This is the mail archive of the
mailing list for the Cygwin project.
Re: Coverity: Update to version 7.6.0
- From: David Stacey <drstacey at tiscali dot co dot uk>
- To: cygwin-developers at cygwin dot com
- Date: Sun, 10 May 2015 22:40:22 +0100
- Subject: Re: Coverity: Update to version 7.6.0
- Authentication-results: sourceware.org; auth=none
- References: <55411BB6 dot 1060009 at tiscali dot co dot uk> <20150429181325 dot GK3657 at calimero dot vinschen dot de> <554162B5 dot 5060701 at tiscali dot co dot uk> <20150430075246 dot GA20111 at calimero dot vinschen dot de>
On 30/04/15 08:52, Corinna Vinschen wrote:
On Apr 30 00:01, David Stacey wrote:
On 29/04/2015 19:13, Corinna Vinschen wrote:
Thanks. I'm running the analysis now using the same source code as last
On Apr 29 18:58, David Stacey wrote:
If there are no objections, I'd like to update our weekly Coverity scan to
use Coverity Analysis 7.6.0 (presently we're using 7.5.0). There should be
fewer false positives this week, but there might be some new coding defects
picked up also.
No worries here. Just go ahead.
week. So any differences we see in the analysis results will be down to
changes between Coverity Analysis 7.5.0 and 7.6.0. Results should be
available on the Coverity Scan website in a couple of hours.
I'll take a look at any new warnings tomorrow evening. If you have time to
take a look during the day then please let me know the numeric ID of any
issues you fix (or mark them as 'fix submitted') so we don't duplicate
Thanks. I had a quick look and CID 109854 is certainly a false positive
because it counts wrongly in the wide character case:
CHAR fmtbuf, *fmt = fmtbuf;
It knows wchar_t is 2 bytes at this point. Three time ++ means, 14
STRCPY (fmt, CQ(".*u"));
At this point, Coverity looks at the expression L".*u" and counts 4 bytes
per wide char in the string expression, which isn't true for us. The
string takes 8 bytes only.
Sorry for the delay in replying. Yes, your analysis of CID 109854 is
quite correct. The wide string literal is an array of const wchar_t .
Coverity should know that this is 2 bytes per character, but seems to
count 4 when it sees the 'L' encoding prefix. I've marked this as a
false positive in Coverity.
The other two new warnings look genuine enough, although both are in
newlib. I've taken the liberty of reporting CID 109855 to the newlib
list  - let's hope they're friendly to newbies. If this is accepted
then I'll send a patch for CID 109856 as well.
 - http://www.lcdf.org/c%2B%2B/clause2.html - section 2.13.4,
 - https://sourceware.org/ml/newlib/2015/msg00417.html