[Git][NTPsec/ntpsec][master] Coverity -- another try.
Gary E. Miller
gem at rellim.com
Fri Jan 24 00:09:12 UTC 2025
Yo Hal!
On Thu, 23 Jan 2025 14:25:53 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:
> [Another exchange that got droped from @devel]
>
> Gary said:
> > I'm not a fan of suppressing warnings. Especially one I agree
> > with.
>
> Right. But I don't agree with this one and I consider your suggested
> fix to be too ugly. It's doubling the size of the relevant code
> block and makes it harder to understand what's going on.
Uh, I merely suggested the direction to a valid fix. My code was
inteded to show off where the bug is, not to be an elegant fix. Since
you claimed it was a bug in Coverity, I showed it is UB in ntpsec code.
I'm sure it can be done way better. Once you realize what the UB is.
gcc has said they will soon make UB a warning. So fix it now, or fix it
later.
> We currently have 28 places that squish Coverity warnings.
Ugh.
> Several are reminding us that random() isn't good enough for crypto.
Yeah, I hate those. That is OK ti over ride.
> It would be neat to double check them and see how many are still
> needed and/or update the comment with a Coverity number. I don't
> know my way around Coverity and/or gitlab very well. Can somebody
> give me a quick lesson. How do I clone our code, make my changes,
> then get Coverity to run on my new code?
Beats me. I think James has a handle on that.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
More information about the devel
mailing list