Eric V. Smith <[email protected]> added the comment:
Thank you for posting this.
Some of these look like false positives.
For example:
#263
Parser/string_parser.c:670: error: Uninitialized Value
The value read from parenstack[_] was never initialized.
668. }
669. nested_depth--;
670. int opening = (unsigned char)parenstack[nested_depth];
^
671. if (!((opening == '(' && ch == ')') ||
672. (opening == '[' && ch == ']') ||
I don't see how this could be an uninitialized read, although I'm willing to be
wrong.
If your tool can produce patches to fix reported problems, I suggest that you
create PRs for specific issues, so they can be reviewed individually. There's
no way we'd review a single patch for all 673 issues that were identified.
Also, looking at the first one:
#0
Objects/clinic/bytearrayobject.c.h:50: error: Dead Store
The value written to &noptargs (type long) is never used.
48. goto exit;
49. }
50. if (!--noptargs) {
^
51. goto skip_optional_pos;
52. }
We've discussed this before. The consensus last time was to leave code like
this in place, in case other code was added after this that refers to the same
pointer. Our assumption is that compilers will remove the unneeded store. Is it
possible to remove Dead Stores from the output, and/or produce a separate
output with just Dead Stores? I don't see how a Dead Store can be a
vulnerability.
----------
nosy: +eric.smith -414039482
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue46280>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
