On Sun, Sep 10, 2017 at 06:45:08AM +0200, Michael Haggerty wrote: > > So nothing to see here, but since I spent 20 minutes scratching my head > > (and I know others look at Coverity output and may scratch their heads > > too), I thought it was worth writing up. And also if I'm wrong, it would > > be good to know. ;) > > Thanks for looking into this. I agree with your analysis. > > I wonder whether it is the factor of two between path lengths and byte > lengths that is confusing Coverity. Perhaps the patch below would help. > It requires an extra, superfluous, check, but perhaps makes the code a > tad more readable. I'm neutral on whether we would want to make the change. Yeah, I do agree that it makes the code's assumptions a bit easier to follow. > Is there a way to ask Coverity whether a hypothetical change would > remove the warning, short of merging the change to master? You can download and run the build portion of the coverity tools yourself. IIRC, that pushes the build up to their servers which then do the analysis (you can make your own "project", or use the existing "git" project -- I checked and you are already listed as an admin). I recall it being a minor pain to get it set up, but not too bad. Stefan runs it against "pu" on a regular basis, which is where the emailed results come from. So just having Junio merge it to "pu" would be enough to get results. I noticed that they now have some GitHub/Travis integration: https://scan.coverity.com/github I'm not sure if that is new, or if we just didn't notice it before. ;) But that probably makes more sense to use than ad-hoc uploading (and maybe it would make it easy for you to test personal branches, too). -Peff