On 8/16/06, Andraž Tori <[EMAIL PROTECTED]> wrote:
On Wed, 2006-08-16 at 21:20 +0200, Johannes Sixt wrote:
> On Wednesday 16 August 2006 20:07, m h wrote:
> > Ok, so in the meantime I used 2.0 for a little bit more and (got so
> > frustrated with silly crashes that I) pulled out valgrind. Amazingly
> > there were cases where it didn't crash when running under valgrind,
> > that would immediatley crash otherwise.
> >
> > So I'm volunteering myself to work with these scanning companies if
> > they accept (in fact I've already sent them proposals). I'm haven't
> > done C++ in years (mostly using python and java), but I think this
> > will be a worthwhile way to improve the stability of cinelerra.
> >
> > What I need from the core maintainers is help and advice. I already
> > recieved a response from klockwork. They want to know if I'm a
> > maintainer, since I'm not, but am willing to shoulder these tasks,
> > I'll need some sponsership from a maintainer. Also will need advice
> > regarding what to scan, etc (ie, I think we should scan a pre 2.1
> > merge, because the stability of the merged version could still be in
> > question....).
>
> Matt,
>
> thanks for taking the initiative.
>
> There's a problem with this automatic tests: They are geared to find security
> flaws. But, frankly, security is of little concern for Cinelerra.
>
> As Andraž has pointed out, there will be a lot of uninteresting bugs (like
> arrays of BC_TEXTLEN being filled with user input). I don't feel like fixing
> them because it's unlikely that they will flow upstream.
>
> The most interesting cases are missing or incorrect locking. _If_ the testing
> can find such bugs, and _if_ it can ignore (*) the forest of uninteresting
> flaws, it will be worth every penny and you have my support.
>
> (*) i.e. there is some means to filter them easily from the reports; plus
> klocwork will not feel abused because we don't fix these bugs.
actually there might be some off-by-one errors and missing null-pointer
checks that can be found using these tools and are worthwhile to fix.
however they will probably drown in an ocean of 'uninteresting' bugs...
this could indeed be a problem
Should do I have the support of maintainers to proceed with klockwork,
given that I only fix (submit patches) the "interesting" bugs?
_______________________________________________
Cinelerra mailing list
Cinelerra@skolelinux.no
https://init.linpro.no/mailman/skolelinux.no/listinfo/cinelerra
