[Python-Dev] Coverity Scan, Python upgraded to rung 2
Neal Norwitz
nnorwitz at gmail.com
Thu Jan 10 06:11:21 CET 2008
On Jan 9, 2008 9:08 AM, <skip at pobox.com> wrote:
>
> Christian> I read the announcement of the Python Users list and figured
> Christian> out that some of the other core developers might be
> Christian> interested in the news, too.
>
> Christian> Among other projects Python was upgraded to Rung 2 on the
> Christian> Coverity Scan list: http://scan.coverity.com/
>
> I went to the run2 page:
>
> http://scan.coverity.com/rung2.html
>
> I shows 6 uninspected defects for Python. How do we see what they are?
> What is an uninspected defect? Any idea how the Coverity folks compute
> Defects/KLOC? For example, how does tcl manage to get a 0.0 score?
The 6 have been inspected by me and I never came to a conclusion of
whether they were a problem or not. There are 3 things which should
be fixed and I haven't gotten around to them. They are not a big
deal:
Python/traceback.c line 177
Objects/codeobject.c line 322
Modules/mmapmodule.c line 1080
For traceback.c, namebuf defined on line 155 should be moved out one
block since filename is an alias to namebuf and it is used outside the
current scope. I think this is unlikely to be a problem in practice,
but is technically wrong and should be fixed.
For codeobject.c, line 327 should not be reachable. I kinda like the
code as it is even though it is currently dead. I never decided if I
wanted to change that or suppress the warning.
For mmapmodule.c, fd should be checked for -1 before calling stat on line 1064.
The rest were not obvious problems to me, and I never returned to them.
n
More information about the Python-Dev
mailing list