On Apr 30 00:01, David Stacey wrote:
On 29/04/2015 19:13, Corinna Vinschen wrote:
On Apr 29 18:58, David Stacey wrote:
If there are no objections, I'd like to update our weekly Coverity scan to
use Coverity Analysis 7.6.0 (presently we're using 7.5.0). There should be
fewer false positives this week, but there might be some new coding defects
picked up also.
No worries here. Just go ahead.
Thanks. I'm running the analysis now using the same source code as last
week. So any differences we see in the analysis results will be down to
changes between Coverity Analysis 7.5.0 and 7.6.0. Results should be
available on the Coverity Scan website in a couple of hours.
I'll take a look at any new warnings tomorrow evening. If you have time to
take a look during the day then please let me know the numeric ID of any
issues you fix (or mark them as 'fix submitted') so we don't duplicate
effort.
Thanks. I had a quick look and CID 109854 is certainly a false positive
because it counts wrongly in the wide character case:
CHAR fmtbuf[10], *fmt = fmtbuf;
It knows wchar_t is 2 bytes at this point. Three time ++ means, 14
bytes left.
STRCPY (fmt, CQ(".*u"));
At this point, Coverity looks at the expression L".*u" and counts 4 bytes
per wide char in the string expression, which isn't true for us. The
string takes 8 bytes only.