Ghidra: Code Audit of Ghidra

Thank you for running static analyzer.

If you want to help, could you please to filter all errors and warnings (remove false positives, styles errors, for example). Also if it's not a hassle for you, could you attach more usable format of report?

I have re-submitted as comments - with lines for reference in each file that is noted as an error or warning in our custom made java security scanner. Only errors and warnings are submitted thus far. If you want more info, contact me.

Can you please wrap the text in '```' so that it doesn't get wrapped as badly

So perfect to read it .

@mlarmie-g2, are you understand, that you are doing a disservice?

I repeat my sentence: if you really want to help the project, then could you please to filter output (I myself can remove all lines by regexp too) of your _custom made java security scanner_. There are many security scanners (including open source), which I can configure and run more precisely and get more clear output without your help.

‘GPLDemanglerGnusrcdemangler_gnuccp-demangle.c,5414,warning,Obsolete function 'alloca' called. In C99 and later it is recommended to use a variable length array instead.’ ‘GPLDemanglerGnusrcdemangler_gnuccp-demangle.c,5415,warning,Obsolete function 'alloca' called. In C99 and later it is recommended to use a variable length array instead.’
‘GPLDemanglerGnusrcdemangler_gnuccp-demangle.c,5693,warning,Obsolete function 'alloca' called. In C99 and later it is recommended to use a variable length array instead.’
‘GPLDemanglerGnusrcdemangler_gnuccp-demangle.c,5694,warning,Obsolete function 'alloca' called. In C99 and later it is recommended to use a variable length array instead.’ ‘GPLDemanglerGnusrcdemangler_gnuccp-demangle.c,4074,error,Uninitialized struct member: dpt.next ‘GhidraFeaturesDecompilersrcdecompilecppaddress.hh,232,warning,Member variable 'Address::offset' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppaddress.hh,118,warning,Member variable 'SeqNum::order' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppaddress.hh,121,warning,Member variable 'SeqNum::order' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,77,warning,Member variable 'ParamEntry::type' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,77,warning,Member variable 'ParamEntry::spaceid' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,77,warning,Member variable 'ParamEntry::joinrec' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,447,warning,Member variable 'ParamListStandard::thisbeforeret' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,447,warning,Member variable 'ParamListStandard::spacebase' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,77,warning,Member variable 'ParamEntry::flags' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,77,warning,Member variable 'ParamEntry::groupsize' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,77,warning,Member variable 'ParamEntry::addressbase' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,77,warning,Member variable 'ParamEntry::size' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,77,warning,Member variable 'ParamEntry::minsize' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,77,warning,Member variable 'ParamEntry::alignment' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,77,warning,Member variable 'ParamEntry::numslots' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,447,warning,Member variable 'ParamListStandard::numgroup' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,447,warning,Member variable 'ParamListStandard::maxdelay' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,447,warning,Member variable 'ParamListStandard::pointermax' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,447,warning,Member variable 'ParamListStandard::nonfloatgroup' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,1002,warning,Virtual function 'setOutput' is called from constructor 'ProtoStoreSymbol(Scopesc,const Address&usepoint)' at line 2285. Dynamic binding is not used.’
‘GhidraFeaturesDecompilersrcdecompilecppfspec.hh,1026,warning,Virtual function 'setOutput' is called from constructor 'ProtoStoreInternal(Datatypevt)' at line 2468. Dynamic binding is not used.’
‘GhidraFeaturesDecompilersrcdecompilecppaction.cc,25,warning,Member variable 'Action::lcount' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppaction.cc,25,warning,Member variable 'Action::count' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcast.hh,57,warning,Member variable 'CastStrategy::tlst' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcast.hh,57,warning,Member variable 'CastStrategy::promoteSize' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppjumptable.hh,246,warning,Member variable 'JumpBasic::normalvn' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppjumptable.hh,246,warning,Member variable 'JumpBasic::switchvn' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppjumptable.hh,275,warning,Member variable 'JumpBasic2::extravn' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppjumptable.hh,336,warning,Member variable 'JumpAssisted::userop' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppjumptable.hh,246,warning,Member variable 'JumpBasic::varnodeIndex' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppdatabase.hh,187,warning,Member variable 'Symbol::type' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppdatabase.hh,789,warning,Member variable 'ScopeMapper::scope' is not initialized in the constructor.’
