Bug 13692 - Coverity scan for rsync-3.1.3
Summary: Coverity scan for rsync-3.1.3
Alias: None
Product: rsync
Classification: Unclassified
Component: core (show other bugs)
Version: 3.1.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Wayne Davison
QA Contact: Rsync QA Contact
Depends on:
Reported: 2018-11-27 08:49 UTC by Michal Ruprich
Modified: 2019-01-15 18:51 UTC (History)
0 users

See Also:

Covscan report with commentary (116.96 KB, text/plain)
2018-11-27 08:49 UTC, Michal Ruprich
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Michal Ruprich 2018-11-27 08:49:00 UTC
Created attachment 14689 [details]
Covscan report with commentary


I ran a coverity scan(static analyser) on rsync-3.1.3 and it found some 100 issues. I am enclosing the complete report as an attachment. 

On the bottom of the file, there is my commentary for each defect found by the scanner. The scanner is far from perfect so there might be a lot of false positives(I have marked those in the commentary). Also, there are things I could not figure out whether they are false positives or not. I would like to ask someone with a deeper knowledge of the code to either confirm or disprove my findings. After that I will be more than happy to send a patch that will fix some of these issues.

Thanks and regards,
Comment 1 Wayne Davison 2019-01-15 18:51:46 UTC
Thanks for the report.  I fixed a bunch of the issues, but left alone some of the items that only affect start-up (one-time) string allocations.  If you see any important ones that I missed, feel free to let me know.  Also feel free to add a follow-up coverity scan to this bug and I'll give it a check to see what I missed.