Hi, On 07-02-17 09:45, Илья Шипицин wrote: > I have a question (sorry if I couldn't check myself): did you check that > SSL_get_privatekey() and SSL_free() won't crash when ssl is NULL ? > > what if we involve clang static analyzer for such things ? can we count > on it ? > > it is capable of detecting "Argument with 'nonnull' attribute passed null" > > and, as I can see, after applying patch it didn't find new issues > > http://chipitsine.github.io/without-patch/ > http://chipitsine.github.io/with-patch/ > > > also, it might be even automated, run clang static analyzer before and > after applying patch and compare the result
Static analyzers are useful, but do not and probably never will replace review by someone who knows the code. They complement each other; neither will detect all mistakes. In relation to that, please stop making statements like 'it passes travis, so the patch must be okay'. That's pertinently not true. -Steffan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
