Re: [pcre-dev] PCRE2 on Coverity Scan

Top Page
Delete this message
Author: ph10
Date:  
To: Giuseppe D'Angelo
CC: pcre-dev
Subject: Re: [pcre-dev] PCRE2 on Coverity Scan
On Sun, 18 Dec 2016, Giuseppe D'Angelo wrote:

> It occured to me that PCRE2 is not on Coverity Scan. As I uploaded a
> build of PCRE2 as part of Qt, Coverity raised a bunch of issues in its
> code. I can't judge if they're false positives.


Did you upload the current head or the previous release? The current
head has had a number of issues fixed as a result of ongoing fuzzing
testing by at least two groups.

> Do you think
>
> * it's worth to have a pcre2 project on Coverity?


I don't know enough (anything :-) about Coverity to answer that
question. What issues did it raise?

> * it's worth to set up regular scans of it? I can do it weekly.


If the issues raised are real, then it probably is worth it.

> Note that there's already a pcre project [1], which seems to be
> unused. We might just reuse that, but I need permissions to upload
> builds there.
>
> [1] https://scan.coverity.com/projects/pcre?tab=overview


As I don't have a Coverity account, I can't see that (and I don't think
it's work creating an account myself).

Philip

--
Philip Hazel