On Thu, Jan 02, 2014 at 13:32:57 -0500, Rahul Sundaram wrote:
> Hi
>
> On Thu, Jan 2, 2014 at 6:43 AM, Martin Milata wrote:
>
> > You might be interested in mock-with-analysis [1], mock wrapper that can
> > run several static analyzers on unmodified SRPMs and extract the results
> > in machine-re
Hi
On Thu, Jan 2, 2014 at 6:43 AM, Martin Milata wrote:
> You might be interested in mock-with-analysis [1], mock wrapper that can
> run several static analyzers on unmodified SRPMs and extract the results
> in machine-readable format.
>
> Martin
>
> [1] https://github.com/fedora-static-analysis
On Mon, Dec 30, 2013 at 15:58:18 +0200, Ville Skyttä wrote:
> On Sat, Dec 28, 2013 at 7:30 AM, Rahul Sundaram wrote:
> > I ended up running scan-build from clang-analyzer and found
> > more memory leaks, null pointer deferences and other issues that cppcheck
> > doesn't find. I am going to try and
Hi
On Tue, Dec 31, 2013 at 5:57 AM, Ville Skyttä wrote:
>
> Added to https://fedoraproject.org/wiki/User:Scop/MockTips
>
Can you move all that info into a central location?
https://fedoraproject.org/wiki/Using_Mock_to_test_package_builds
Also, some of those tips can be converted into RFE's t
On Mon, Dec 30, 2013 at 6:38 PM, Rahul Sundaram wrote:
> Hi
>
> On Mon, Dec 30, 2013 at 8:58 AM, Ville Skyttä wrote:
>>
>> By the way, I also took a look into how scan-build could be run in
>> mock builds without modifying the source packages at all, and with
>> minimal mock config modifications.
Hi
On Mon, Dec 30, 2013 at 8:58 AM, Ville Skyttä wrote:
> By the way, I also took a look into how scan-build could be run in
> mock builds without modifying the source packages at all, and with
> minimal mock config modifications. What I came up with so far is this
> fugly hack which appears to
On Sat, Dec 28, 2013 at 7:30 AM, Rahul Sundaram wrote:
> I ended up running scan-build from clang-analyzer and found
> more memory leaks, null pointer deferences and other issues that cppcheck
> doesn't find. I am going to try and send in some patches if I can.
Me too. In many cases I didn't even
Hi
On Sun, Dec 22, 2013 at 9:46 AM, Till Maas wrote:
> On Tue, Dec 17, 2013 at 12:17:00PM -0500, Rahul Sundaram wrote:
>
> > In the last few days, I have been running cppcheck on quite a few
> programs
> > including systemd, transmission, libvirt, ndjbdns etc and cppcheck has
> > found real and
On Tue, Dec 17, 2013 at 12:17:00PM -0500, Rahul Sundaram wrote:
> In the last few days, I have been running cppcheck on quite a few programs
> including systemd, transmission, libvirt, ndjbdns etc and cppcheck has
> found real and potential bugs (null pointer dereferences, uninitialized
> variabl
Am 18.12.2013 19:47, schrieb Ondrej Vasik:
> On Wed, 2013-12-18 at 19:00 +0100, Reindl Harald wrote:
seucrity by obscurity is dumb, did never work and will never work
>>>
>>> Btw. you can check how it worked for the project where both RH and
>>> upstream were WILLING to work on the report an
On Wed, 2013-12-18 at 19:00 +0100, Reindl Harald wrote:
> Am 18.12.2013 18:54, schrieb Ondrej Vasik:
> > On Wed, 2013-12-18 at 16:47 +0100, Reindl Harald wrote:
> >> Am 18.12.2013 16:37, schrieb Dave Jones:
> >>> On Wed, Dec 18, 2013 at 09:12:06AM +0100, Ondrej Vasik wrote:
> >>>
> >>> > Publishin
Am 18.12.2013 18:54, schrieb Ondrej Vasik:
> On Wed, 2013-12-18 at 16:47 +0100, Reindl Harald wrote:
>> Am 18.12.2013 16:37, schrieb Dave Jones:
>>> On Wed, Dec 18, 2013 at 09:12:06AM +0100, Ondrej Vasik wrote:
>>>
>>> > Publishing them is a bit tricky - I can of course publish them (we scan
>>>
On Wed, 2013-12-18 at 16:47 +0100, Reindl Harald wrote:
> Am 18.12.2013 16:37, schrieb Dave Jones:
> > On Wed, Dec 18, 2013 at 09:12:06AM +0100, Ondrej Vasik wrote:
> >
> > > Publishing them is a bit tricky - I can of course publish them (we scan
> > > with cppcheck, enhanced gcc warnings, clang
On Wed, 2013-12-18 at 10:37 -0500, Dave Jones wrote:
> On Wed, Dec 18, 2013 at 09:12:06AM +0100, Ondrej Vasik wrote:
>
> > Publishing them is a bit tricky - I can of course publish them (we scan
> > with cppcheck, enhanced gcc warnings, clang and coverity) - but the
> > reports may contain some
Hi
On Wed, Dec 18, 2013 at 4:39 AM, Maciek Borzecki wrote:
> Have you been able to compare cppcheck with clang's static-analyzer?
