You should probably be sending development related questions like this
one to nginx-devel@nginx.org.
Additionally, what I've learned as a developer and a Security person is
that **coverity static testing issues** are not always actual *issues*
that need addressed. Without details specifically on what tests're run,
and in what circumstances, etc. static code analysis is never an
all-holy solution that absolutely needs everything *fixed*.
It's been stated in the past on the nginx-devel list (CC'd) that these
Coverity reports, etc. are usually false-positives or non-issues and
therefore don't need to be constantly sent to NGINX for their
awareness. And additionally, one should not blindly trust Coverity
testing/output to be 100% accurate/correct with their analyses.
Thomas
On 12/6/23 20:34, BILL wrote (to ng...@nginx.org):
Hi,
We have a coverity testing on nginx 1.20.0 and we got some errors.
Have any plan to resolve these errors?
Checker Number
ARRAY_VS_SINGLETON 3
BAD_FREE 3
BUFFER_SIZE 1
CHECKED_RETURN 10
COPY_PASTE_ERROR 1
DC.WEAK_CRYPTO 18
DEADCODE 8
FORWARD_NULL 49
MISSING_RESTORE 1
NO_EFFECT 8
NULL_RETURNS 8
OVERRUN 12
PW.INCLUDE_RECURSION 8
RESOURCE_LEAK 5
REVERSE_INULL 5
SIGN_EXTENSION 1
SIZEOF_MISMATCH 8
STACK_USE 1
STRING_NULL 1
TAINTED_SCALAR 1
TOCTOU 12
UNINIT 10
UNREACHABLE 63
UNUSED_VALUE 4
USE_AFTER_FREE 1
Total 242
_______________________________________________
nginx mailing list
ng...@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
