On Thu, 2012-01-12 at 16:14 +1100, Mark Goodwin wrote:
> Coverity is a sophisticated static code analysis tool.
> Among other things, it checks for the conditions listed here:
> https://www.securecoding.cert.org/confluence/display/seccode/Coverity+Prevent
Can someone with knowledge of Coverity please advise ...
1. For the issues we wish to mark as IGNORED after analysis, where is
this state held and how is it used in subsequent runs to ensure we're
note forced to review these false matches again?
2. Does Coverity understand assert()s? Specifically will
if (foo == NULL) {
...
}
assert(foo != NULL);
...
bar = *foo;
suppress Coverity warnings about dereferencing the possibly NULL foo?
|