[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Coverity issue policy
From: |
Bruno Haible |
Subject: |
Re: Coverity issue policy |
Date: |
Fri, 31 Mar 2017 22:45:24 +0200 |
User-agent: |
KMail/5.1.3 (Linux/4.4.0-70-generic; KDE/5.18.0; x86_64; ; ) |
Tim Rühsen wrote:
> I could invite you (or anybody else) to view the detected defects. Just
> give me an OK and/or your email address before I do so.
>
> From what I can quickly see, some defects might be quite serious.
What I can see (in the limited set of gnulib modules that wget uses):
1) Coverity suggests to use 'memmove' instead of 'memcpy' in a couple
of places where it cannot prove that the source and destination memory
regions don't overlap.
I don't know what could make the coverity warnings disappear, but at least
we can add comments that help us verify that there is no issue. Invariants,
as usual.
2) A false warning at
len >> 31 >> 31 >> 2
because the code is prepared for 128-bit integers but coverity "knows" that
'len' is at most 64 bits wide.
3) malloc/free related warnings in glob.c.
Please review the three attached patches.
0001-md5-sha1-sha256-sha512-Add-comments-regarding-correc.patch
Description: Text Data
0002-glob-Fix-memory-leaks.patch
Description: Text Data
0003-glob-Fix-invalid-free-call.patch
Description: Text Data