> Both issues that you managed to identify should have been found by
> clang as well.
>
clang and cppcheck has some overlap but sometimes finds issues that the
other
Am 18.12.2013 16:37, schrieb Dave Jones:
> On Wed, Dec 18, 2013 at 09:12:06AM +0100, Ondrej Vasik wrote:
>
> > Publishing them is a bit tricky - I can of course publish them (we scan
> > with cppcheck, enhanced gcc warnings, clang and coverity) - but the
> > reports may contain some attack vect
On Wed, Dec 18, 2013 at 09:12:06AM +0100, Ondrej Vasik wrote:
> Publishing them is a bit tricky - I can of course publish them (we scan
> with cppcheck, enhanced gcc warnings, clang and coverity) - but the
> reports may contain some attack vectors - and for inactive packages, it
> would only s
On Tue, Dec 17, 2013 at 6:17 PM, Rahul Sundaram wrote:
> Hi
>
> In the last few days, I have been running cppcheck on quite a few programs
> including systemd, transmission, libvirt, ndjbdns etc and cppcheck has
> found real and potential bugs (null pointer dereferences, uninitialized
> variables
On Wed, 2013-12-18 at 09:12 +0100, Ondrej Vasik wrote:
> On Tue, 2013-12-17 at 13:17 -0500, Rahul Sundaram wrote:
> > Hi
> >
> >
> > On Tue, Dec 17, 2013 at 12:47 PM, Daniel P. Berrange wrote:
> >
> > The issues reported against libvirt all appear to be false
> > positives.
> >
On Tue, 2013-12-17 at 13:17 -0500, Rahul Sundaram wrote:
> Hi
>
>
> On Tue, Dec 17, 2013 at 12:47 PM, Daniel P. Berrange wrote:
>
> The issues reported against libvirt all appear to be false
> positives.
> Not entirely surprising since we already have coverity run
>
Hi
On Tue, Dec 17, 2013 at 4:34 PM, Tomas Hozza wrote:
> Publishing scan results for all Fedora packages might not be very good
> idea,
> since the static analysis can find issues with possible security impact.
>
Sure and if someone wants to understand that security impact inorder to
exploit t
- Original Message -
> Hi
>
>
> On Tue, Dec 17, 2013 at 12:47 PM, Daniel P. Berrange wrote:
>
>
> The issues reported against libvirt all appear to be false positives.
> Not entirely surprising since we already have coverity run against
> libvirt code nightly.
>
> Thanks for the quick
On Tue, Dec 17, 2013 at 01:17:14PM -0500, Rahul Sundaram wrote:
> Hi
>
>
> On Tue, Dec 17, 2013 at 12:47 PM, Daniel P. Berrange wrote:
>
>
> > The issues reported against libvirt all appear to be false positives.
> > Not entirely surprising since we already have coverity run against
> > libvirt
Hi
On Tue, Dec 17, 2013 at 12:47 PM, Daniel P. Berrange wrote:
> The issues reported against libvirt all appear to be false positives.
> Not entirely surprising since we already have coverity run against
> libvirt code nightly.
>
Thanks for the quick response.Does Red Hat run it only for p
On Tue, Dec 17, 2013 at 12:17:00PM -0500, Rahul Sundaram wrote:
> Hi
>
> In the last few days, I have been running cppcheck on quite a few programs
> including systemd, transmission, libvirt, ndjbdns etc and cppcheck has
> found real and potential bugs (null pointer dereferences, uninitialized
>
Hi
On Tue, Dec 17, 2013 at 12:36 PM, Dan Williams wrote:
> On Tue, 2013-12-17 at 12:17 -0500, Rahul Sundaram wrote:
> > Hi
> >
> > In the last few days, I have been running cppcheck on quite a few
> programs
> > including systemd, transmission, libvirt, ndjbdns etc and cppcheck has
> > found r
On Tuesday, December 17, 2013 11:36:26 AM Dan Williams wrote:
> > In the last few days, I have been running cppcheck on quite a few programs
> > including systemd, transmission, libvirt, ndjbdns etc and cppcheck has
> > found real and potential bugs (null pointer dereferences, uninitialized
> > va
On Tue, 2013-12-17 at 12:17 -0500, Rahul Sundaram wrote:
> Hi
>
> In the last few days, I have been running cppcheck on quite a few programs
> including systemd, transmission, libvirt, ndjbdns etc and cppcheck has
> found real and potential bugs (null pointer dereferences, uninitialized
> variabl
Hi
In the last few days, I have been running cppcheck on quite a few programs
including systemd, transmission, libvirt, ndjbdns etc and cppcheck has
found real and potential bugs (null pointer dereferences, uninitialized
variables, memory & resource leaks etc) in each of them. I have reported
th
29 matches
Mail list logo
