Hi David, To generate a static report from Coverity, run cov-format-errors. This command generates a set of HTML pages which contain all the issues found in the last run.
Yair -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Hartman Sent: Monday, January 09, 2006 11:19 PM To: Andy Polyakov; openssl-dev@openssl.org Cc: Andrew Schnable Subject: RE: Problems Identified in Static Source Analysis Hi Andy, It turns out there was no easy way to give you the Coverity test results directly. For the runs to be useful, you really need a viewer, and we are limited by the licenses as to who can use the viewer. We have a copy of 0.9.8a in our source tree, and I made the changes to our copy of 0.9.8a. I attached the diffs. I apologize for making these changes against our own copy of the sources, that means the resulting diffs can't be used directly as a patch against your CVS repository since the file revisions will be different. Hopefully this is still useful as you can still use the file names and line numbers. I will work on getting rsynch set up and getting a local copy of your CVS repository so I can submit proper patches in the future. -David > -----Original Message----- > From: Andy Polyakov [mailto:[EMAIL PROTECTED] > Sent: Sunday, December 18, 2005 7:41 AM > To: openssl-dev@openssl.org; David Hartman > Cc: Andrew Schnable > Subject: Re: Problems Identified in Static Source Analysis > > Hi, > > > We recently ran Coverity, a static source analysis tool, against OpenSSL > > 0.9.7 and 0.9.8. We found a number of problems such as the potential to > > access null pointers, lack of error checking on return codes, etc. > > There are in the neighborhood of 25 errors that we considered worth > fixing. > > > > Would you like us to contribute these fixes back to the project? > > Yes. > > > If so, > > what would be the best format for submitting them? > > Coverity report itself by all means preferred, as more eyeballs on > deciding on what's worth fixing and in which branch is better. If > disclosure on public list such as openssl-dev is not appropriate, send > it to openssl-team. > > > Would you like the diffs or raw sources? > > See "HOW TO CONTRIBUTE TO OpenSSL" paragraph in ./README for formalized > description. > > > Also, which branch would be best? > > The normal workflow goes as following: 1. HEAD [see > http://www.openssl.org/source/repos.html], 2. backport to released > versions. Backports to 0.9.8 are currently very common, while backports > to 0.9.7 are rather rare. Meaning that HEAD is by all means preferred, > but as long as we're not talking about changed functionality or new > features, 0.9.8 is OK for the moment, as it has not diverged too much. A. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]