‘GhidraFeaturesDecompilersrcdecompilecppdatabase.hh,183,warning,Member variable 'Symbol::catindex' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppdatabase.hh,187,warning,Member variable 'Symbol::catindex' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppuserop.hh,173,warning,Member variable 'OpFollow::opc' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppuserop.hh,173,warning,Member variable 'OpFollow::val' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppuserop.hh,173,warning,Member variable 'OpFollow::slot' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,54,warning,Member variable 'LoopBody::exitblock' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,259,warning,Member variable 'ConditionalJoin::block1' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,259,warning,Member variable 'ConditionalJoin::block2' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,259,warning,Member variable 'ConditionalJoin::exita' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,259,warning,Member variable 'ConditionalJoin::exitb' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,259,warning,Member variable 'ConditionalJoin::cbranch1' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,259,warning,Member variable 'ConditionalJoin::cbranch2' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,259,warning,Member variable 'ConditionalJoin::joinblock' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,54,warning,Member variable 'LoopBody::uniquecount' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,259,warning,Member variable 'ConditionalJoin::a_in1' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,259,warning,Member variable 'ConditionalJoin::a_in2' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,259,warning,Member variable 'ConditionalJoin::b_in1' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.hh,259,warning,Member variable 'ConditionalJoin::b_in2' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcoreaction.hh,91,warning,Member variable 'ActionStackPtrFlow::analysis_finished' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcoreaction.hh,106,warning,Member variable 'ActionSegmentize::localcount' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcoreaction.hh,167,warning,Member variable 'ActionConstantPtr::localcount' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcoreaction.hh,773,warning,Member variable 'ActionRestructureVarnode::numpass' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcoreaction.hh,893,warning,Member variable 'ActionInferTypes::localcount' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcpool.hh,72,warning,Member variable 'CPoolRecord::tag' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcpool.hh,72,warning,Member variable 'CPoolRecord::flags' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcpool.hh,72,warning,Member variable 'CPoolRecord::value' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcpool.hh,72,warning,Member variable 'CPoolRecord::byteDataLen' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppaction.hh,175,warning,Member variable 'ActionRestartGroup::curstart' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppaction.hh,266,warning,Member variable 'ActionPool::rule_index' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppvarmap.hh,77,warning,Member variable 'AliasChecker::localextreme' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppvarmap.hh,77,warning,Member variable 'AliasChecker::localboundary' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppvarmap.hh,77,warning,Member variable 'AliasChecker::aliasboundary' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppvarmap.hh,77,warning,Member variable 'AliasChecker::direction' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpprangeutil.hh,62,warning,Member variable 'CircleRange::left' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpprangeutil.hh,62,warning,Member variable 'CircleRange::right' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpprangeutil.hh,62,warning,Member variable 'CircleRange::mask' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpprangeutil.hh,62,warning,Member variable 'CircleRange::step' is not initialized in the constructor.’
‘GhidraFeaturesDecompilersrcdecompilecpprangeutil.hh,62,warning,Member variable 'CircleRange::shift' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppaddress.cc,41,warning,Member variable 'SeqNum::order' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppaddress.cc,748,error,Shifting 32-bit value by 32 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppaddress.cc,750,error,Shifting 32-bit value by 32 bits is undefined behaviour’ ‘GhidraFeaturesDecompilersrcdecompilecppaddress.cc,755,error,Shifting 32-bit value by 32 bits is undefined behaviour’ ‘GhidraFeaturesDecompilersrcdecompilecppaddress.cc,756,error,Shifting 32-bit value by 32 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppaddress.cc,757,error,Shifting 32-bit value by 32 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppaddress.cc,808,warning,Shifting 32-bit value by 63 bits is undefined behaviour. See condition at line 807.’
