I was curious so I looked it up, the 2015 one is here http://sqlite.1065341.n5.nabble.com/Security-issues-in-SQLite-td81339.html but the 2014 one didn't get any replies.
The gist of it is that these static analysis tools generate a lot of false positives, so unless you can come up with a test case where the condition is triggered, it's probably not a real issue... On Tue, Aug 21, 2018, 7:53 PM Niall O'Reilly <niall.orei...@ucd.ie> wrote: > On 21 Aug 2018, at 10:14, Patricia Monteiro wrote: > > > I have been analyzing the latest version of SQLite (3.24.0) with several > > static analysis tools (Infer, Clang Static Analyzer, Cppcheck and > Predator) > > and after manually reviewing the code I have identified the following > > errors: > > Variants of this question crop up from time to time. > > Please look in the mailing-list archives for replies from Richard Hipp > dated > 22 January 2014 and 23 March 2015, sent in response to earlier similar > reports. > > Best regards, > > Niall O'Reilly > > > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users