Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4 (fetch.c L588)

to be the approved forum for posting Git bugs. We ran CPPCheck against Git v.1.8.3.4 and found 24 high risk bugs. Please see the attachment xlsx. Is there a method to post to the Git community to allow the community to review and debunk as faults positive or develop patches to fix lists code

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

On Tue, Aug 20, 2013 at 01:15:02AM +0200, Erik Faye-Lund wrote: This one seems real, although it's quite theoretical. It should only happen in cases where the log-message contains %1, the initial malloc passed and reallocing two more bytes failed. However, what's much more of a disaster:

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

Erik Faye-Lund kusmab...@gmail.com writes: diff --git a/compat/win32/syslog.c b/compat/win32/syslog.c index d015e43..0641f4e 100644 --- a/compat/win32/syslog.c +++ b/compat/win32/syslog.c @@ -43,11 +43,14 @@ void syslog(int priority, const char *fmt, ...) va_end(ap); while ((pos =

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

Am 20.08.2013 20:44, schrieb Andreas Schwab: Erik Faye-Lund kusmab...@gmail.com writes: diff --git a/compat/win32/syslog.c b/compat/win32/syslog.c index d015e43..0641f4e 100644 --- a/compat/win32/syslog.c +++ b/compat/win32/syslog.c @@ -43,11 +43,14 @@ void syslog(int priority, const char

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

On Tue, Aug 20, 2013 at 8:44 PM, Andreas Schwab sch...@linux-m68k.org wrote: Erik Faye-Lund kusmab...@gmail.com writes: diff --git a/compat/win32/syslog.c b/compat/win32/syslog.c index d015e43..0641f4e 100644 --- a/compat/win32/syslog.c +++ b/compat/win32/syslog.c @@ -43,11 +43,14 @@ void

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

On Tue, Aug 20, 2013 at 10:34 PM, René Scharfe l@web.de wrote: Am 20.08.2013 20:44, schrieb Andreas Schwab: Erik Faye-Lund kusmab...@gmail.com writes: diff --git a/compat/win32/syslog.c b/compat/win32/syslog.c index d015e43..0641f4e 100644 --- a/compat/win32/syslog.c +++

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

Erik Faye-Lund kusmab...@gmail.com writes: I don't see how it's undefined. It's using the memory that 'pos' *points to* that is undefined, no? The difference between 'pos' and 'str' should still be the same, it's not like realloc somehow magically updates 'pos'... It does. Think of

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

Andreas Schwab sch...@linux-m68k.org writes: Erik Faye-Lund kusmab...@gmail.com writes: I don't see how it's undefined. It's using the memory that 'pos' *points to* that is undefined, no? The difference between 'pos' and 'str' should still be the same, it's not like realloc somehow

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

On Wed, Aug 21, 2013 at 1:01 AM, Andreas Schwab sch...@linux-m68k.org wrote: Erik Faye-Lund kusmab...@gmail.com writes: I don't see how it's undefined. It's using the memory that 'pos' *points to* that is undefined, no? The difference between 'pos' and 'str' should still be the same, it's not

CPPCheck found 24 high risk bugs in Git v.1.8.3.4

I'm directing to this e-mail, as it seems to be the approved forum for posting Git bugs. We ran CPPCheck against Git v.1.8.3.4 and found 24 high risk bugs.  Please see the attachment xlsx. Is there a method to post to the Git community to allow the community to review and debunk as faults

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

From: Koch, Rick (Subcontractor) rick.k...@tbe.com Sent: Monday, August 19, 2013 6:09 PM I'm directing to this e-mail, as it seems to be the approved forum for posting Git bugs. We ran CPPCheck against Git v.1.8.3.4 and found 24 high risk bugs. Please see the attachment xlsx

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

On Mon, Aug 19, 2013 at 09:03:21PM +0100, Philip Oakley wrote: In case other readers don't have a .xlsx reader here is Rick's list in plain text (may be white space damaged). I expect some will be false positives, and some will just be being too cautious. [...] description

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

Jeff King p...@peff.net writes: On Mon, Aug 19, 2013 at 09:03:21PM +0100, Philip Oakley wrote: In case other readers don't have a .xlsx reader here is Rick's list in plain text (may be white space damaged). I expect some will be false positives, and some will just be being too cautious.

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

On 08/19/2013 07:09 PM, Koch, Rick (Subcontractor) wrote: I'm directing to this e-mail, as it seems to be the approved forum for posting Git bugs. We ran CPPCheck against Git v.1.8.3.4 and found 24 high risk bugs. Please see the attachment xlsx. Is there a method to post to the Git

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

: Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4 From: Koch, Rick (Subcontractor) rick.k...@tbe.com Sent: Monday, August 19, 2013 6:09 PM I'm directing to this e-mail, as it seems to be the approved forum for posting Git bugs. We ran CPPCheck against Git v.1.8.3.4 and found 24 high risk bugs

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

- Original Message - From: Philip Oakley philipoak...@iee.org From: Koch, Rick (Subcontractor) rick.k...@tbe.com Sent: Monday, August 19, 2013 6:09 PM I'm directing to this e-mail, as it seems to be the approved forum for posting Git bugs. We ran CPPCheck against Git v.1.8.3.4 and found

Re: CPPCheck found 24 high risk bugs in Git v.1.8.3.4

Message - From: Philip Oakley philipoak...@iee.org From: Koch, Rick (Subcontractor) rick.k...@tbe.com Sent: Monday, August 19, 2013 6:09 PM I'm directing to this e-mail, as it seems to be the approved forum for posting Git bugs. We ran CPPCheck against Git v.1.8.3.4 and found 24 high risk