bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tar + cpio - covscan issues


From: Ondrej Dubaj
Subject: Re: tar + cpio - covscan issues
Date: Mon, 12 Apr 2021 07:19:26 +0200

Thanks for the explanation, which of the reports do you consider as false positives and which as real issues ? If there are some real issues, are you willing to fix them ?

Thank you.

Ondrej

On Sat, Apr 10, 2021 at 12:32 PM Bruno Haible <bruno@clisp.org> wrote:
Hi Ondrej,

> proposing patch for some of the issues found by coverity scan in tar-1.34

Thanks for these reports.

When we get Coverity reports, we fix the things that are valid complaints
about the code, but we do NOT change the code to reduce the number of reported
issues. That is because
  1) Coverity has a UI where you can mark issues are false issues, even with
     a rationale, and such resolutions are even propagated when the same source
     file is used in a different project (such as gnulib vs. tar).
  2) About 80% to 90% of the reported issues are false issues. We would be
     seriously contorting the source code if we attempted to change the code
     to avoid the reports.

Bruno


reply via email to

[Prev in Thread] Current Thread [Next in Thread]