On Mon, Nov 02, 2020 at 07:54:14PM +0000, Peter Maydell wrote: > Currently QEMU's Coverity-Scan project has a bunch of unresolved > issues in code in dtc/ and also in slirp/. (I suspect most of them > are actually false-positives that got re-reported when we switched > to Meson and the filenames changed, or some similar event.) > > Do dtc and slirp as upstream projects already track Coverity issues > (in which case we can just close the issues in the QEMU tracker as > irrelevant, or do we need to investigate these and potentially > forward them into whatever upstream bug tracker is appropriate?
dtc is wired up to coverity_scan, and quite a few of the things it
caught were fixed a while back. I must admit I don't re-examine the
remaining warnings very frequently though. I *think* what's still
there are false positives, but I'm not super confident about that.
--
David Gibson | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_
| _way_ _around_!
http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature
