----- Original Message ----- > Just to mention, I just ran Coverity on the current HEAD of > origin/master. And the results are available. > > I'm not sure how coverity works, but it seems to provide new errors > every time even on code that hasn't been touched between two scans. > Anyways, it provides us with a HUGE bunch of areas where code cleanup > would be appreciated.
I'm not sure how it works on the scan.coverity.com. We (@ Red Hat) have our own wrappers around Coverity and format of the scan results. However we are mostly scanning Source RPMs. > On Tue, Jul 29, 2014 at 6:33 PM, Darshit Shah <[email protected]> wrote: > > Hi Thomas, > > > > I have a coverity scan setup for Wget already[1]. I'll give you access > > to it, if you send a request. I manually request a coverity scan every > > few weeks. I've been meaning to set up an automated scan through my > > mirror of Wget on GutHub, but never really got around to it. Daniel > > Haxx, maintainer of Curl, has also kindly set up a (daily?) static > > analysis of Wget using LLVM/Clang which is publicly accessible from: > > http://daniel.haxx.se/wget/ > > > > However, the memory leaks I fixed were found by running the new Python > > based test suite located in testenv/ through valgrind. I recently > > merged the test suite into master and the README file as well as the > > email contains information about running all the tests through > > valgrind. > > > > [1]: https://scan.coverity.com/projects/555?tab=overview It's good to know that wget is participating in the Coverity OSS scanning initiative. I won't have to duplicate the effort. Having a spare time in the future, I'll request the access. I would not have time for it right now. Thanks for the information. > > On Tue, Jul 29, 2014 at 6:13 PM, Tomas Hozza <[email protected]> wrote: > >> ----- Original Message ----- > >>> Hi, > >>> > >>> I found and plugged around 5 memory leaks in Wget in various HTTP > >>> related code paths. The patch file is attached. IN the next couple of > >>> days I'll run the updated version of the code base through a static > >>> analyzer, just to be sure this doesn't break anything. However, in my > >>> limited testing, none of the changes broke anything. > >> > >> Hi Darshit. > >> > >> In my TODO I have "scan wget with Coverity static analyzer" for some > >> time, but didn't have time to do it so far. What static analyzer do you > >> use? I can scan wget with Coverity and share the results publicly if > >> you'd like. > >> > >> Regards, > >> -- > >> Tomas Hozza > >> Software Engineer - EMEA ENG Developer Experience > >> > >> PGP: 1D9F3C2D > >> Red Hat Inc. http://cz.redhat.com > > > > > > > > -- > > Thanking You, > > Darshit Shah > > > > -- > Thanking You, > Darshit Shah > Regards, -- Tomas Hozza Software Engineer - EMEA ENG Developer Experience PGP: 1D9F3C2D Red Hat Inc. http://cz.redhat.com
