Re: [pcre-dev] PCRE2 on Coverity Scan

Top Page
Delete this message
Author: Giuseppe D'Angelo
Date:  
To: Zoltán Herczeg
CC: pcre-dev
Subject: Re: [pcre-dev] PCRE2 on Coverity Scan
On Tue, Dec 20, 2016 at 8:42 AM, Zoltán Herczeg <hzmester@???> wrote:
>>>>>     Although "compile_bracket_matchingpath" does overwrite "current->top" on some paths, it also contains at least one feasible path which does not overwrite it.

>
> I think it expects that current->top must not be NULL. This isn't true, it can be NULL which represents a "leaf" object in a tree like structure.


So perhaps it can't deduce some implication about current->top being
NULL or not NULL in certain paths. Probably a few assertions in the
code would shut these warnings.


>>>> * it's worth to set up regular scans of it? I can do it weekly.
>
> I don't mind if you do it. But please check the output manually first and don't forward a huge report every week for us :)


Hum... unfortunately that's outside my control, Coverity sends such
reports automatically after a build. But I don't expect them to be
huge: the reports are about *new* stuff found in a given scan. For Qt
we're talking about ~10 issues found every couple of weeks, so
something totally manageable.

Thank you,
--
Giuseppe D'Angelo