Yo Hal!
On Thu, 23 Jan 2025 14:25:53 -0800
Hal Murray via devel <devel@ntpsec.org> wrote:
> [Another exchange that got droped from @devel]
>
> Gary said:
> > I'm not a fan of suppressing warnings. Especially one I agree
> > with.
>
> Right. But I don't agree with this one and I consider your suggested
> fix to be too ugly. It's doubling the size of the relevant code
> block and makes it harder to understand what's going on.
Uh, I merely suggested the direction to a valid fix. My code was
inteded to show off where the bug is, not to be an elegant fix. Since
you claimed it was a bug in Coverity, I showed it is UB in ntpsec code.
I'm sure it can be done way better. Once you realize what the UB is.
gcc has said they will soon make UB a warning. So fix it now, or fix it
later.
> We currently have 28 places that squish Coverity warnings.
Ugh.
> Several are reminding us that random() isn't good enough for crypto.
Yeah, I hate those. That is OK ti over ride.
> It would be neat to double check them and see how many are still
> needed and/or update the comment with a Coverity number. I don't
> know my way around Coverity and/or gitlab very well. Can somebody
> give me a quick lesson. How do I clone our code, make my changes,
> then get Coverity to run on my new code?
Beats me. I think James has a handle on that.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can't measure it, you can't improve it." - Lord Kelvin
_______________________________________________
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel
