Mass filing of clang warnings

Hans-Christoph Steiner hans at
Wed Mar 11 19:12:13 CET 2015

Werner Koch:
> On Wed, 11 Mar 2015 15:21, hans at said:
>> people is tirelessly run again and again, checking the entire code base on
>> every commit.  cppcheck did catch real issues that you fixed.  I ran it and
>> reported it here, and you confirmed some of them and fixed them.  Also, anyone
> Right.  That were high quality reports with the obvious false positives
> sorted out.  Please look, at the bug reports at hand to see the problem:
> 1864--1916.
> Agree, simply closing most of them is not the fine way but I somehow
> need to handle such a DoS.

I completely agree that mass filing bugs is not the way.  I'm responding to
your bits about the clang warnings pointing to valid C code. You had a similar
response to a number of the cppcheck warnings. I propose that GnuPG instead
adjust bits of code like that to make cppcheck/clang happy, even though those
bits of code are correct according to a human.  Then we can setup an automated
cppcheck/clang test to catch any new errors.

In my experience with cppcheck, it will better understand the code if that
code does not include bits that cppcheck is confused by. I have changed little
things in response to cppcheck warnings, and that then made cppcheck find real


PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

More information about the Gnupg-devel mailing list