Details

    • New Feature
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • 3.1.6
    • 3.1.8
    • Internal
    • All

    Description

      During covscan fixing I've ran into some IMHO false-possitives, and I need some verification from you, because I want to let covscan team know about them, so next time they are ignored.

      You can find false-possitives in attached file.

      Link on PR:
      https://gitlab.cee.redhat.com/covscan/defect-blacklist/merge_requests/3

      Thanks for cooperation
      Lukas

      Attachments

        Activity

          georg Georg Richter added a comment -

          Hi Lukas,

          the link doesn't work for me.

          georg Georg Richter added a comment - Hi Lukas, the link doesn't work for me.

          Yes it's internal repo, but I've attached the same file here so you can see it there

          Also I would like to ask if I can add some coverity annotations in some specific cases. It will help next time, so covscan doesn't need to check those false-possitives

          ljavorsk Lukas Javorsky added a comment - Yes it's internal repo, but I've attached the same file here so you can see it there Also I would like to ask if I can add some coverity annotations in some specific cases. It will help next time, so covscan doesn't need to check those false-possitives
          ljavorsk Lukas Javorsky added a comment - - edited

          Also this one is no more needed:

          Error: NO_EFFECT (CWE-398):
          mariadb-connector-c-3.1.6-src/libmariadb/ma_stmt_codec.c:984: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset((void *)buff, 48, field->length - length)".
          mariadb-connector-c-3.1.6-src/libmariadb/ma_stmt_codec.c:984: remediation: Did you intend to use 0 (the value zero)?
          #  982|          ma_bmove_upp(buff + field->length, buff + length, length);
          #  983|          /* coverity [bad_memset] */
          #  984|->        memset((void*) buff, (int) '0', field->length - length);
          #  985|          length= field->length;
          #  986|        }
           
          #############################################
          # IMHO this was intentional, so it's not bad
          #############################################
          

          There was a little mistake in annotation, there cannot be space between "coverity" and "["
          It's fixed now

          ljavorsk Lukas Javorsky added a comment - - edited Also this one is no more needed: Error: NO_EFFECT (CWE-398): mariadb-connector-c-3.1.6-src/libmariadb/ma_stmt_codec.c:984: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset((void *)buff, 48, field->length - length)". mariadb-connector-c-3.1.6-src/libmariadb/ma_stmt_codec.c:984: remediation: Did you intend to use 0 (the value zero)? # 982| ma_bmove_upp(buff + field->length, buff + length, length); # 983| /* coverity [bad_memset] */ # 984|-> memset((void*) buff, (int) '0', field->length - length); # 985| length= field->length; # 986| }   ############################################# # IMHO this was intentional, so it's not bad ############################################# There was a little mistake in annotation, there cannot be space between "coverity" and "[" It's fixed now

          Yes I've noticed, also there are 2 more mistakes like that. And I've put a commit into mine covscan-fix PR on github already.

          If you could review it, that would be awesome
          Link: https://github.com/mariadb-corporation/mariadb-connector-c/pull/126

          ljavorsk Lukas Javorsky added a comment - Yes I've noticed, also there are 2 more mistakes like that. And I've put a commit into mine covscan-fix PR on github already. If you could review it, that would be awesome Link: https://github.com/mariadb-corporation/mariadb-connector-c/pull/126
          georg Georg Richter added a comment -

          Issue was closed by PR #126 in 3.1.8

          georg Georg Richter added a comment - Issue was closed by PR #126 in 3.1.8

          People

            georg Georg Richter
            ljavorsk Lukas Javorsky
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.