‘GhidraFeaturesDecompilersrcdecompilecppaddress.cc,817,error,Shifting 32-bit value by 63 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppunify.hh,165,warning,Member variable 'TraverseDescendState::onestep' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcontext.hh,132,warning,Member variable 'ParserWalker::point' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcontext.hh,133,warning,Member variable 'ParserWalker::point' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcontext.hh,132,warning,Member variable 'ParserWalker::depth' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcontext.hh,132,warning,Member variable 'ParserWalker::breadcrumb' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcontext.hh,133,warning,Member variable 'ParserWalker::depth' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcontext.hh,133,warning,Member variable 'ParserWalker::breadcrumb' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppsemantics.hh,198,warning,Member variable 'PcodeBuilder::walker' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.hh,361,warning,Member variable 'StartSymbol::const_space' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.hh,378,warning,Member variable 'EndSymbol::const_space' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.hh,563,warning,Member variable 'SubtableSymbol::beingbuilt' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.hh,563,warning,Member variable 'SubtableSymbol::errors' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.hh,37,warning,Member variable 'SleighSymbol::scopeid' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppsleigh_arch.hh,63,warning,Member variable 'LanguageDescription::isbigendian' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppsleigh_arch.hh,63,warning,Member variable 'LanguageDescription::deprecated' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppsleigh_arch.hh,92,warning,The class 'SleighArchitecture' defines member variable with name 'description' also defined in its parent class 'Architecture'. ‘GhidraFeaturesDecompilersrcdecompilecppsleigh_arch.hh,63,warning,Member variable 'LanguageDescription::size' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblock.cc,50,warning,Member variable 'FlowBlock::copymap' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblock.cc,50,warning,Member variable 'FlowBlock::numdesc' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.cc,1848,warning,Member variable 'CollapseStructure::finaltrace' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.cc,1848,warning,Member variable 'CollapseStructure::likelylistfull' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppblockaction.cc,944,warning,Member variable 'TraceDAG::missedactivecount' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcallgraph.hh,42,warning,Member variable 'CallGraphEdge::from ' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcallgraph.hh,42,warning,Member variable 'CallGraphEdge::to' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcallgraph.hh,42,warning,Member variable 'CallGraphEdge::complement' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppgrammar.hh,195,warning,Member variable 'Enumerator::value' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppparamid.hh,56,warning,Member variable 'ParamMeasure::numcalls' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.cc,18,warning,Member variable 'ConditionMarker::matchflip' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.cc,18,warning,Member variable 'ConditionMarker::opstate' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.cc,18,warning,Member variable 'ConditionMarker::flipstate' is not initialized in the constructor.’
‘GhidraFeaturesDecompilersrcdecompilecppcondexe.cc,18,warning,Member variable 'ConditionMarker::multion' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.cc,18,warning,Member variable 'ConditionMarker::binon' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.cc,18,warning,Member variable 'ConditionMarker::state' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.cc,18,warning,Member variable 'ConditionMarker::slotstate' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.cc,18,warning,Member variable 'ConditionMarker::multislot' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.hh,163,warning,Member variable 'ConditionalExecution::cbranch' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.hh,163,warning,Member variable 'ConditionalExecution::initblock' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.hh,163,warning,Member variable 'ConditionalExecution::iblock' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.hh,163,warning,Member variable 'ConditionalExecution::init2a_true' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.hh,163,warning,Member variable 'ConditionalExecution::iblock2posta_true' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.hh,163,warning,Member variable 'ConditionalExecution::posta_block' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.hh,163,warning,Member variable 'ConditionalExecution::postb_block' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.hh,163,warning,Member variable 'ConditionalExecution::directsplit' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.hh,163,warning,Member variable 'ConditionalExecution::prea_inslot' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.hh,163,warning,Member variable 