nginx 1.20.0 coverity errors

Thomas Ward teward at thomas-ward.net
Thu Dec 7 02:32:16 UTC 2023


You should probably be sending development related questions like this 
one to nginx-devel at nginx.org.

Additionally, what I've learned as a developer and a Security person is 
that **coverity static testing issues** are not always actual *issues* 
that need addressed.  Without details specifically on what tests're run, 
and in what circumstances, etc. static code analysis is never an 
all-holy solution that absolutely needs everything *fixed*.

It's been stated in the past on the nginx-devel list (CC'd) that these 
Coverity reports, etc. are usually false-positives or non-issues and 
therefore don't need to be constantly sent to NGINX for their 
awareness.  And additionally, one should not blindly trust Coverity 
testing/output to be 100% accurate/correct with their analyses.



Thomas


On 12/6/23 20:34, BILL wrote (to nginx at nginx.org):
> Hi,
>
> We have a coverity testing on nginx 1.20.0 and we got some errors.
> Have any plan to resolve these errors?
>
>
> Checker 	Number
> ARRAY_VS_SINGLETON 	3
> BAD_FREE 	3
> BUFFER_SIZE 	1
> CHECKED_RETURN 	10
> COPY_PASTE_ERROR 	1
> DC.WEAK_CRYPTO 	18
> DEADCODE 	8
> FORWARD_NULL 	49
> MISSING_RESTORE 	1
> NO_EFFECT 	8
> NULL_RETURNS 	8
> OVERRUN 	12
> PW.INCLUDE_RECURSION 	8
> RESOURCE_LEAK 	5
> REVERSE_INULL 	5
> SIGN_EXTENSION 	1
> SIZEOF_MISMATCH 	8
> STACK_USE 	1
> STRING_NULL 	1
> TAINTED_SCALAR 	1
> TOCTOU 	12
> UNINIT 	10
> UNREACHABLE 	63
> UNUSED_VALUE 	4
> USE_AFTER_FREE 	1
> Total 	242
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20231206/738109e8/attachment.htm>


More information about the nginx-devel mailing list