passert never returns if the test is false.
Coverity Scan doesn't seem to know this.
This leads to false positives in its reports.
For example, consider these lines from
programs/pluto/ikev1_spdb_struct.c:
2478 passert(ty < ipsec_attr_val_descs_roof);
2479 vdesc = ipsec_attr_val_descs[ty];
In the latest Coverity Scan run, CID 1496140 claims that the subscript
can be out of bounds because ty might be greater or equal to
ipsec_attr_val_descs_roof. Even though the passert says that it
cannot be.
This property of passert is indicated by NEVER_RETURNS on the
declaration of llog_passert.
NEVER_RETURNS expands to
__attribute__ ((noreturn))
if, and only if, GCC_LINT is defined.
Does Coverity Scan know that GCC_LINT should be defined?
Or is it baffled by the layers of macro expansion?
Where is Coverity Scan configured? Does it just read the makefiles?
With a normal build, -DGCC_LINT appears on cc commands. Here's where
GCC_LINT appears in our tree:
CROSSCOMPILE.sh:21:export USERCOMPILE="-Wl,-elf2flt
-DCOMPILER_HAS_NO_PRINTF_LIKE -O3 -g ${PORTDEFINE} -I$PREFIX/arm-elf/inc
-L$PREFIX/lib/gcc-lib -DGCC_LINT -Dlinux -D__linux__"
include/lswcdefs.h:38:#ifdef GCC_LINT
mk/config.mk:799:ifeq ($(origin GCC_LINT),undefined)
mk/config.mk:800:GCC_LINT = -DGCC_LINT
mk/config.mk:802:USERLAND_CFLAGS += $(GCC_LINT)
packaging/suse/libreswan.spec:70: USERCOMPILE='-g $(RPM_OPT_FLAGS) -DGCC_LINT'
\
packaging/suse/sles10.spec:70: USERCOMPILE='-g $(RPM_OPT_FLAGS) -DGCC_LINT' \
testing/guestbin/makeallways:14: for f4 in "-DGCC_LINT" ; do #
GCC_LINT is mandatory
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
