Re: [Cvs-dev] Re: Result of CVS Coverity scan, via NetBSD

[Mark D. Baushke]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Larry,

address@hidden <address@hidden> writes:

> Mark D. Baushke writes:
> >
> > I have addressed more of the Coverity bugs from run 22:
> 
> I notice that many of the fixes are testing to be sure pointers
> are not null before dereferencing them.  Those pointers should
> never be null -- if they are, it indicates something seriously
> wrong, either with the code or the RCS file data.  

Either that, or that someone has sent garbage across the wire in the
client/server protocol (i.e., see the changes to handle_mt()).

Good point.

> A better fix might be adding assert()s to make such problems obvious
> rather than quietly continuing as if nothing were wrong.

According to coverity, most of those fixes do really have a possible
code path where the values could legitmately be NULL.

In a few cases, the Coverity code is getting the idea that they could be
NULL because a later check after the dereference was made to see if they
were NULL before they were in a call to free(). I suppose an assert()
before the free() might be more reasonable in those few cases.

If you have particular places where you think I should be putting
asserts(), please let me know.

I'll bear the use of assert() in mind as I move through the rest of the
problems that have been reported.

        Thanks,
        -- Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)

iD8DBQFEY3vHCg7APGsDnFERAh6MAKC5uGThGsH3pKKoMf7aW6vnWsfIeACgnon2
nZLbTwB9jZhr725wGRVw9q8=
=78EH
-----END PGP SIGNATURE-----