Coverity Scan - Externals

13 years ago by Rasmus Lerdorf — view source

unread

Coverity has run a new scan of trunk and there are a lot of valid
issues. You have probably noticed that I have started to fix some of
them, but there are 500+ to go, so I could use some help. The following
people already have Coverity accounts:

andi, antony, colder, derick, dmitry, helly, iliaa, jcogg, joey, kmori,
mike, nickpj, nlopess, phoddie, rui, sas, scottmac, sean, sesser, slif,
steph, tgoldstein, thiago, wez and zeev

If you would like to help out and you don't have an account, please send
me an email or catch me on irc and I will get you set up.

Once you have an account, go to:

http://scan.coverity.com/rung2.html

And click on the "Sign in" link next to PHP

If you start working on fixing one of these, please assign it to
yourself first within the Coverity UI so others will know.

-Rasmus

13 years ago by Scott MacVicar — view source

unread

Coverity has run a new scan of trunk and there are a lot of valid
issues. You have probably noticed that I have started to fix some of
them, but there are 500+ to go, so I could use some help. The following
people already have Coverity accounts:

andi, antony, colder, derick, dmitry, helly, iliaa, jcogg, joey, kmori,
mike, nickpj, nlopess, phoddie, rui, sas, scottmac, sean, sesser, slif,
steph, tgoldstein, thiago, wez and zeev

If you would like to help out and you don't have an account, please send
me an email or catch me on irc and I will get you set up.

Once you have an account, go to:

http://scan.coverity.com/rung2.html

And click on the "Sign in" link next to PHP

If you start working on fixing one of these, please assign it to
yourself first within the Coverity UI so others will know.

All these changes to PHP 5.3 scare me, I was hoping we'd see 5.3.7 released sooner but after all these changes I think we'll need some more RCs out.

Thoughts ilia?

13 years ago by Ilia Alshanetsky — view source

unread

Scott,

I've looked through most of the changes (some are even mine ;-) ) and
they seem to be fairly harmless initialization tweaks etc... As it
stands I think we should be in good shape to package 5.3.7 on Wed and
finally get it out of the door.

Coverity has run a new scan of trunk and there are a lot of valid
issues. You have probably noticed that I have started to fix some of
them, but there are 500+ to go, so I could use some help. The following
people already have Coverity accounts:

andi, antony, colder, derick, dmitry, helly, iliaa, jcogg, joey, kmori,
mike, nickpj, nlopess, phoddie, rui, sas, scottmac, sean, sesser, slif,
steph, tgoldstein, thiago, wez and zeev

If you would like to help out and you don't have an account, please send
me an email or catch me on irc and I will get you set up.

Once you have an account, go to:

http://scan.coverity.com/rung2.html

And click on the "Sign in" link next to PHP

If you start working on fixing one of these, please assign it to
yourself first within the Coverity UI so others will know.

All these changes to PHP 5.3 scare me, I was hoping we'd see 5.3.7 released sooner but after all these changes I think we'll need some more RCs out.

Thoughts ilia?

S

13 years ago by Joey Smith — view source

unread

Coverity has run a new scan of trunk and there are a lot of valid
issues. You have probably noticed that I have started to fix some of
them, but there are 500+ to go, so I could use some help. The following
people already have Coverity accounts:

andi, antony, colder, derick, dmitry, helly, iliaa, jcogg, joey, kmori,
mike, nickpj, nlopess, phoddie, rui, sas, scottmac, sean, sesser, slif,
steph, tgoldstein, thiago, wez and zeev

If you would like to help out and you don't have an account, please send
me an email or catch me on irc and I will get you set up.

Once you have an account, go to:

http://scan.coverity.com/rung2.html

And click on the "Sign in" link next to PHP

If you start working on fixing one of these, please assign it to
yourself first within the Coverity UI so others will know.

-Rasmus

A lot of the 'STACK_USE' ones seem to be false positives; it's reporting
when the stack "exceeds the maximum single use of 1024 bytes" - that 1024
is a Coverity-configurable value which defaults to 1024.

13 years ago by Rasmus Lerdorf — view source

unread

On 08/08/2011 11:45 PM, Joey Smith wrote

A lot of the 'STACK_USE' ones seem to be false positives; it's reporting
when the stack "exceeds the maximum single use of 1024 bytes" - that 1024
is a Coverity-configurable value which defaults to 1024.

Yup, we can simply mark those as intentional/ignore although it wouldn't
be a bad idea to have a quick look at each one to see if we really need
to chew up 1k of stack on each of those occasions. People using PHP in
embedded systems would appreciate that, I bet.

-Rasmus

13 years ago by Joey Smith — view source

unread

On 08/08/2011 11:45 PM, Joey Smith wrote

A lot of the 'STACK_USE' ones seem to be false positives; it's reporting
when the stack "exceeds the maximum single use of 1024 bytes" - that 1024
is a Coverity-configurable value which defaults to 1024.

Yup, we can simply mark those as intentional/ignore although it wouldn't
be a bad idea to have a quick look at each one to see if we really need
to chew up 1k of stack on each of those occasions. People using PHP in
embedded systems would appreciate that, I bet.

-Rasmus

Quite a few of the ones I looked at were reporting it due to MAXPATHLEN,
which I imagine we probably want to leave untouched - I'll just mark those
as intentional/ignore.