'ConditionalExecution::camethruposta_slot' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcondexe.hh,163,warning,Member variable 'ConditionalExecution::posta_outslot' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppcoreaction.cc,1801,error,Shifting 32-bit value by 32 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppcoreaction.cc,2871,error,Shifting 32-bit value by 32 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppcpool.cc,237,warning,Missing bounds check for extra iterator increment in loop. ‘GhidraFeaturesDecompilersrcdecompilecppdatabase_’Ghidra.cc,20,warning,Member variable 'Scope’Ghidra::flagbaseDefault' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppdynamic.cc,310,error,Shifting 32-bit value by 32 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppdynamic.cc,380,error,Shifting 32-bit value by 49 bits is undefined behaviour’ ‘GhidraFeaturesDecompilersrcdecompilecppdynamic.cc,381,error,Shifting 32-bit value by 52 bits is undefined behaviour’ ‘GhidraFeaturesDecompilersrcdecompilecppdynamic.cc,472,error,Shifting 32-bit value by 32 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppdynamic.cc,484,error,Shifting 32-bit value by 44 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppdynamic.cc,493,error,Shifting 32-bit value by 37 bits is undefined behaviour’ ‘GhidraFeaturesDecompilersrcdecompilecppdynamic.cc,502,error,Shifting 32-bit value by 49 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppdynamic.cc,511,error,Shifting 32-bit value by 52 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppdynamic.cc,520,error,Shifting 32-bit value by 48 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppdynamic.cc,530,error,Shifting 32-bit value by 49 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppfspec.cc,2784,warning,Member variable 'FuncProto::extrapop' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppfspec.cc,3768,warning,Member variable 'FuncCallSpecs::matchCallCount' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpp’Ghidra_process.cc,406,warning,Member variable 'SetOptions::res' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpp’Ghidra_process.hh,80,warning,Member variable '‘GhidraCommand::status' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppglobalcontext.cc,570,warning,Member variable 'ContextCache::context' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppglobalcontext.cc,296,warning,'operator=' should check for assignment to self to avoid problems with dynamic memory. ‘GhidraFeaturesDecompilersrcdecompilecppglobalcontext.cc,570,warning,Member variable 'ContextCache::first' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppglobalcontext.cc,570,warning,Member variable 'ContextCache::last' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpppcodeparse.hh,63,warning,Member variable 'PcodeLexer::curchar' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpppcodeparse.hh,63,warning,Member variable 'PcodeLexer::lookahead1' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpppcodeparse.hh,63,warning,Member variable 'PcodeLexer::lookahead2' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpppcodeparse.hh,63,warning,Member variable 'PcodeLexer::curtoken' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpppcodeparse.hh,63,warning,Member variable 'PcodeLexer::endofstream ' is not initialized in the constructor.’
‘GhidraFeaturesDecompilersrcdecompilecpppcodeparse.hh,63,warning,Member variable 'PcodeLexer::endofstreamsent' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpppcodeparse.hh,63,warning,Member variable 'PcodeLexer::curstate' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpppcodeparse.hh,63,warning,Member variable 'PcodeLexer::tokpos' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpppcodeparse.hh,63,warning,Member variable 'PcodeLexer::curnum ' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppinject_sleigh.hh,90,warning,The class 'PcodeInjectLibrarySleigh' defines member variable with name 'glb' also defined in its parent class 'PcodeInjectLibrary'.’
‘GhidraFeaturesDecompilersrcdecompilecpploadimage_bfd.cc,22,warning,Member variable 'LoadImageBfd::number_of_symbols' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpploadimage_bfd.cc,22,warning,Member variable 'LoadImageBfd::cursymbol' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpploadimage_bfd.cc,22,warning,Member variable 'LoadImageBfd::secinfoptr' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppprefersplit.cc,541,error,Uninitialized struct member: templ.splitoffset’
‘GhidraFeaturesDecompilersrcdecompilecppprefersplit.cc,544,error,Uninitialized variable: templ’
‘GhidraFeaturesDecompilersrcdecompilecppprettyprint.cc,539,warning,Member variable 'EmitPrettyPrint::leftotal' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppprettyprint.cc,539,warning,Member variable 'EmitPrettyPrint::rightotal' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppprintlanguage.cc,871,error,Shifting 32-bit value by 63 bits is undefined behavior’’
‘GhidraFeaturesDecompilersrcdecompilecppruleaction.cc,6176,warning,Shifting 32-bit value by 63 bits is undefined behaviour. See condition at line 6174.’
‘GhidraFeaturesDecompilersrcdecompilecppruleaction.cc,6383,warning,Shifting 32-bit value by 63 bits is undefined behaviour. See condition at line 6382.‘
