On Thu, Sep 18, 2014 at 6:17 PM, Jakub Hrozek <jhrozek_at_redhat.com> wrote:
> On Thu, Sep 18, 2014 at 12:13:36AM +0200, Daniel Stenberg wrote:
> > On Wed, 17 Sep 2014, Jakub Hrozek wrote:
> >
> > >FWIW, we scan all packages in RHEL with Coverity, but mostly look at
> diffs
> > >between versions -- which already found some bugs. I'm not sure if
> anyone
> > >did a full review of all the messages Coverity would spit out..
> >
> > Oh, this made me realize my daily clang-analyzer job wasn't actually
> running
> > on c-ares lately but I've activated it again now and its reports can be
> seen
> > here:
> >
> > http://c-ares.haxx.se/scans/
>
> cool!
>
> In general my experience is that Coverity and clang sometimes find
> different issues, so it's good to run both.
>
> >
> > It looks like we have small issues to work on.
>
> My take:
>
> 1) Dead store Dead increment ares_init.c:1398
> This seems like a false positive. I wonder if clang would
> be happier if we moved "lenv *= 2;" after the realloc check? But that
> would make the code less readable in my opinion.
>
I thought that was a true positive, although it indicates a slightly
different bug -- the loop is WHILE_FALSE so the continue statement after
doubling the length won't go round it again. Maybe the loop should be
"while (res != 0);" or somesuch?
Received on 2014-09-19