From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 18669 invoked from network); 26 Oct 2023 08:19:57 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 26 Oct 2023 08:19:57 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1698308398; b=KhA6LL0yaidkPsmF2TSceyVPxbhK/+TMTCjz+wf4S9IDLVZW6N8WeiT1rdyw0z8zj++e9uU2D0 55nAAOzzKaQ1MeglYoJAEzN/eaXeOmDWkorpHrcLCXMdQjP5F6QCFmo+ldZglRW2n8XWPTNz0O XRwtBlbM99nTmL6tt746EAgREvO9gsA4jjVb92x/59LctpVdFWRG3b0rl0rozEzQAIvY5lCcDU PbnAyNoEOuQYSz3eQjSdpJ20tCcwMSWqi6Chgs8r61g6A7LgcQ7YeALqCBr1jo8erqLkSkQLll 3i6pI8PU4awmfia/Ij+wgL/3Q9wrNwLu5xoDNtkrRfsc2g==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (mail-ed1-f43.google.com) smtp.remote-ip=209.85.208.43; dkim=pass header.d=gmail.com header.s=20230601 header.a=rsa-sha256; dmarc=pass header.from=gmail.com; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1698308398; bh=B2AzEM8ahL01TfO7UlyeslbrP0eNxITdakTe77TcgAE=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:Content-Type:Cc:To:Subject:Message-ID:Date:From:References: In-Reply-To:MIME-Version:DKIM-Signature:DKIM-Signature; b=cIBcFD5qX2gUpVi9HFh1Q9hST59k9xDTgnCHE9i9+L+TY93s4Y3GDHZctxccl8jZrYfmfIpCAq h+W07H0wAEq5gukF1X1pBsqSncCI1T2xTC/FdEEn5hPEvJhjyTurP02vl3EYyRWXBZAMFbZlB0 aoJqcHlDKGynzjzgncBeQBSCEYDkD9nwo2adBv8o03XN7WEQaRnP7WsEt3Kfy2XbnQpQ6y22Id WXPNL7z9bDu3Ioe/EzK/L7+FWDTD/XeG0Mzv3BPLLhYtukcLfpZsI6Szuu8BXuci902aublQal iv/CNuCrN4evVsCFIhWsQ4KkUTSCxleU5wynCy9xPMMxew==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Content-Type:Cc:To:Subject:Message-ID :Date:From:References:In-Reply-To:MIME-Version:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=5w/xw5KuVt4ue8ufKjuSbrMu+RDE5poLJCvY64MmPoY=; b=syorkIFnO7IkkvCoASi2HhjucI SAXBVnT3qSD3Cekd6yAMwB4klY6DMWuR1OwCbpeZEV7yHxqZ9uG+N9mZetojjaLkhVnjXWynpedTo KENiKkavgoLms+Rt3QivE4MvQ4ed9nJyi8V2zzSTQoEcJWcaKImPaxWtvMyZAYmU5/NrmDAeALy3z s+VyJ9PbkzhfMBaRgadBSWR/8oaVoii8IKGZTgRozejvZiXi43+Y+x+LDHanD2qDSQS3SrgbShRs+ Fvc4qvXZF8X07bLbWPd4XRaMJmXTJxDc6Rjoof9q3I/Co3gbdb3CKUmC8cc+q2ZH/Kfhngw8ySAFj nJnBOfZQ==; Received: by zero.zsh.org with local id 1qvvav-000IJI-3p; Thu, 26 Oct 2023 08:19:57 +0000 Authentication-Results: zsh.org; iprev=pass (mail-ed1-f43.google.com) smtp.remote-ip=209.85.208.43; dkim=pass header.d=gmail.com header.s=20230601 header.a=rsa-sha256; dmarc=pass header.from=gmail.com; arc=none Received: from mail-ed1-f43.google.com ([209.85.208.43]:61541) by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128) id 1qvva8-000I0D-Nk; Thu, 26 Oct 2023 08:19:09 +0000 Received: by mail-ed1-f43.google.com with SMTP id 4fb4d7f45d1cf-5406c099cebso848638a12.2 for ; Thu, 26 Oct 2023 01:19:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698308348; x=1698913148; darn=zsh.org; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=5w/xw5KuVt4ue8ufKjuSbrMu+RDE5poLJCvY64MmPoY=; b=a4FdpdzK/gbnahc/QSjHXWa3ZiklDlV5sC7lecY5z1xQPWFN3vnH65Fb1suSoL+98L mmX/M1BUydeC6mInajr7RwEikWv6hjBNVcyD7e1fujVmSOEfvSO2itvOWM+buKMDJxk1 hpnGQGewM4U4MIVc3mZ26X1eSFFTLCjzmfRtcZnBo06iioDpN9e6Nx3Y0oKoJpI7nVMI wCL78woIBD5XDEVyiqLUe1V1aWDOa4vGdsR95/xWkMbRM/9wzOfEENtV49gYpqwDC++Q