‘GhidraFeaturesDecompilersrcdecompilecpprulecompile.cc,373,warning,Member variable 'RuleLexer::s' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpprulecompile.cc,373,warning,Member variable 'RuleLexer::identifier' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpprulecompile.cc,373,warning,Member variable 'RuleLexer::endofstream ' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppsleigh_arch.cc,284,warning,Member variable 'SleighArchitecture::languageindex' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslgh_compile.hh,73,warning,Member variable 'WithBlock::ss' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghpatexpress.cc,483,error,Shifting 32-bit value by 32 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppslghpatexpress.cc,508,error,Shifting 32-bit value by 32 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.cc,2065,warning,Shifting 32-bit value by 32 bits is undefined behaviour. See condition at line 2068.’
‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.cc,2065,warning,Either the condition 'size==8sizeof(unsigned int)' is redundant or there is signed integer overflow for expression '1< ‘‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.cc,1351,warning,Member variable 'Constructor::minimumlength' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.cc,1351,warning,Member variable 'Constructor::id' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.cc,1351,warning,Member variable 'Constructor::lineno' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.cc,1363,warning,Member variable 'Constructor::minimumlength' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.cc,1363,warning,Member variable 'Constructor::id' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.cc,1363,warning,Member variable 'Constructor::flowthruindex' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.cc,1363,warning,Member variable 'Constructor::lineno' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppslghsymbol.cc,2065,warning,Either the condition 'size==8sizeof(unsigned long)' is redundant or there is signed integer overflow for expression '1< ‘GhidraFeaturesDecompilersrcdecompilecppspace.cc,74,warning,Member variable 'AddrSpace::shortcut' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppspace.cc,74,warning,Member variable 'AddrSpace::highest' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppspace.cc,74,warning,Member variable 'AddrSpace::addressSize' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppspace.cc,74,warning,Member variable 'AddrSpace::index' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppspace.cc,74,warning,Member variable 'AddrSpace::delay' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppspace.cc,74,warning,Member variable 'AddrSpace::deadcodedelay' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppspace.cc,238,error,Shifting 32-bit value by 32 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppspace.cc,240,error,Shifting 32-bit value by 48 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppsubflow.cc,1989,warning,Identical inner 'if' condition is always true.’
‘GhidraFeaturesDecompilersrcdecompilecppsubflow.cc,1168,warning,Member variable 'ReplaceVarnode::vn' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppsubflow.cc,1039,warning,Member variable 'SubvariableFlow::pullcount' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpptranslate.cc,38,warning,Member variable 'SpacebaseSpace::baseloc' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpptranslate.cc,38,warning,Member variable 'SpacebaseSpace::baseOrig' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpptype.cc,1196,warning,Member variable 'TypeFactory::enumtype' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecpptype.cc,318,error,Shifting 32-bit value by 56 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecpptype.cc,324,error,Shifting 32-bit value by 63 bits is undefined behaviour’
‘GhidraFeaturesDecompilersrcdecompilecppunify.cc,53,warning,'operator=' should check for assignment to self to avoid problems with dynamic memory.’
‘GhidraFeaturesDecompilersrcdecompilecppunify.cc,94,warning,Class UnifyDatatype is not safe, destructor throws exception’
‘GhidraFeaturesDecompilersrcdecompilecppuserop.cc,121,warning,Member variable 'SegmentOp::spc' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppuserop.cc,121,warning,Member variable 'SegmentOp::basepresent' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppuserop.cc,121,warning,Member variable 'SegmentOp::forcesegment' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppuserop.cc,121,warning,Member variable 'SegmentOp::supportsfarpointer' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppuserop.cc,121,warning,Member variable 'SegmentOp::baseinsize' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppuserop.cc,121,warning,Member variable 'SegmentOp::innerinsize' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppvarmap.cc,49,warning,Member variable 'ScopeLocal::stackgrowsnegative' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppvarmap.cc,49,warning,Member variable 'ScopeLocal::overlapproblems' is not initialized in the constructor.’ ‘GhidraFeaturesDecompilersrcdecompilecppvarmap.cc,462,warning,Member variable 'MapState::glb' is not initialized in the constructor.’ ‘GhidraDocs’GhidraClassAdvancedExamplesopaque.c,36,warning,%ld in format string (no. 1) requires 'long' but the argument type is 'unsigned long'.’

