develooper Front page | perl.perl5.porters | Postings from August 2019

New Coverity Scan done

From:
Tony Cook
Date:
August 7, 2019 03:23
Subject:
New Coverity Scan done
Message ID:
20190807032254.3g6sjxgrylldyrsy@mars.tony.develop-help.com
Hi List,

I've done another Coverity Scan run and the results are available via
the project page at:

https://scan.coverity.com/projects/perl5?tab=overview

You need either a github or a coverity specific account, you shouldn't
need more than that for read-only access.

There was a significant upgrade in their tooling in May/June (with
some significant downtime too, oops), which may reveal new long (or
not so long) standing issues, and has revealed some new false
positives.

One type of (to me false positive) problem that came up was byte
swapping.

The default 64-bit bit hash algorithm uses byte swapping on its input
strings, and Coverity treats that as an indicator that the source data
is from an untrusted source (such as a network packet), which cascades
into a bunch of other complaints.  I've marked most of those as false
positives.

Tony



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About