On Sun, 18 Dec 2016, Giuseppe D'Angelo wrote: > It occured to me that PCRE2 is not on Coverity Scan. As I uploaded a > build of PCRE2 as part of Qt, Coverity raised a bunch of issues in its > code. I can't judge if they're false positives.
Did you upload the current head or the previous release? The current head has had a number of issues fixed as a result of ongoing fuzzing testing by at least two groups. > Do you think > > * it's worth to have a pcre2 project on Coverity? I don't know enough (anything :-) about Coverity to answer that question. What issues did it raise? > * it's worth to set up regular scans of it? I can do it weekly. If the issues raised are real, then it probably is worth it. > Note that there's already a pcre project [1], which seems to be > unused. We might just reuse that, but I need permissions to upload > builds there. > > [1] https://scan.coverity.com/projects/pcre?tab=overview As I don't have a Coverity account, I can't see that (and I don't think it's work creating an account myself). Philip -- Philip Hazel -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
