Coverity: Update to version 7.6.0

Corinna Vinschen
Thu Apr 30 07:52:00 GMT 2015

On Apr 30 00:01, David Stacey wrote:
> On 29/04/2015 19:13, Corinna Vinschen wrote:
> >On Apr 29 18:58, David Stacey wrote:
> >>If there are no objections, I'd like to update our weekly Coverity scan to
> >>use Coverity Analysis 7.6.0 (presently we're using 7.5.0). There should be
> >>fewer false positives this week, but there might be some new coding defects
> >>picked up also.
> >No worries here.  Just go ahead.
> Thanks. I'm running the analysis now using the same source code as last
> week. So any differences we see in the analysis results will be down to
> changes between Coverity Analysis 7.5.0 and 7.6.0. Results should be
> available on the Coverity Scan website in a couple of hours.
> I'll take a look at any new warnings tomorrow evening. If you have time to
> take a look during the day then please let me know the numeric ID of any
> issues you fix (or mark them as 'fix submitted') so we don't duplicate
> effort.

Thanks.  I had a quick look and CID 109854 is certainly a false positive
because it counts wrongly in the wide character case:

  CHAR fmtbuf[10], *fmt = fmtbuf;

It knows wchar_t is 2 bytes at this point.  Three time ++ means, 14
bytes left.

  STRCPY (fmt, CQ(".*u"));

At this point, Coverity looks at the expression L".*u" and counts 4 bytes
per wide char in the string expression, which isn't true for us.  The
string takes 8 bytes only.


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <>

More information about the Cygwin-developers mailing list