Hello,
On Jun 23, 2011, at 10:55 , viktorTarasov wrote:
> Le 23/06/2011 09:43, martinpaljak a écrit :
>> You could as well write a comment one line above stating /* error ignored */
>> but that would again defeat the original issue: you don't check for an
>> error from a function that can normally fail, for example
>> SCARD_W_REMOVED_CARD or equivalent from the actual card communication (even
>> if the MF seleciton could be a shortcut to NOP)
>
> Sorry, you do not answered the question.
> Does it changed the coverity scan events?
The goal is not to trick Coverity scan into silencing a warning but to deal
with the possible issue, which is obvious:
"Calling function "sc_select_file" without checking return value (as is done
elsewhere 246 out of 258 times)."
(which means that 12 other notices on check_return also deal with
sc_select_file, like in mcrd_init where it is not checked, which is an issue
for me to *fix*, not silence)
Thus the actual fix could look something like this:
rv = sc_select_file(card, &path, NULL);
if (rv != SC_SUCCESS) {
return rv; /* or SC_ERROR_INTERNAL or SC_ERROR_SOMETHING */
}
The same applies to not silencing "unused parameter" warnings of OpenSC
internal API-s just to get rid of the warning, which is a valid attention
drawer, where the abundance of them should draw the attention of ineffective
internal design and one day trigger refactoring. Unlike external and API-s,
where the prototype of functions is fixed "in stone" for OpenSC, and there's
nothing which could be made inside OpenSC to make the warning go away. Getting
rid of warnings like this serves no other purpose than making you feel warm and
fuzzy while the actual problem (not the most appropriate internal design)
persists.
> How can I do it myself, please?
I'll look into automatic this during the LongWeekend of the holidays [1].
FYI, here's an interesting read on the "Toyota accelerating pedals" issue,
focusing on software [2]. They also used Coverity to scan the source code.
A generally interesting report to skim (and the blacked out areas can be read
with copypaste).
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/viktorTarasov/OpenSC/commit/4befa09c75fe54a2d71f267dcf1e10d5c3a117a4#commitcomment-444421
[1] http://en.wikipedia.org/wiki/St_John's_Day_(Estonia)
[2] http://cryptome.org/0004/nasa-toyota.zip
--
@MartinPaljak.net
+3725156495
--
@MartinPaljak.net
+3725156495
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
