[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Coverity Scan for GNUstep?

From: Richard Frith-Macdonald
Subject: Re: Coverity Scan for GNUstep?
Date: Sat, 10 Feb 2018 08:42:20 +0000

> On 9 Feb 2018, at 07:43, Fred Kiefer <address@hidden> wrote:
> Just to keep you updated. Due to Richard’s work over the last few weeks we 
> are now down to zero open issues on Coverity. (They display that there still 
> is one, but in the details they don’t display any open ones. Maybe the web 
> interface cannot cope with zero?) This is an excellent result and shows how 
> well written base was even before the analysis started.
> It would be great if someone besides me and Richard would be willing to 
> recheck all the issues we marked as false positives or intentional. Just to 
> make sure we didn’t hide anything important there.

Thanks for being the person to push all this forward Fred.  Without your 
willingness to set up the Coverity project and generate the data to feed it, 
this wouldn't have happened.

I think I have fixed the final issue (had to play with the filter settings in 
the CoverityGUI to see it), which was a potential buffer overrun if someone 
tampers with the timezone data files on the system (a very minor risk, since 
timezone data is normally installed read-only and owned by root, but still a 
real one).

> I will be away from my computer for the next two weeks so either no scans 
> during that period or somebody else will have to do it. We could now start to 
> discuss whether setting up scans for other parts of GNUstep would be 
> worthwhile and maybe even test how to integrate Coverity into Travis on 
> GitHub.

I hope to find time to set up my system to do coverity builds/scans this 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]