Re: Flaws detected by static analyzers in Fedora 41 Critical Path Packages

[Tom Stellard]

On 7/5/24 17:05, Siteshwar Vashisht wrote:

Hello,

I am writing this message to get feedback from the community on possibly new 
defects identified by static analyzers in Critical Path Packages that have 
changed in Fedora 41. For context, please see my previous email[1].

TLDR: This report[2] contains 73976 identified defects. Please review the 
report and provide feedback.

A mass scan was performed this week on the packages that have changed in Fedora 
41. This report[2] contains all the new defects that have been identified in 
the packages listed in Critical Path Packages. Please review the report and fix 
or report any defects to upstream that may be real bugs. Not all defects 
reported by OpenScanHub may be actual bugs, so please verify reported defects 
before investing time into fixing or reporting them. We hope this is helpful 
for the packages you maintain and for the upstream projects. Questions can be 
asked on the OpenScanHub mailing list[3]. If you want to see the full logs of 
the scans, they are available on the tasks[4] page. User documentation for 
performing a scan is available on the Fedora wiki[5].

Please remember this is currently an early production stage for OpenScanHub 
scanning. Constructive feedback is appreciated. Thank you!

The scan for LLVM reported 0 issues, which seems unlikely.  Is it possible
the scan timed out?  We run the clang static analyzer upstream and it
does report issues:
https://github.com/llvm/llvm-project/actions/runs/9866302541/job/27244829483

-Tom

[1] 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/OMKLJFW4VC242QSA7R4KMGI6IGBT3YLM/
 
<https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/OMKLJFW4VC242QSA7R4KMGI6IGBT3YLM/>
[2] https://svashisht.fedorapeople.org/f41-03-Jul-2024/ 
<https://svashisht.fedorapeople.org/f41-03-Jul-2024/>
[3] 
https://lists.fedoraproject.org/archives/list/openscan...@lists.fedoraproject.org/ 
<https://lists.fedoraproject.org/archives/list/openscan...@lists.fedoraproject.org/>
[4] https://openscanhub.fedoraproject.org/task/ 
<https://openscanhub.fedoraproject.org/task/>
[5] https://fedoraproject.org/wiki/OpenScanHub 
<https://fedoraproject.org/wiki/OpenScanHub>


--
Siteshwar Vashisht

--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue