On Wed, Jul 20, 2016 at 10:33 PM, Andy Chu <[email protected]> wrote: >>> Feel free to run it. I've never had much interest in false positive >>> generators myself. > > I also have to point out the insanity of this statement, because ASAN > found a bug that YOU INTRODUCED on top of my code, in expr.c.
i think some of the static analyzers have really pissed in the pool here... even as someone who's a supporter of "all the help we can get", something like clang-tidy, for example, seems to be mostly noise[*]. i don't think it's clear to folks who aren't already using the sanitizers that they're fundamentally different. [of course, judging a static analyzer on a mature codebase is always tricky, because the chances are you've found and fixed the most interesting stuff already.] > I sent you a correct patch to free memory in expr.c. You ignored my > patch because you were refactoring already, and introduced a bug (use > after free I think). I sent you demonstration of ASAN finding your > bug. You didn't apply the correct patch or the ASAN patches. The bug > is still in the tree AFAIK. > > expr is in pending, but ships on Android. > > I hope that was clear! I thought you were just busy, but I think you > never really understood what I was saying and what the tools do. If > there were any parts of my messages that weren't clear, I'm happy to > clarify. > > Andy > _______________________________________________ > Toybox mailing list > [email protected] > http://lists.landley.net/listinfo.cgi/toybox-landley.net -- Elliott Hughes - http://who/enh - http://jessies.org/~enh/ Android native code/tools questions? Mail me/drop by/add me as a reviewer. _______________________________________________ Toybox mailing list [email protected] http://lists.landley.net/listinfo.cgi/toybox-landley.net
