Coverity errors in libndr/

tridge at tridge at
Wed Oct 25 10:20:54 GMT 2006


 > But then the check for NULL is bogus. Should we remove it or
 > shouldn't we? I could certainly mark all these Coverity
 > errors as false positives, but I do think a NULL check after
 > having dereferenced a pointer is kind of void.

In my attempt to be humorous I left off the obvious exception -
anything that could be an allocation failure obviously does need to be
checked. It's not OK to segv on allocation failure (or failing to
mmap, failing to open a file etc etc). So I think we do need one check
when we allocate a new attribute, but if the attribute does get added
OK then we don't need to check the case that its null afterwards.

I just don't like the use of assert() calls for NULL checks, when the
assert call causes a panic or similar shutdown. That's pointless,
makes the code larger and slower, and is generally a bad thing ;-)

btw, does coverity do inter-module checking? ie. does it notice that
a function passing in ldb_msg.c implies that a different function in a
different module can't fail? I know the ibm checker does some of that
(tho not perfectly) but I don't know if coverity does.

Cheers, Tridge

More information about the samba-technical mailing list