coverity ... new run finally

Juan Lang juan.lang at gmail.com
Tue Sep 9 11:39:48 CDT 2008


> Did you count the ones I listed not in test code?  I probably should
> have separated them out...

No, I didn't.  Now I understand the source of my confusion, thanks.

My account appears to be closed, so I hope you don't mind if I tell
you the status of the two new crypt32 reports:
725     NULL_RETURNS    Context_CopyProperties  crypt32/context.c
This one is valid, sort of.  The returned property lists might indeed
be NULL, but only if a) the app passes a bogus pointer, which will
crash on Windows, b) Wine's code passes a bogus pointer, which is a
bug elsewhere, or c) memory gets corrupted.  As these are all
exceptional conditions, I'll introduce an assert.

715     FORWARD_NULL    CryptMsgGetAndVerifySigner      crypt32/msg.c
False positive, though it would be hard for a static analyzer to know
it.  I believe it's complaining about pdwSignerIndex being
dereferenced on line 2848, when it's checked against NULL on line
2827, implying it might be allowed to be NULL.  However it's only
dereferenced if CMSG_USE_SIGNER_INDEX_FLAG is set, which implies that
pdwSignerIndex must not be NULL.
--Juan



More information about the wine-devel mailing list