[tz] 2020c zic code draws complaints from Coverity

Tom Lane tgl at sss.pgh.pa.us
Sun Oct 18 14:31:55 UTC 2020

The Coverity static-analysis tool [1], which is moderately widely
used by open-source projects, doesn't much like this:

789     	if (bloat == 0)
>>>     CID 1468262:  Incorrect expression  (CONSTANT_EXPRESSION_RESULT)
>>>     "strcmp("slim", "slim")" is always 0 because ""slim"" is compared against itself.
790     		bloat = strcmp(ZIC_BLOAT_DEFAULT, "slim") == 0 ? -1 : 1;

This is just a bug-finding heuristic, of course, and it won't trouble
me that much to ignore the warning.  Still, I wonder why it's coded
this way and not like, say,

/* Use -1 for slim, +1 for fat */
#define ZIC_BLOAT_DEFAULT (-1)


	if (bloat == 0)

The use of a string doesn't seem to be buying anything in terms of
error protection, since the strcmp doesn't distinguish "fat" from
"slem" or other misspellings.

			regards, tom lane

[1] https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html

More information about the tz mailing list