nginx 1.20.0 coverity errors
Thomas Ward
teward at thomas-ward.net
Thu Dec 7 02:32:16 UTC 2023
You should probably be sending development related questions like this
one to nginx-devel at nginx.org.
Additionally, what I've learned as a developer and a Security person is
that **coverity static testing issues** are not always actual *issues*
that need addressed. Without details specifically on what tests're run,
and in what circumstances, etc. static code analysis is never an
all-holy solution that absolutely needs everything *fixed*.
It's been stated in the past on the nginx-devel list (CC'd) that these
Coverity reports, etc. are usually false-positives or non-issues and
therefore don't need to be constantly sent to NGINX for their
awareness. And additionally, one should not blindly trust Coverity
testing/output to be 100% accurate/correct with their analyses.
Thomas
On 12/6/23 20:34, BILL wrote (to nginx at nginx.org):
> Hi,
>
> We have a coverity testing on nginx 1.20.0 and we got some errors.
> Have any plan to resolve these errors?
>
>
> Checker Number
> ARRAY_VS_SINGLETON 3
> BAD_FREE 3
> BUFFER_SIZE 1
> CHECKED_RETURN 10
> COPY_PASTE_ERROR 1
> DC.WEAK_CRYPTO 18
> DEADCODE 8
> FORWARD_NULL 49
> MISSING_RESTORE 1
> NO_EFFECT 8
> NULL_RETURNS 8
> OVERRUN 12
> PW.INCLUDE_RECURSION 8
> RESOURCE_LEAK 5
> REVERSE_INULL 5
> SIGN_EXTENSION 1
> SIZEOF_MISMATCH 8
> STACK_USE 1
> STRING_NULL 1
> TAINTED_SCALAR 1
> TOCTOU 12
> UNINIT 10
> UNREACHABLE 63
> UNUSED_VALUE 4
> USE_AFTER_FREE 1
> Total 242
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20231206/738109e8/attachment.htm>
More information about the nginx-devel
mailing list