[tz] 2020c zic code draws complaints from Coverity
Tom Lane
tgl at sss.pgh.pa.us
Sun Oct 18 14:31:55 UTC 2020
The Coverity static-analysis tool [1], which is moderately widely
used by open-source projects, doesn't much like this:
789 if (bloat == 0)
>>> CID 1468262: Incorrect expression (CONSTANT_EXPRESSION_RESULT)
>>> "strcmp("slim", "slim")" is always 0 because ""slim"" is compared against itself.
790 bloat = strcmp(ZIC_BLOAT_DEFAULT, "slim") == 0 ? -1 : 1;
This is just a bug-finding heuristic, of course, and it won't trouble
me that much to ignore the warning. Still, I wonder why it's coded
this way and not like, say,
#ifndef ZIC_BLOAT_DEFAULT
/* Use -1 for slim, +1 for fat */
#define ZIC_BLOAT_DEFAULT (-1)
#endif
...
if (bloat == 0)
bloat = ZIC_BLOAT_DEFAULT;
The use of a string doesn't seem to be buying anything in terms of
error protection, since the strcmp doesn't distinguish "fat" from
"slem" or other misspellings.
regards, tom lane
[1] https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html
More information about the tz
mailing list