13692 – Coverity scan for rsync-3.1.3

Bug 13692 - Coverity scan for rsync-3.1.3

Summary: Coverity scan for rsync-3.1.3

Status:	RESOLVED FIXED

Alias:	None

Product:	rsync
Classification:	Unclassified
Component:	core (show other bugs)
Version:	3.1.3
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Wayne Davison
QA Contact:	Rsync QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-11-27 08:49 UTC by Michal Ruprich
Modified:	2019-01-15 18:51 UTC (History)
CC List:	0 users

See Also:

Attachments
Covscan report with commentary (116.96 KB, text/plain) 2018-11-27 08:49 UTC, Michal Ruprich	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michal Ruprich 2018-11-27 08:49:00 UTC

Created attachment 14689 [details]
Covscan report with commentary

Hi,

I ran a coverity scan(static analyser) on rsync-3.1.3 and it found some 100 issues. I am enclosing the complete report as an attachment. 

On the bottom of the file, there is my commentary for each defect found by the scanner. The scanner is far from perfect so there might be a lot of false positives(I have marked those in the commentary). Also, there are things I could not figure out whether they are false positives or not. I would like to ask someone with a deeper knowledge of the code to either confirm or disprove my findings. After that I will be more than happy to send a patch that will fix some of these issues.

Thanks and regards,
Michal

Comment 1 Wayne Davison 2019-01-15 18:51:46 UTC

Thanks for the report.  I fixed a bunch of the issues, but left alone some of the items that only affect start-up (one-time) string allocations.  If you see any important ones that I missed, feel free to let me know.  Also feel free to add a follow-up coverity scan to this bug and I'll give it a check to see what I missed.