[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: byteswap side-effect defect report from Coverity
From: |
Collin Funk |
Subject: |
Re: byteswap side-effect defect report from Coverity |
Date: |
Mon, 20 May 2024 12:48:40 -0700 |
User-agent: |
Mozilla Thunderbird |
Hi Bruno,
On 5/20/24 12:40 PM, Bruno Haible wrote:
>> Interesting. I just learned what a Coverity scan is. Do I have to have
>> permission to view the defects?
>
> I think one needs permission to view and classify these defects, yes.
> But it's more boring than anything else, since more than 90% are false
> alarms. So, if you don't mind, it's sufficient if Paul and I view and
> classify these defects.
I see. That is fine with me. I can see that a lot of them are
"CWE-676: Use of Potentially Dangerous Function", which seems more
annoying then helpful. I imagine it is just a bunch of <string.h>
functions that are mostly fine.
> If you really want to do something boring, you could review
> 'gcc -fanalyzer' reports (which is something Paul and I occasionally
> do as well) or 'clang -fanalyzer' reports (which neither of us has done
> so far, AFAIK).
I use 'gcc -fanalyzer' occasionally. I wasn't aware that clang
supported it too.
Collin