Date: Wed, 23 Apr 2014 10:53:47 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: Erik Cederstrand <erik+lists@cederstrand.dk> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, "Ronald F. Guilmette" <rfg@tristatelogic.com> Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? Message-ID: <20140423175347.GI43976@funkthat.com> In-Reply-To: <50CA7E78-BB5E-4872-A272-B7374627EC12@cederstrand.dk> References: <10999.1398215531@server1.tristatelogic.com> <50CA7E78-BB5E-4872-A272-B7374627EC12@cederstrand.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Erik Cederstrand wrote this message on Wed, Apr 23, 2014 at 12:06 +0200: > Den 23/04/2014 kl. 03.12 skrev Ronald F. Guilmette <rfg@tristatelogic.com>: > > > > In message <20140423010054.2891E143D098@rock.dv.isc.org>, > > Mark Andrews <marka@isc.org> wrote: > > > >> As for the number of CLANG analysis warnings. Clang has false > >> positives > > > > Please define your terms. > > > > I do imagine that the truth or falsehood of your assertion may depend > > quite substantally on what one does or does not consider a "false > > positive" in this context. > > Have a look at the ~10.000 reports at http://scan.freebsd.your.org/freebsd-head/ (unavailable ATM). Silly things are reported like missing return at the end of main() Considering that this is legal C99, it is very silly, from 5.1.2.2.3 of the C99 spec: reaching the } that terminates the main function returns a value of 0. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140423175347.GI43976>