> On 10 Sep 2017, at 09:39, Jeff King <peff@xxxxxxxx> wrote: > > On Sun, Sep 10, 2017 at 06:45:08AM +0200, Michael Haggerty wrote: > >>> So nothing to see here, but since I spent 20 minutes scratching my head >>> (and I know others look at Coverity output and may scratch their heads >>> too), I thought it was worth writing up. And also if I'm wrong, it would >>> be good to know. ;) >> >> Thanks for looking into this. I agree with your analysis. >> >> I wonder whether it is the factor of two between path lengths and byte >> lengths that is confusing Coverity. Perhaps the patch below would help. >> It requires an extra, superfluous, check, but perhaps makes the code a >> tad more readable. I'm neutral on whether we would want to make the change. > > Yeah, I do agree that it makes the code's assumptions a bit easier to > follow. > >> Is there a way to ask Coverity whether a hypothetical change would >> remove the warning, short of merging the change to master? > > You can download and run the build portion of the coverity tools > yourself. IIRC, that pushes the build up to their servers which then do > the analysis (you can make your own "project", or use the existing "git" > project -- I checked and you are already listed as an admin). I recall > it being a minor pain to get it set up, but not too bad. > > Stefan runs it against "pu" on a regular basis, which is where the > emailed results come from. So just having Junio merge it to "pu" would > be enough to get results. > > I noticed that they now have some GitHub/Travis integration: > > https://scan.coverity.com/github > > I'm not sure if that is new, or if we just didn't notice it before. ;) > But that probably makes more sense to use than ad-hoc uploading (and > maybe it would make it easy for you to test personal branches, too). Coverity scans Git already: https://scan.coverity.com/projects/70 I requested access to this Coverity project to integrate into our TravisCI build. - Lars
