On 08/19/2013 07:09 PM, Koch, Rick (Subcontractor) wrote: > I'm directing to this e-mail, as it seems to be the approved forum for posting Git bugs. We ran CPPCheck against Git v.1.8.3.4 and found 24 high risk bugs. Please see the attachment xlsx. > > Is there a method to post to the Git community to allow the community to review and debunk as faults positive or develop patches to fix lists code files? > Hi, if you're using cppcheck as found at https://github.com/danmar/cppcheck or http://sourceforge.net/apps/trac/cppcheck/ you really need to review the results, as there are many false positives. I used that tool for my contributions so far (bug fixes as reported by cppcheck). However you *really* need to manually review any message cppcheck generates. This is because git is using a C, asm-like coding style for many routines, whereas that cppcheck is rather optimized to find typical C++ errors. And the styles vary wildy! (cppcheck tries to become no false positives, but it's hard I guess) I am running that cppcheck tool on git regulary (cppcheck master branch on git master branch), and review for real findings, you're welcome to do so as well. :) There are other static code analyzers, which have slightly different goals, such as http://css.csail.mit.edu/stack/ which has an incredibly low false positive rate (I found none as of now). However I think having different tools is a great thing, but you'd need to know your tools. ;) Stefan
Attachment:
signature.asc
Description: OpenPGP digital signature