Hi,
I tried this tool a long time ago, and uploaded pcre perhaps twice, but I wasn't satisfied with its output since it hasn't reported any relevant issue. It produced a huge report though, and took a lot of time to check everything.
>*** CID 11125: Null pointer dereferences (FORWARD_NULL)
>/qtbase/src/3rdparty/pcre2/src/pcre2_jit_compile.c: 10408 in
>compile_braminzero_backtrackingpath()
>10402 current->top = NULL;
>10403 current->topbacktracks = NULL;
>10404 current->nextbacktracks = NULL;
>10405 if (current->cc[1] > OP_ASSERTBACK_NOT)
>10406 {
>10407 /* Manual call of compile_bracket_matchingpath and
>compile_bracket_backtrackingpath. */
>>>> CID 11125: Null pointer dereferences (FORWARD_NULL)
>>>> Although "compile_bracket_matchingpath" does overwrite "current->top" on some paths, it also contains at least one feasible path which does not overwrite it.
I think it expects that current->top must not be NULL. This isn't true, it can be NULL which represents a "leaf" object in a tree like structure.
>>> * it's worth to set up regular scans of it? I can do it weekly.
I don't mind if you do it. But please check the output manually first and don't forward a huge report every week for us :)
>Right, it looks like only Zoltan can add more people to it.
I can when I will able to log in again. It seems the password recovery does not work at the moment and I forgot the password a long time ago :)
Regards,
Zoltan
