Hi Ilya, On Tue, Oct 02, 2018 at 09:16:23AM +0500, ???? ??????? wrote: > this one was found by automation, i.e. coverity. > I see haproxy was added to coverity in 2015 and builds were not submitted > since 2015. > > shall we send builds, for example monthly ?
It's as you want, the only thing is that I don't want to be the one having to validate these reports. I accepted to try it by being strongly encouraged while already convinced of the huge amount of false positives to expect, and the first report I looked at was filled with 20 false positives among the first 20 issues, so I stopped looking at it. It already takes a lot of time to work on real bugs, working on fake ones imagined by a tool which doesn't know how the code is used is even worse because it's demotivating. So this is the limit I'm setting. > (there are several more null pointer dereferences, expect patches from me) OK. In addition, I really want to have in the commit messages an analysis of the real world cases where these bugs might trigger, because either they are possible and we should document it to help people facing these issues, or they can't happen and we're just sabottaging the code to silence a tool and this is not acceptable. Thanks! Willy
