On Wed, 2006-08-16 at 21:20 +0200, Johannes Sixt wrote: > On Wednesday 16 August 2006 20:07, m h wrote: > > Ok, so in the meantime I used 2.0 for a little bit more and (got so > > frustrated with silly crashes that I) pulled out valgrind. Amazingly > > there were cases where it didn't crash when running under valgrind, > > that would immediatley crash otherwise. > > > > So I'm volunteering myself to work with these scanning companies if > > they accept (in fact I've already sent them proposals). I'm haven't > > done C++ in years (mostly using python and java), but I think this > > will be a worthwhile way to improve the stability of cinelerra. > > > > What I need from the core maintainers is help and advice. I already > > recieved a response from klockwork. They want to know if I'm a > > maintainer, since I'm not, but am willing to shoulder these tasks, > > I'll need some sponsership from a maintainer. Also will need advice > > regarding what to scan, etc (ie, I think we should scan a pre 2.1 > > merge, because the stability of the merged version could still be in > > question....). > > Matt, > > thanks for taking the initiative. > > There's a problem with this automatic tests: They are geared to find security > flaws. But, frankly, security is of little concern for Cinelerra. > > As Andraž has pointed out, there will be a lot of uninteresting bugs (like > arrays of BC_TEXTLEN being filled with user input). I don't feel like fixing > them because it's unlikely that they will flow upstream. > > The most interesting cases are missing or incorrect locking. _If_ the testing > can find such bugs, and _if_ it can ignore (*) the forest of uninteresting > flaws, it will be worth every penny and you have my support. > > (*) i.e. there is some means to filter them easily from the reports; plus > klocwork will not feel abused because we don't fix these bugs.
actually there might be some off-by-one errors and missing null-pointer checks that can be found using these tools and are worthwhile to fix. however they will probably drown in an ocean of 'uninteresting' bugs... this could indeed be a problem bye andraz _______________________________________________ Cinelerra mailing list [email protected] https://init.linpro.no/mailman/skolelinux.no/listinfo/cinelerra
