[CONC-453] Covscan false-possitives verification Created: 2020-02-06  Updated: 2023-12-22

Status: Stalled
Project: MariaDB Connector/C
Component/s: None
Affects Version/s: 3.1.6
Fix Version/s: None

Type: New Feature Priority: Minor
Reporter: Lukas Javorsky Assignee: Georg Richter
Resolution: Unresolved Votes: 0
Labels: covscan
Environment:

All

Attachments: File ignore.err    

 Description   

During covscan fixing I've ran into some IMHO false-possitives, and I need some verification from you, because I want to let covscan team know about them, so next time they are ignored.

You can find false-possitives in attached file.

Link on PR:
https://gitlab.cee.redhat.com/covscan/defect-blacklist/merge_requests/3

Thanks for cooperation
Lukas

 Comments   
Comment by Georg Richter [ 2020-02-06 ]

Hi Lukas,

the link doesn't work for me.

Comment by Lukas Javorsky [ 2020-02-07 ]

Yes it's internal repo, but I've attached the same file here so you can see it there

Also I would like to ask if I can add some coverity annotations in some specific cases. It will help next time, so covscan doesn't need to check those false-possitives

Comment by Lukas Javorsky [ 2020-02-07 ]

Also this one is no more needed:

Error: NO_EFFECT (CWE-398):
 
mariadb-connector-c-3.1.6-src/libmariadb/ma_stmt_codec.c:984: bad_memset: Function "memset" with fill value "'0'" (the zero character) in "memset((void *)buff, 48, field->length - length)".
 
mariadb-connector-c-3.1.6-src/libmariadb/ma_stmt_codec.c:984: remediation: Did you intend to use 0 (the value zero)?
 
#  982|          ma_bmove_upp(buff + field->length, buff + length, length);
 
#  983|          /* coverity [bad_memset] */
 
#  984|->        memset((void*) buff, (int) '0', field->length - length);
 
#  985|          length= field->length;
 
#  986|        }
 
 
 
#############################################
 
# IMHO this was intentional, so it's not bad
 
#############################################

There was a little mistake in annotation, there cannot be space between "coverity" and "["
It's fixed now

Comment by Lukas Javorsky [ 2020-02-13 ]

Yes I've noticed, also there are 2 more mistakes like that. And I've put a commit into mine covscan-fix PR on github already.

If you could review it, that would be awesome
Link: https://github.com/mariadb-corporation/mariadb-connector-c/pull/126

Generated at Thu Feb 08 03:05:25 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.