is to check the return value for 0 instead. This script tries to heuristically find such bugs in an automated way.

findings

Article (in German):

Cppcheck

Cppcheck is capable of detecting bad checks of mmap-return values as well. Before the checking can begin, the tool must be prepared by building from source having 'HAVE_RULES=yes'-option activated. Once enabled, Cppcheck is equipped with a "rules"-feature, where the user can provide custom PCRE-regex-expressions to match bug-prone patterns. Detailed installation instructions for common platforms are available here.

After successful building with "rules"-feature enabled, Cppcheck can be executed with a rule-file to detected bad checks of mmap:

$ cppcheck --enable=all --rule-file=cppcheck/mmap.xml --template=cppcheck1 test/
Checking test/bad 2.c ...
[test/bad 2.c:14]: (warning) mmap returns 'MAP_FAILED (=-1)' in case of an error. Checking against '0' is wrong.
1/3 files checked 33% done
Checking test/bad.c ...
[test/bad.c:14]: (warning) mmap returns 'MAP_FAILED (=-1)' in case of an error. Checking against '0' is wrong.
2/3 files checked 66% done
Checking test/good.c ...
3/3 files checked 100% done
: (information) Cppcheck cannot find all the include files (use --check-config for details)