@mlarmie-g2, are you understand, that you are doing a disservice?

I repeat my sentence: if you really want to help the project, then could you please to filter output (I myself can remove all lines by regexp too) of your _custom made java security scanner_. There are many security scanners (including open source), which I can configure and run more precisely and get more clear output without your help.

If that is the case, this process should have been done far before this code was even made public. We are helping to figure out why there is a lot of code that isn't even being used, or redundant, and reducing the attack surface since anything open source can be used both offensive and defensive and some code can be used to weaponize other tools.

Thanks for the input. Running software evaluation tools can be helpful but frustrating without access to the particular tool as issues are resolved. I've summarized the issues I see, without a judgement of which are the most important to fix.

It appears from my quick perusal the majority of the issues are:
- mostly variables not initialized in the constructor
- use of alloca()
- potential out of bounds shifting for the datatype
- overriding a variable name in parent/child
- iterator extra bounds check
- operator= check for dynamic assignment issues
- destructor throwing an exception
- a few type mismatches

The variables not initialized are normally not a concern in JAVA, however I tend to initialize them by default. I'm not normally a C++ developer. In your evaluation, which are the most egregious or worth the fix.

I made an effort to go through these.

The scanner seemed to be following all possible conditional compilation paths and picked up code that doesn't make it into the build. The alloca() code in particular is only used if the compiler doesn't provide variable length arrays. The errors described as out of bounds shifting seem to be due to the scanner mistakenly thinking uint8 is a 32-bit integer. The uninitialized member warnings are good general advice but ignore the established initialization patterns for the various objects. We do do tests for code execution that depends an uninitialized values via valgrind, so I'm setting these aside. That leaves the following:

• Virtual function 'setOutput' is called from constructor 'ProtoStoreSymbol(Scopesc,const Address&usepoint)' at line 2285. Dynamic binding is not used.
• Virtual function 'setOutput' is called from constructor 'ProtoStoreInternal(Datatypevt)' at line 2468. Dynamic binding is not used.
• The class 'SleighArchitecture' defines member variable with name 'description' also defined in its parent class 'Architecture.
• Missing bounds check for extra iterator increment in loop.
• The class 'PcodeInjectLibrarySleigh' defines member variable with name 'glb' also defined in its parent class 'PcodeInjectLibrary.
• Either the condition 'size==8sizeof(unsigned int)' is redundant or there is signed integer overflow for expression '1<
• Identical inner 'if' condition is always true.

The PcodeInjectLibrarySleigh warning is a good find, it looks like an oversight during a refactor of the class. All of these are all reasonable suggestions (none of them are bugs), so I've gone ahead and made changes to address them.

Changes committed to master.

Thanks for addressing these issues, I was not sure how to log them but I'm glad your team took the time to go through the findings!