On 01/10/2020 08:59, Stephan Bergmann wrote:
* For example, "Use-after-free"
2020-09-30-155842-506845-1/report-366f11.html#EndPath (presumably along
with many, many other of the 827 Use-after-free) is clearly a false
positive: While VclPtr::disposeAndClear holds
::rtl::Reference<reference_type> aTmp(m_rInnerRef);
the call to
m_rInnerRef.clear();
cannot decrement m_rInnerRef's ref count to zero, so the following
if (aTmp.get()) {
will /not/ access freed memory. We would need some mechanism to filter
out such identified false positives, with whatever mechanism would be
suitable: an annotation in the source code, a modification of the
-analyzer-... command line options passed to clang, etc. However, that
filtering should be done in an auditable way, so that we can later
discover that we are filtering false positives relating to a certain
location in the code, and can learn the rationale why those were
considered false positives. (Something that can be a pain with the way
we use Coverity Scan, see below.)
For the record: There is ongoing discussion on the Clang mailing list
how to provide annotations for the static analyzer in the source code;
thread starting at
<http://lists.llvm.org/pipermail/cfe-dev/2020-October/067074.html>
"[cfe-dev] [analyzer][RFC] Attribute(s) to enhance/configure the analysis".
_______________________________________________
LibreOffice mailing list
LibreOffice@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/libreoffice
