In message ,
Erik Cederstrand wrote:
>As others have pointed out, 'too hard' can also mean 'too hard' to get
>someone with commit access to actually commit the patch and accept the
>risk of introducing new bugs. Case in point: I contributed this
>one-liner patch for ZFS found by Clang Analyz
Hi--
On Apr 24, 2014, at 3:58 AM, Ben Laurie wrote:
[ ... ]
>> It's worth noting that even if you believe that (e.g.) the clang static
>> analyzer isn't properly doing liveness analysis and misjudging whether
>> there's a dead assignment (writing to a variable which is never read), the
>> clan
On Thu, Apr 24, 2014 at 01:59:10PM +0200, Erik Cederstrand wrote:
> Den 24/04/2014 kl. 13.07 skrev Ronald F. Guilmette :
> >
> > Sir, does not the following trivial and obvious single line modification
> > to the above code eliminate the warning? And does it not do so *without*
> > the need for `
In message <546ce3a8-fc87-472f-8a63-0497d0d28...@cederstrand.dk>,
Erik Cederstrand wrote:
>I don't disagree with you, but rewriting 1000 if-else cases in single-threaded
>userland programs just so the analyzer understands them is 1) tedious and 2)
>bound to accidentally introduce at least 50 n
Den 24/04/2014 kl. 13.07 skrev Ronald F. Guilmette :
>
> In the post that you are replying to, I took issue with two prior assertions
> made by Mark Andrews, specifically (1) that some clang static analysis
> warnings are "false positives" and (2) that elimination some of them was
> "impossible".
In message <50ca7e78-bb5e-4872-a272-b7374627e...@cederstrand.dk>,
Erik Cederstrand wrote:
>Have a look at the ~10.000 reports at
>http://scan.freebsd.your.org/freebsd-head/
Whatever that is supposed to be, or to show, it appears to be down at the
moment.
:-(
Regards,
rfg
__
In message <50ca7e78-bb5e-4872-a272-b7374627e...@cederstrand.dk>,
Erik Cederstrand wrote:
>Silly things are reported like missing return at the end of main()
In the post that you are replying to, I took issue with two prior assertions
made by Mark Andrews, specifically (1) that some clang stat
On 23 April 2014 20:14, Charles Swiger wrote:
> Hi--
>
> On Apr 23, 2014, at 3:06 AM, Erik Cederstrand
> wrote:
>> Den 23/04/2014 kl. 03.12 skrev Ronald F. Guilmette :
> [ ... ]
>>> I do imagine that the truth or falsehood of your assertion may depend
>>> quite substantally on what one does or d
In message
Ben Laurie wrote:
>So where are your patches to fix these issues?
Moi?
Sorry. I'm confused. Was there something (anything) in or amongst
the comments I made have could have been construed or interpreted to
indicate that I personally was able to devote time to bugfixing on
these s
On 04/24/14 08:33, Erik Cederstrand:
we need some way of marking them as false positive or wontfix, so the effort
isn't duplicated. Out of the 10.000 reports, a conservative guess is that at
least 100 of them are real security issues
A year ago, I did a raid on reports about not checking the
Hi,
Recently, I noticed a vulnerability in the gnutls package:
gnutls-2.12.23_3 multiple certificate verification issues
Shown here:
http://portaudit.freebsd.org/f645aa90-a3e8-11e3-a422-3c970e169bc2.html
Now, however, this vulnerability message is not found after running "pkg
audit gnutls-2.
11 matches
Mail list logo
