Message ID | YW2qpuosxr9PNwVa@coredump.intra.peff.net (mailing list archive) |
---|---|
Headers | show |
Series | some leak fixes on fs/ssh-signing-fix | expand |
On 18.10.21 19:11, Jeff King wrote: > This fixes two small leaks on top of fs/ssh-signing-fix noticed by > Coverity. I guess it's too late to squash them in, so I prepared patches > on top. > > [1/2]: gpg-interface: fix leak of "line" in parse_ssh_output() > [2/2]: gpg-interface: fix leak of strbufs in get_ssh_key_fingerprint() > > gpg-interface.c | 14 +++++++++++--- > 1 file changed, 11 insertions(+), 3 deletions(-) > > -Peff > Thanks. Both of these look good. Is coverity included in the ci/gh actions? Where would these notices show up? Kind regards, Fabian
On Tue, Oct 19, 2021 at 10:16:41AM +0200, Fabian Stelzer wrote: > Is coverity included in the ci/gh actions? Where would these notices > show up? Not currently. I've been playing with running it in an action, and may submit something to make it more official. There's some discussion here: https://lore.kernel.org/git/YV5dmkkuCqAY2qqG@coredump.intra.peff.net/ There's also some on-going work to make the test suite run without leak-checkers (I didn't dig them up, but you can find recent topics and commits from Ævar). But we've got a ways to go, so you'd likely find a bunch of existing leaks if you tried it. So no, for now there was nothing obvious you could have seen that would have alerted you. -Peff