zu3Po0FcEe/qby/3qLbOb6ApKTx7AP1JdT+WU5iDxXZnm+Z5V8SLff0vzFMn1ZiezykH aQkQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698308348; x=1698913148; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5w/xw5KuVt4ue8ufKjuSbrMu+RDE5poLJCvY64MmPoY=; b=rRwMnGqQiVSox4OLmZ7UDOnBzgzOiyoYrqHkarv87KEt1KkWn3s6g/paiXHmtl//Yf kjL5H5DW+yvFZNWjDtPWDfMk7j52/dQKqzGHCUDBySExwSpY2DLRHbaGHeeaHaXXjuLg GENoRLqzNyKKBUA7bBr/JrVBaDK2S/u0LbvMgCkcbQXbLNmmPsmY2KcRN3sS7TKN5Jxy 8AsdD7m0AAA6oKKrfnakdoE9Cpr6JHSEH/psCq3MvIHMdZaVAs+2adEdo8RZptTp/a5R PgY+YqRwoCm42UCk8J4bf60/QgxqlTPujg6omMncFblkypgpc7LJDALug6zL+iL202ju QUBA== X-Gm-Message-State: AOJu0YxTZ6NzGZUaoPo5jl2O6k1Iwo+Xhe8/4SMTPBoFI/VJI2IoLxrX AluRCWGFq6PnPXKynolEt2yMPDhVmYKBY9Zqv45C9RBe X-Google-Smtp-Source: AGHT+IHpbq6r1EyTsTLs0ALl+IWye4YPVbdReIGXIshn2KwnGE4pI9fkS6XKktHTUvWFsLJ6V1CRerhaG/M6AEKBUkw= X-Received: by 2002:a05:6402:3593:b0:53f:bab5:864b with SMTP id y19-20020a056402359300b0053fbab5864bmr14956936edc.16.1698308347926; Thu, 26 Oct 2023 01:19:07 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a05:7208:c0c9:b0:77:b33a:7b21 with HTTP; Thu, 26 Oct 2023 01:19:07 -0700 (PDT) In-Reply-To: References: From: Mikael Magnusson Date: Thu, 26 Oct 2023 10:19:07 +0200 Message-ID: Subject: Re: [PATCH] Fix a bunch of Coverity-reported defects To: Bart Schaefer Cc: Zsh hackers list Content-Type: text/plain; charset="UTF-8" X-Seq: 52246 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: , List-Subscribe: , List-Unsubscribe: , List-Post: List-Owner: List-Archive: On 10/26/23, Bart Schaefer wrote: > I triaged about 85 defects in the Coverity scan UI. The majority of > them were spurious, and I marked them "Ignore". One thing to keep in mind is it sometimes groups several "occurrences" of the same issue together, you can switch them with a combo box near the bottom right of the UI. (maybe a bit late to point this out now). I've sometimes noticed that the first instance is a false positive while one of the others are not, but that was years ago, maybe they've improved this. > There were 14 that I > felt worthy of small fixes; those are included in the patch below. I > believe that leaves 14 others where I wasn't confident of a fix; > several of them are in zftp, as I recall. > > A batch of the warnings that I ignored were assignments of one field > of a union to another field of the same union, e.g., a casted long > onto a double, etc., which elicited "overlapping copy" warnings. I'm > fairly confident we'd have seen things crashing by now if this wasn't > safe, but I mention it in case someone knows why it might be a > problem. > > One of those I did NOT fix is this, mentioned recently: > >> > *** CID 1547827: Null pointer dereferences (FORWARD_NULL) >> > /Src/Modules/pcre.c: 370 in bin_pcre_match() >> > >>> Passing null pointer "named" to "zpcre_get_substrings", which >> > >>> dereferences it. >> >> This is from Oliver's 51738 (PCRE's alternative DFA), I'm not going to >> interpret futher. > > Let me know if there's anything controversial here. I uploaded a new build to coverity with this patch applied and it seems to be happy with it. -- Mikael Magnusson