Hi Bruno, On 5/20/24 12:40 PM, Bruno Haible wrote: >> Interesting. I just learned what a Coverity scan is. Do I have to have >> permission to view the defects? > > I think one needs permission to view and classify these defects, yes. > But it's more boring than anything else, since more than 90% are false > alarms. So, if you don't mind, it's sufficient if Paul and I view and > classify these defects.
I see. That is fine with me. I can see that a lot of them are "CWE-676: Use of Potentially Dangerous Function", which seems more annoying then helpful. I imagine it is just a bunch of <string.h> functions that are mostly fine. > If you really want to do something boring, you could review > 'gcc -fanalyzer' reports (which is something Paul and I occasionally > do as well) or 'clang -fanalyzer' reports (which neither of us has done > so far, AFAIK). I use 'gcc -fanalyzer' occasionally. I wasn't aware that clang supported it too. Collin
