Re: [openssl-project] coverity defect release criteria (Fwd: New Defects reported by Coverity Scan for openssl/openssl)

2018-09-10 Thread Tim Hudson
On Mon, Sep 10, 2018 at 8:44 AM, Matt Caswell wrote: > As far as the release criteria go we only count the ones shown in the > Coverity tool. That's not to say we shouldn't fix issues in the tests as > well (and actually I'd suggest we stop filtering out problems in the > tests if anyone knows

Re: [openssl-project] coverity defect release criteria (Fwd: New Defects reported by Coverity Scan for openssl/openssl)

2018-09-10 Thread Kurt Roeckx
On Sun, Sep 09, 2018 at 11:44:33PM +0100, Matt Caswell wrote: > > As far as the release criteria go we only count the ones shown in the > Coverity tool. That's not to say we shouldn't fix issues in the tests as > well (and actually I'd suggest we stop filtering out problems in the > tests if

Re: [openssl-project] coverity defect release criteria (Fwd: New Defects reported by Coverity Scan for openssl/openssl)

2018-09-09 Thread Dr. Matthias St. Pierre
> > *** CID 1439137: Integer handling issues (NEGATIVE_RETURNS) > > work in progress... > > I think this one may be a false positive -- it's worried that EVP_MD_size() > will return -1, but we've essentially already validated that the md is > valid by the time we get there. I didn't do a

Re: [openssl-project] coverity defect release criteria (Fwd: New Defects reported by Coverity Scan for openssl/openssl)

2018-09-09 Thread Benjamin Kaduk
liche Nachricht- > > Von: openssl-project Im Auftrag von > > Benjamin Kaduk > > Gesendet: Sonntag, 9. September 2018 18:04 > > An: openssl-project@openssl.org > > Betreff: [openssl-project] coverity defect release criteria (Fwd: New > > Defects reported by C

Re: [openssl-project] coverity defect release criteria (Fwd: New Defects reported by Coverity Scan for openssl/openssl)

2018-09-09 Thread Dr. Matthias St. Pierre
ptember 2018 18:04 > An: openssl-project@openssl.org > Betreff: [openssl-project] coverity defect release criteria (Fwd: New Defects > reported by Coverity Scan for openssl/openssl) > > I see that Matthias has opened pull requests for a couple of these already; > are you pla

Re: [openssl-project] coverity defect release criteria (Fwd: New Defects reported by Coverity Scan for openssl/openssl)

2018-09-09 Thread Dr. Matthias St. Pierre
this is a false positive. Matthias > -Urspr√ľngliche Nachricht- > Von: openssl-project Im Auftrag von > Benjamin Kaduk > Gesendet: Sonntag, 9. September 2018 18:04 > An: openssl-project@openssl.org > Betreff: [openssl-project] coverity defect release criteria (Fwd: New D

[openssl-project] coverity defect release criteria (Fwd: New Defects reported by Coverity Scan for openssl/openssl)

2018-09-09 Thread Benjamin Kaduk
I see that Matthias has opened pull requests for a couple of these already; are you planning to work through the rest of them as well? -Ben On Sun, Sep 09, 2018 at 09:28:12AM +, scan-ad...@coverity.com wrote: > Hi, > > Please find the latest report on new defect(s) introduced to