|
| From: | Paul Eggert |
| Subject: | Re: Coverity false positives triggered by gnulib's implementation of base64 |
| Date: | Fri, 10 May 2019 18:36:00 -0500 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 |
On 5/10/19 4:32 AM, Kamil Dudka wrote:
I was thinking of making a change only if it makes the code a bit better even ignoring whether Coverity is used. Surely we wouldn't insist on slightly-worse code merely because we also want to further clutter it up with Coverity pacification.I do not think it is a good idea to change a piece of working code to make a static analysis false positives magically disappear.
Getting precise results for checkers like this is computationally expensive and in the general case impossible.
Although that is true in general, in this particular case it's easy for an automated tool with Coverity's sophistication to check that the subscripts are in-range for the array. This is really a Coverity bug and I'd rather not add batches of comments to code just to cater to Coverity bugs. Particularly since Coverity is not free software and ordinary developers like me cannot use it.This sort of thing would send the wrong signal from the GNU project.
| [Prev in Thread] | Current Thread | [Next in Thread] |