<!DOCTYPE html><html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<p>You should probably be sending development related questions like
this one to <a class="moz-txt-link-abbreviated" href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a>.</p>
<p>Additionally, what I've learned as a developer and a Security
person is that **coverity static testing issues** are not always
actual *issues* that need addressed. Without details specifically
on what tests're run, and in what circumstances, etc. static code
analysis is never an all-holy solution that absolutely needs
everything *fixed*.</p>
<p>It's been stated in the past on the nginx-devel list (CC'd) that
these Coverity reports, etc. are usually false-positives or
non-issues and therefore don't need to be constantly sent to NGINX
for their awareness. And additionally, one should not blindly
trust Coverity testing/output to be 100% accurate/correct with
their analyses.</p>
<p><br>
</p>
<p><br>
</p>
<p>Thomas</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 12/6/23 20:34, BILL wrote (to
<a class="moz-txt-link-abbreviated" href="mailto:nginx@nginx.org">nginx@nginx.org</a>):<br>
</div>
<blockquote type="cite" cite="mid:CAH2NDOa_mzW2_rP2O2YD0f-jPJXx5itJ7g3S0FNr47d+E2NhMQ@mail.gmail.com">
<div dir="ltr">Hi,
<div><br>
</div>
<div>We have a coverity testing on nginx 1.20.0 and we got some
errors.</div>
<div>Have any plan to resolve these errors?</div>
<div><br>
</div>
<div><br>
</div>
<div>
<table summary="summary" style="color:rgb(0,0,0);font-family:"Times New Roman";font-size:medium" cellpadding="8">
<tbody>
<tr bgcolor="#4682B4">
<td>Checker</td>
<td>Number</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>ARRAY_VS_SINGLETON</td>
<td>3</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>BAD_FREE</td>
<td>3</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>BUFFER_SIZE</td>
<td>1</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>CHECKED_RETURN</td>
<td>10</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>COPY_PASTE_ERROR</td>
<td>1</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>DC.WEAK_CRYPTO</td>
<td>18</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>DEADCODE</td>
<td>8</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>FORWARD_NULL</td>
<td>49</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>MISSING_RESTORE</td>
<td>1</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>NO_EFFECT</td>
<td>8</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>NULL_RETURNS</td>
<td>8</td>
</tr>
<tr bgcolor="#F8F8F2">
<td style="color:rgb(255,0,0)">OVERRUN</td>
<td>12</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>PW.INCLUDE_RECURSION</td>
<td>8</td>
</tr>
<tr bgcolor="#F8F8F2">
<td style="color:rgb(255,0,0)">RESOURCE_LEAK</td>
<td>5</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>REVERSE_INULL</td>
<td>5</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>SIGN_EXTENSION</td>
<td>1</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>SIZEOF_MISMATCH</td>
<td>8</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>STACK_USE</td>
<td>1</td>
</tr>
<tr bgcolor="#F8F8F2">
<td style="color:rgb(255,0,0)">STRING_NULL</td>
<td>1</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>TAINTED_SCALAR</td>
<td>1</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>TOCTOU</td>
<td>12</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>UNINIT</td>
<td>10</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>UNREACHABLE</td>
<td>63</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>UNUSED_VALUE</td>
<td>4</td>
</tr>
<tr bgcolor="#F8F8F2">
<td style="color:rgb(255,0,0)">USE_AFTER_FREE</td>
<td>1</td>
</tr>
<tr bgcolor="#F8F8F2">
<td>Total</td>
<td>242</td>
</tr>
</tbody>
</table>
</div>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
nginx mailing list
<a class="moz-txt-link-abbreviated" href="mailto:nginx@nginx.org">nginx@nginx.org</a>
<a class="moz-txt-link-freetext" href="https://mailman.nginx.org/mailman/listinfo/nginx">https://mailman.nginx.org/mailman/listinfo/nginx</a>
</pre>
</blockquote>
</body>
</html>