lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160212024140.GB11298@thunk.org>
Date:	Thu, 11 Feb 2016 21:41:40 -0500
From:	Theodore Ts'o <tytso@....edu>
To:	Jeff Merkey <linux.mdb@...il.com>
Cc:	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [BUG REPORT] use of unreachable() masks uninitialized variables
 warnings

On Thu, Feb 11, 2016 at 11:12:12AM -0700, Jeff Merkey wrote:
> 
> That's good to know, they could be false positives, but it was kind of
> wierd behavior caused by that macro.

If it is true, it sounds more like a compiler bug to me.  Any
statements a BUG() call are unreachable.  If the compiler assumes that
in the case of:

	if (a)
	        BUG();
	printf("foo bar\n");
	
That the printf is not reachable, that's a compiler bug.  And not a
problem in the BUG() macro.

It might be that it's worthwhile to use other static code analysis
tools.  Many people will look at warnings from Coverity and clang to
find potential problems, since these tend to find more warnings than
just using gcc.  The problem with some of these, including Coverity,
is that they can be __too__ noisy, and if 90% of the warnings are
false positives, most people won't take the time to weed out several
dozen bogus warnings to find the one good one.

In your case, for example, I looked through several dozen warnings,
and they were ***all*** bogus.  Keep in mind that this might make me
less inclined to pay attention to complaints from you in the future.
The story of the buy who cried wolf too often comes to mind.

Perhaps you could actually take a close look at the warnings, before
you fire off an e-mail?  If at least one of the warnings were valid
and pointed at an actual bug, it wouldn't have been a complete waste
of my time....

Best regards,

						- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