git@vger.kernel.org list mirror (unofficial, one of many)
 help / color / mirror / code / Atom feed
From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Markus Vervier <markus.vervier@x41-dsec.de>
Cc: git@vger.kernel.org
Subject: Re: Covierty Integration / Improvement
Date: Wed, 6 Apr 2022 17:08:37 +0200 (CEST)	[thread overview]
Message-ID: <nycvar.QRO.7.76.6.2204061620110.379@tvgsbejvaqbjf.bet> (raw)
In-Reply-To: <nycvar.QRO.7.76.6.2204052352030.379@tvgsbejvaqbjf.bet>

Team,

On Wed, 6 Apr 2022, Johannes Schindelin wrote:

> On Fri, 1 Apr 2022, Markus Vervier wrote:
>
> > - Could you tell us more about the amount and types of false positives
> > and problems you've faced trying to eliminate them? This will help us
> > to understand the expectations / requirements for a successful
> > integration of Coverity.
>
> From the top of my head, I would estimate about 60-70% of the results to
> be false positives.
>
> As Junio pointed out, we do not consider memory to be leaked in one-shot
> processes where memory is allocated, once, in the equivalent of a
> `main()` function. Sure, we could add a slew of `free()` calls right
> before exiting the process, but that's kind of pointless.
>
> Another major source of false positives is our string data structure,
> which offers a small-ish static, read-only buffer to get started, but
> replaces that with something `malloc()`ed/`realloc()`ed as soon as the
> string is about to be manipulated. Yet Coverity insists that we're
> writing into a read-only buffer, and get out of bounds, which is simply
> not true.
>
> Similar issues are reported with our `strvec` data structure that has
> the same allocation pattern.
>
> Since the false positives outnumber the valid issues reported by
> Coverity, we have not been very eager to sift through new reports.
>
> The list of categories of false positives listed above is not
> exhaustive, of course, but combined with how cumbersome it is to get
> access to the reports (they cannot be viewed anonymously), you get an
> idea why we do not pay all that much attention to Coverity.

I have fixed Git for Windows' Coverity build and started to sift through
the 154 new defects reported as of v2.36.0-rc0.

Sadly, there is now a new class of overwhelming false positives: Coverity
claims that "strbuf_addstr does not [NUL-]terminate", which is of course
false. Specifically, Coverity explains that:

/strbuf.c
296 void strbuf_add(struct strbuf *sb, const void *data, size_t len)
297 {
298        strbuf_grow(sb, len);
   1. string_copy: Calling memcpy copies a source string data to sb->buf.
   2. string_null_source: The argument sb->buf will not be
      null[sic!]-terminated, because either the source string is not
      null-terminated, or the length of source string data is greater than
      or equal to the size argument len.
299        memcpy(sb->buf + sb->len, data, len);
300        strbuf_setlen(sb, sb->len + len);
301 }

In other words, it misses the fact that `strbuf_setlen()` _does_ set
`sb->buf[sb->len] = '\0'` (I assume that Coverity gets confused by the
`slopbuf` once again).

I stopped after the first 30-40 instances of "String not null terminated"
reports because my time is a bit too expensive to spend on reports like
that. Among the reported issues I looked at, there were two false
positives where Coverity misinterpreted how much space was allocated (and
thought we'd overrun, which we don't), the rest were those NUL-termination
false positives.

Ciao,
Johannes

  reply	other threads:[~2022-04-06 16:37 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-04-01 20:49 Markus Vervier
2022-04-03 21:36 ` Junio C Hamano
2022-04-03 23:16   ` Theodore Ts'o
2022-04-04 10:14     ` Ævar Arnfjörð Bjarmason
2022-04-05 22:22     ` Johannes Schindelin
2022-04-05 22:17 ` Johannes Schindelin
2022-04-06 15:08   ` Johannes Schindelin [this message]
2022-04-06 17:55     ` Theodore Ts'o
2022-04-06 20:20       ` Junio C Hamano
2022-04-07 11:49       ` Johannes Schindelin
2022-04-07  7:21   ` Markus Vervier
2022-04-07 11:58     ` Johannes Schindelin
     [not found]       ` <CAJY0qZLwQJ_6Me1em4X6M=YJb0O2+7rSYeKisLFOGH7_BW3Lww@mail.gmail.com>
     [not found]         ` <CAJY0qZJaBvwA19PN=Gm4c5gSVqYYBOoVwgF=1mZTNEjmXFSc7A@mail.gmail.com>
2022-05-10 17:46           ` Derek Zimmer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=nycvar.QRO.7.76.6.2204061620110.379@tvgsbejvaqbjf.bet \
    --to=johannes.schindelin@gmx.de \
    --cc=git@vger.kernel.org \
    --cc=markus.vervier@x41-dsec.de \
    --subject='Re: Covierty Integration / Improvement' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Code repositories for project(s) associated with this inbox:

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).