From: Stefan Weil <weil@mail.berlios.de>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Kevin Wolf <kwolf@redhat.com>,
Anthony Liguori <aliguori@us.ibm.com>,
"Michael S. Tsirkin" <mst@redhat.com>,
qemu-devel <qemu-devel@nongnu.org>,
Riku Voipio <riku.voipio@iki.fi>, Alexander Graf <agraf@suse.de>,
Markus Armbruster <armbru@redhat.com>,
Blue Swirl <blauwirbel@gmail.com>,
Gerd Hoffmann <kraxel@redhat.com>,
Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PING 0.14] Missing patches (mostly fixes)
Date: Fri, 04 Feb 2011 18:36:39 +0100 [thread overview]
Message-ID: <4D4C3927.6090400@mail.berlios.de> (raw)
In-Reply-To: <4D4C35B2.9010801@codemonkey.ws>
Am 04.02.2011 18:21, schrieb Anthony Liguori:
> On 02/04/2011 11:18 AM, Stefan Weil wrote:
>> Am 04.02.2011 16:27, schrieb Markus Armbruster:
>>> Anthony Liguori <anthony@codemonkey.ws> writes:
>>>
>>>> On 02/02/2011 01:28 PM, Stefan Weil wrote:
>>> [...]
>>>>> [PATCH 1/3] tests: Fix two memory leaks
>>>>> (http://patchwork.ozlabs.org/patch/79945/)
>>>
>>>>> [PATCH 2/3] check-qdict: Fix possible crash
>>>>> (http://patchwork.ozlabs.org/patch/79946/)
>>>>
>>>> Luiz
>>>
>>> I wouldn't bother with the second one for 0.14. Yes, we're reading
>>> lines from a file with %s, but it's a fixed file with known
>>> contents, no
>>> long lines, and we're reading it in a test program only developers ever
>>> use.
>>>
>>> As to the first one, Luiz has never touched that file. Neither have I,
>>> and it's not obvious to me why it should go into 0.14.
>>>
>>> [...]
>>
>> Even if the current code does not result in a real bug at the moment,
>> it should get fixed:
>>
>> * Using tools like cppcheck (or others) to find bugs is good,
>> because it finds bugs which are important.
>> Sorting out "unimportant" bugs from the results wastes time
>> which could be invested better, and this waste of time lasts
>> forever until the "unimportant" bug will be fixed. The sooner
>> you fix it, the better it is.
>
> No, this is not a good use of time. I've said multiple times in the
> past, I'm not interested in implementing work arounds for false
> positives in static analysis tools.
>
> We have enough real problems to fix, we don't need to waste cycles on
> psuedo problems.
>
> Regards,
>
> Anthony Liguori
Hi Anthony,
please accept that even if you said something multiple times,
other people might have a different point of view.
QEMU is team work, isn't it?
Both positives are correct, there was no false positive:
Reading strings from external files into limited memory
without limiting their length is bad. Even if it works with
some input data, this kind of programming will be copied
by novice programmers and used with data which is critical.
In the second case, it might be a philosophical question
whether resources like memory or files should be released
explicitly. I tend to say yes, other people say no because the
OS will release them automatically when the program terminates.
But there is no doubt that the tool which says there is a leak
is right.
Regards,
Stefan Weil
next prev parent reply other threads:[~2011-02-04 17:37 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-27 8:29 [Qemu-devel] [0.14] Queue of 0.14 patches/pull? Paolo Bonzini
2011-01-27 10:26 ` [Qemu-devel] [PULL 0.14] spice + usb Gerd Hoffmann
2011-01-27 12:34 ` [Qemu-devel] [0.14] Queue of 0.14 patches/pull? Markus Armbruster
2011-01-27 12:42 ` Kevin Wolf
2011-01-27 15:13 ` Markus Armbruster
2011-01-27 16:30 ` Anthony Liguori
2011-01-27 16:44 ` [Qemu-devel] [PING 0.14] fix crash when a read handler calls qemu_set_fd_handler2() Rick Vernam
2011-01-27 17:14 ` Anthony Liguori
2011-01-27 19:50 ` Stefan Hajnoczi
2011-01-28 0:38 ` Anthony Liguori
2011-01-27 16:51 ` [Qemu-devel] [PING 0.14] seabios virtio bug Rick Vernam
2011-01-27 17:12 ` [Qemu-devel] " Paolo Bonzini
2011-01-27 17:30 ` Gleb Natapov
2011-01-28 7:51 ` [Qemu-devel] [0.14] Queue of 0.14 patches/pull? Gleb Natapov
2011-01-27 18:22 ` [Qemu-devel] " Michael S. Tsirkin
2011-01-28 8:06 ` Yoshiaki Tamura
2011-01-28 10:00 ` Michael Tokarev
2011-01-28 13:33 ` Paolo Bonzini
2011-01-28 14:21 ` Yoshiaki Tamura
2011-02-02 9:31 ` Paolo Bonzini
2011-02-03 4:44 ` Yoshiaki Tamura
2011-01-28 16:48 ` Anthony Liguori
2011-01-29 13:43 ` Yoshiaki Tamura
2011-01-28 6:43 ` [Qemu-devel] " Amit Shah
2011-02-02 19:28 ` [Qemu-devel] [PING 0.14] Missing patches (mostly fixes) Stefan Weil
2011-02-02 21:25 ` [Qemu-devel] " Michael S. Tsirkin
2011-02-03 7:00 ` Riku Voipio
2011-02-03 10:05 ` [Qemu-devel] " Markus Armbruster
2011-02-04 12:30 ` Anthony Liguori
2011-02-04 12:37 ` Paolo Bonzini
2011-02-04 14:40 ` Alexander Graf
2011-02-04 15:27 ` Markus Armbruster
2011-02-04 15:38 ` Anthony Liguori
2011-02-04 16:42 ` Luiz Capitulino
2011-02-04 17:18 ` Stefan Weil
2011-02-04 17:21 ` Anthony Liguori
2011-02-04 17:36 ` Stefan Weil [this message]
2011-02-04 17:59 ` Anthony Liguori
2011-02-07 18:54 ` Luiz Capitulino
2011-02-07 19:18 ` Stefan Weil
2011-02-16 20:26 ` Stefan Weil
2011-02-16 20:39 ` Markus Armbruster
2011-02-04 15:45 ` malc
2011-02-05 19:23 ` Michael S. Tsirkin
2011-02-05 19:34 ` riku voipio
2011-02-23 21:50 ` Stefan Weil
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D4C3927.6090400@mail.berlios.de \
--to=weil@mail.berlios.de \
--cc=agraf@suse.de \
--cc=aliguori@us.ibm.com \
--cc=anthony@codemonkey.ws \
--cc=armbru@redhat.com \
--cc=blauwirbel@gmail.com \
--cc=kraxel@redhat.com \
--cc=kwolf@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=riku.voipio@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).