[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
OT coverity scan of qmail -- 53 potential defects (with false positives)
- From: Georgi Guninski <guninski AT guninski.com>
- Subject: OT coverity scan of qmail -- 53 potential defects (with false positives)
- Date: Sun, 1 Jul 2018 19:05:51 +0300
- Arc-authentication-results: i=1; mx.google.com; spf=pass (google.com: domain of cypherpunks-bounces AT lists.cpunks.org designates 65.50.255.19 as permitted sender) smtp.mailfrom=cypherpunks-bounces AT lists.cpunks.org
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:header:content-disposition :mime-version:message-id:subject:to:from:date:delivered-to :arc-authentication-results; bh=JBXAmWa+uPktsyIWaEYJVmRKDvQ4iIVpK4X40uCdmUc=; b=k/LkUdoe0fg/82Xwzsn0hWC3Q0vVDADma9TcMKIZea1Bq7siHQALXC8ti8AYgjEeT6 MoUUnR0ebi/oeU5AkoSztM0lOjImgFlIuj+E3MC5ViktIYFBA99x1semS9eNR5OlS4zD lRGlKDtBpywYqfJQasfg3z/14wbjDw6XDK6Nsl9IEvOmKIxCQiaQAU7SKGBRFrBA6Ue3 vQmdzLQFHWnghe7CDG4ai14kTgePuO28uQ/ulCnqjpAtbvYjznc8tbbBA970dqq5kNKa u5S303GGwYPPZjavz/KK4apKSFEZ6mDGji5t4dB9IgWH3nm4lT6aK4CzoaC8tkP0le0N nXWQ==
- Arc-seal: i=1; a=rsa-sha256; t=1530461187; cv=none; d=google.com; s=arc-20160816; b=doJ9pSwa3KaSGj377ydeh6cXqVBIYFh4Lbas1dnegWpiRUAIOy4jFrLScwEdUte+nY OfZVEIb05Y2uB46tMknAm9AXVig7OY318boRQ2Ty/68D4KD6ryZwS+CfSyIgBmbW59/R tA+6gSrAWQMLx/IWYN1PmppuoX4vCtO1EeQrOJPzfbKGYEGiAthms78if3K4ng3ulyXQ Xp2q/ZfSH1A5JbRGFJsSSKaWGTvAZZ8nx1U5+7tKG0cXW24XTpKJ3cHOKItexEAetocw 4SUrWriseCSMKhEXHUEFciKdzu6QCkPFBeBRosW6b48jIE4qf0nczvnihMcnpoIDVPS5 zZTg==
- Header: best read with a sniffer
- List-archive: <http://lists.cpunks.org/pipermail/cypherpunks/>
- Sender: "cypherpunks" <cypherpunks-bounces AT lists.cpunks.org>
- To: cypherpunks AT lists.cpunks.org
From my blog: https://j.ludost.net/blog/archives/2018/07/01/coverity_scan_of_qmail_--_53_potential_defects_with_false_positives/index.html
coverity scan of qmail -- 53 potential defects (with false positives)
coverity is commercial static source code analyzer accepting some
open source projects for free.
Did a scan of djb's qmail, the results are at:
https://scan.coverity.com/projects/qmail
the tool gave only 53 defects. Quick scan suggests that the non-false
positives are logically dead code (might be wrong about this).
to access the defects, you will need coverity account (free,
captchas).
djb is giving monetary bounty for qmail, owing me a bounty he couldn't
reproduce because of lack of virtual memory on old freebsd ;)