On Sun, 18 Dec 2016, Giuseppe D'Angelo wrote:
> It occured to me that PCRE2 is not on Coverity Scan. As I uploaded a
> build of PCRE2 as part of Qt, Coverity raised a bunch of issues in its
> code. I can't judge if they're false positives.
Did you upload the current head or the previous release? The current
head has had a number of issues fixed as a result of ongoing fuzzing
testing by at least two groups.
> Do you think
>
> * it's worth to have a pcre2 project on Coverity?
I don't know enough (anything :-) about Coverity to answer that
question. What issues did it raise?
> * it's worth to set up regular scans of it? I can do it weekly.
If the issues raised are real, then it probably is worth it.
> Note that there's already a pcre project [1], which seems to be
> unused. We might just reuse that, but I need permissions to upload
> builds there.
>
> [1] https://scan.coverity.com/projects/pcre?tab=overview
As I don't have a Coverity account, I can't see that (and I don't think
it's work creating an account myself).
Philip
--
Philip Hazel