From 8dddea42aaf876663fc3cc1afa31f2165cb9f993 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Wed, 10 Feb 2016 10:59:14 +0100 Subject: [PATCH 1/2] coverity: provide nodef for GITERR_CHECK_ALLOC Coverity currently lists a lot of errors with regard to GITERR_CHECK_ALLOC causing resource leaks. We know this macro is only invoked when we want to abort because we are out of memory. Coverity allows for overriding the default model where we know that certain functions guarantee a desired behavior. The user_nodefs.h is used to override the behavior of macros. Re-define GITERR_CHECK_ALLOC inside of it to specify its abort nature. --- script/coverity.sh | 2 ++ script/user_nodefs.h | 8 ++++++++ 2 files changed, 10 insertions(+) create mode 100644 script/user_nodefs.h diff --git a/script/coverity.sh b/script/coverity.sh index dcfeffc1d..785044c8a 100755 --- a/script/coverity.sh +++ b/script/coverity.sh @@ -33,6 +33,8 @@ if [ ! -d "$TOOL_BASE" ]; then ln -s "$TOOL_DIR" "$TOOL_BASE"/cov-analysis fi +cp script/user_nodefs.h "$TOOL_BASE"/cov-analysis/config/user_nodefs.h + COV_BUILD="$TOOL_BASE/cov-analysis/bin/cov-build" # Configure and build diff --git a/script/user_nodefs.h b/script/user_nodefs.h new file mode 100644 index 000000000..110f76851 --- /dev/null +++ b/script/user_nodefs.h @@ -0,0 +1,8 @@ +/* + * Copyright (C) the libgit2 contributors. All rights reserved. + * + * This file is part of libgit2, distributed under the GNU GPL v2 with + * a Linking Exception. For full terms see the included COPYING file. + */ + +#nodef GITERR_CHECK_ALLOC(ptr) if (ptr == NULL) { __coverity_panic__(); } From 50174ab459e7a6c007f6ffa15d381f2f18bd89b8 Mon Sep 17 00:00:00 2001 From: Patrick Steinhardt Date: Wed, 10 Feb 2016 11:06:23 +0100 Subject: [PATCH 2/2] coverity: use https URL for posting build When posting our instrumented build results to Coverity we have to include sensitive information, in particular our authorization token. Currently we use an unencrypted channel to post this information, leading to the token being transferred in plain. Fix this by using a secured connection instead. --- script/coverity.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/script/coverity.sh b/script/coverity.sh index 785044c8a..8c826892f 100755 --- a/script/coverity.sh +++ b/script/coverity.sh @@ -50,10 +50,9 @@ COVERITY_UNSUPPORTED=1 \ tar czf libgit2.tgz cov-int SHA=$(git rev-parse --short HEAD) curl \ - --form project=libgit2 \ --form token="$COVERITY_TOKEN" \ --form email=bs@github.com \ --form file=@libgit2.tgz \ --form version="$SHA" \ --form description="Travis build" \ - http://scan5.coverity.com/cgi-bin/upload.py + https://scan.coverity.com/builds?project=libgit2