This is the mail archive of the cygwin-developers mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Coverity: Update to version 7.6.0

From: David Stacey <drstacey at tiscali dot co dot uk>
To: cygwin-developers at cygwin dot com
Date: Sun, 10 May 2015 22:40:22 +0100
Subject: Re: Coverity: Update to version 7.6.0
Authentication-results: sourceware.org; auth=none
References: <55411BB6 dot 1060009 at tiscali dot co dot uk> <20150429181325 dot GK3657 at calimero dot vinschen dot de> <554162B5 dot 5060701 at tiscali dot co dot uk> <20150430075246 dot GA20111 at calimero dot vinschen dot de>

On 30/04/15 08:52, Corinna Vinschen wrote:

On Apr 30 00:01, David Stacey wrote:

On 29/04/2015 19:13, Corinna Vinschen wrote:

On Apr 29 18:58, David Stacey wrote:

If there are no objections, I'd like to update our weekly Coverity scan to
use Coverity Analysis 7.6.0 (presently we're using 7.5.0). There should be
fewer false positives this week, but there might be some new coding defects
picked up also.

No worries here.  Just go ahead.

Thanks. I'm running the analysis now using the same source code as last

week. So any differences we see in the analysis results will be down to
changes between Coverity Analysis 7.5.0 and 7.6.0. Results should be
available on the Coverity Scan website in a couple of hours.

I'll take a look at any new warnings tomorrow evening. If you have time to

take a look during the day then please let me know the numeric ID of any
issues you fix (or mark them as 'fix submitted') so we don't duplicate
effort.

Thanks.  I had a quick look and CID 109854 is certainly a false positive
because it counts wrongly in the wide character case:

   CHAR fmtbuf[10], *fmt = fmtbuf;

It knows wchar_t is 2 bytes at this point.  Three time ++ means, 14
bytes left.

   STRCPY (fmt, CQ(".*u"));

At this point, Coverity looks at the expression L".*u" and counts 4 bytes
per wide char in the string expression, which isn't true for us.  The
string takes 8 bytes only.

Sorry for the delay in replying. Yes, your analysis of CID 109854 isquite correct. The wide string literal is an array of const wchar_t [1].Coverity should know that this is 2 bytes per character, but seems tocount 4 when it sees the 'L' encoding prefix. I've marked this as afalse positive in Coverity.

The other two new warnings look genuine enough, although both are innewlib. I've taken the liberty of reporting CID 109855 to the newliblist [2] - let's hope they're friendly to newbies. If this is acceptedthen I'll send a patch for CID 109856 as well.


Dave.

[1] - http://www.lcdf.org/c%2B%2B/clause2.html - section 2.13.4,paragraph 1.

[2] - https://sourceware.org/ml/newlib/2015/msg00417.html

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]