Thanks for your email. We did review the klocwork warnings and found to be ignored.
However, if we need to submit any fixes in future, can we submit as part of Qt bug report for the findings through Klocwork? Best Regards, Ramakanth On Mon, 20 Jul, 2020, 00:18 Thiago Macieira, <[email protected]> wrote: > On Sunday, 19 July 2020 09:35:20 PDT Ramakanth Kesireddy wrote: > > Hi, > > > > There are 5 different CWEs of the below type thrown by Klocwork as > warnings > > in the below mentioned condition in findNext():- > > > > https://code.woboq.org/qt5/include/qt/QtCore/qiterator.h.html#144 > > inline bool findNext(const T &t) \ > > { while (const_iterator(n = i) != c->constEnd()) if (*i++ == t) > return > > true; return false; } \ > > > CWE-480:Use of Incorrect Operator > > http://cwe.mitre.org/data/definitions/480.html > > The use of i++ is intentional and correct. > > > CWE-481:Assigning instead of Comparing > > http://cwe.mitre.org/data/definitions/481.html > > The assignment of n = i is intentional and correct. > > > EXP45-C. Do not perform assignments in selection statements > > https://www.securecoding.cert.org/confluence/x/nYFtAg > > Yes, the code quality is poor. That's what happens when you want to write > short code in macros. > > > Please let me know if the assignment expression in conditional statements > > in findNext() could be ignored? > > You decided to run a code scanning / static analysis tool on Qt. Please > get > your own senior engineers to review the results. If your engineers are > uncertain, please post a detailed question (not like this email) on the > exact > issue and how the code should be fixed. > > And please submit the fixes you've needed to make. > > Qt is being scanned by a number of tools, including Coverity's public > scanning > of open source tools. Known issues are being fixed as quickly as possible. > The > latest releases (5.15) have all the fixes. > > -- > Thiago Macieira - thiago.macieira (AT) intel.com > Software Architect - Intel System Software Products > > > > _______________________________________________ > Interest mailing list > [email protected] > https://lists.qt-project.org/listinfo/interest >
_______________________________________________ Interest mailing list [email protected] https://lists.qt-project.org/listinfo/interest
