Full_Name: Eduardo Barretto Version: lmdb-0.9.23 OS: Linux x86_64 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (2001:67c:1562:8007::aac:425e) As a request came to move lmdb from universe repository in Ubuntu to main repository, we are auditing the code of lmdb-0.9.23. One of the steps is run coverity on top of the source code. In the following URL you can find coverity results: https://pastebin.ubuntu.com/p/35VTgFwMj9/ I marked this as a Major Security Issue as I am not sure which are actually issues and which are false positives, and don't want others having a look before you do. I would appreciate if you could take the time to go through the results and give an update if some of the issues are real and their impact. If you have any problem, please let me know how I can help. Thanks in advance
mdb.c:2378 false positive. The maximum size of a value always fits in 32 bits. :2517 false positive. errno is not an unknown location. :2526 false positive. " " :2530 ... :2661 ... :2683 works as designed :2802 ... :3153 false positive :3176 false positive :3176 ... :3225 false positive :3225 ... :3267 false positive :3280 false positive :3280 ... :3380 false positive :3391 false positive :3635 false positive :3635 ... :3794 false positive :3792 false positive :3864 false positive, value is clearly used at :3904 :3894 false positive etc. etc. etc. Coverity is useless.
published 9047 marked public changed state Open to Closed