Created attachment 14689 [details]
Covscan report with commentary
I ran a coverity scan(static analyser) on rsync-3.1.3 and it found some 100 issues. I am enclosing the complete report as an attachment.
On the bottom of the file, there is my commentary for each defect found by the scanner. The scanner is far from perfect so there might be a lot of false positives(I have marked those in the commentary). Also, there are things I could not figure out whether they are false positives or not. I would like to ask someone with a deeper knowledge of the code to either confirm or disprove my findings. After that I will be more than happy to send a patch that will fix some of these issues.
Thanks and regards,
Thanks for the report. I fixed a bunch of the issues, but left alone some of the items that only affect start-up (one-time) string allocations. If you see any important ones that I missed, feel free to let me know. Also feel free to add a follow-up coverity scan to this bug and I'll give it a check to see what I missed.