Re: [OpenScanHub] Re: Flaws detected by static analyzers in Fedora 41 Critical Path Packages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Jul 16, 2024 at 4:55 PM Kamil Dudka <kdudka@xxxxxxxxxx> wrote:
>
> On Tuesday, July 9, 2024 12:45:18 PM CEST Siteshwar Vashisht wrote:
> > On Sat, Jul 6, 2024 at 2:05 AM Siteshwar Vashisht <svashisht@xxxxxxxxxx>
> > wrote:
> >
> > > Hello,
> > >
> > > I am writing this message to get feedback from the community on possibly
> > > new defects identified by static analyzers in Critical Path Packages that
> > > have changed in Fedora 41. For context, please see my previous email[1].
> > >
> >
> > There were a large number of false positives reported due to cppcheck
> > warning about limiting analysis of branches.
> >
> > I have added the --check-level=exhaustive option to cppcheck. Here is an
> > example report:
> >
> > Without --check-level=exhaustive:
> >
> > https://openscanhub.fedoraproject.org/task/242/log/units-2.22-6.fc39/scan-results.html
>
> As this is a problem with the analysis rather than a problem with the source
> code being analyzed, I propose to filter these warnings out in the csmock
> plug-in, as we do for cppcheckError, syntaxError, and the like:
> https://github.com/csutils/csmock/blob/b3a2279468e7440553d0757b0d93c58791e13e93/py/plugins/cppcheck.py#L68

It should be fixed by the next release of csmock[1].

>
> > With --check-level=exhaustive:
> >
> > https://openscanhub.fedoraproject.org/task/2029/log/units-2.22-6.fc39/scan-results.html
> >
> > So this issue should not happen in the future.
>
> The downside of using `--check-level=exhaustive` is that Cppcheck might be
> killed by a timeout (set to 30s by default) before reporting other useful
> bugs.
>
> Kamil
>
>

[1] https://github.com/csutils/csmock/pull/181

-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux