[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Coverity false positives triggered by gnulib's implementation of bas

From: Paul Eggert
Subject: Re: Coverity false positives triggered by gnulib's implementation of base64
Date: Fri, 10 May 2019 18:36:00 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1

On 5/10/19 4:32 AM, Kamil Dudka wrote:

I do not think it is a good idea to change a piece of working code to make
a static analysis false positives magically disappear.
I was thinking of making a change only if it makes the code a bit better even ignoring whether Coverity is used. Surely we wouldn't insist on slightly-worse code merely because we also want to further clutter it up with Coverity pacification.

Getting precise results for checkers like
this is computationally expensive and in the general case impossible.

Although that is true in general, in this particular case it's easy for an automated tool with Coverity's sophistication to check that the subscripts are in-range for the array. This is really a Coverity bug and I'd rather not add batches of comments to code just to cater to Coverity bugs. Particularly since Coverity is not free software and ordinary developers like me cannot use it.This sort of thing would send the wrong signal from the GNU project.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]