[FFmpeg-devel] [WIP] False positives on Coverity

Michael Niedermayer michael at niedermayer.cc
Thu Oct 17 00:23:39 EEST 2024 

On Mon, Aug 12, 2024 at 07:40:41PM +0200, Michael Niedermayer wrote:
> On Thu, Jul 25, 2024 at 04:41:26PM +0200, Michael Niedermayer wrote:
> > On Sat, Jul 13, 2024 at 01:20:23AM +0200, Michael Niedermayer wrote:
> > > On Fri, Jul 12, 2024 at 01:55:42AM +0200, Michael Niedermayer wrote:
> > > [...]
> > > > Only 7 outstanding remain from prior may. and 19 total. So 99% of issues
> > > 
> > > down to 3 outstanding prior may and 8 overall
> > > 
> > > 
> > > [...]
> > > > 1604599 Overflowed constant; intentional
> > > > 1604530 Infinite loop ; "intentional"
> > > > 700368 Explicit null dereferenced ; the loop will exit after this and the code cannot be reached
> > > > 1559187 Data race condition ; intentional
> > > > 1591898 Unsigned compared against 0 ; pollfd has a signed fd on some platforms
> > > > 1559180 Check of thread-shared field evades lock acquisition ; See source code
> > > 
> > > 4 more false positives:
> > > 1604428 Overflowed return value ; avio_tell() misanalysis
> > > 1604511 Overflowed constant ; intentional
> > > 1604570 Overflowed constant ; not possible
> > > 1591857 Resource leak ; I think this works like intended
> > 
> > Heres a CSV of the fate of the issues from the 22nd april outstanding set
> > (this should match the other things posted)
> > 
> > Some of the issues where categorized and or fixed by Andreas or possibly
> > other people. These are listed too now as far as it could be inferred
> > from git and coverity CSVs and various notes easily. Sadly coverity does
> > not export the usernames of people updating an entry in any CSV.
> > 
> > If you see any errors, dont hesitate to post corrections
> 
> Jonatas from SPI found some errors, so here are corrected files :)

Has anyone else done work on Coverity that is covered by the STF Coverity
Project and intends to sign the contracts and send an invoice ?

Iam asking because if noone else wants to claim any part of the coverity
project work, i will eventually send an invoice for the last remaining part
of the coverity work to SPI/STF.

thx

[...]


-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

He who knows, does not speak. He who speaks, does not know. -- Lao Tsu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20241016/53dc90a0/attachment.sig>

More information about the ffmpeg-devel mailing list