[dpdk-dev] DPDK Release Status Meeting 21/2/2019

Richardson, Bruce bruce.richardson at intel.com
Wed Mar 6 16:45:35 CET 2019



> -----Original Message-----
> From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Luca Boccassi
> Sent: Wednesday, March 6, 2019 3:28 PM
> To: dpdk-dev <dev at dpdk.org>
> Cc: Mcnamara, John <john.mcnamara at intel.com>; Thomas Monjalon
> <thomas at monjalon.net>; Yigit, Ferruh <ferruh.yigit at intel.com>
> Subject: Re: [dpdk-dev] DPDK Release Status Meeting 21/2/2019
> 
> On Thu, 2019-02-21 at 17:43 +0000, Luca Boccassi wrote:
> > On Thu, 2019-02-21 at 16:09 +0000, Ferruh Yigit wrote:
> > > Minutes 21 February 2019
> > > ------------------------
> >
> > cut
> >
> > > * Coverity is partially back, but new analyses aren't running
> > >   * Looking for suggestions from the community for a better or more
> > > stable
> > >   solutions
> >
> > The clang-based alternative I mentioned that can be used from
> > Travis/Github is sonarcloud.io:
> >
> > https://sonarcloud.io/
> >
> > Here's an example implementation:
> >
> > https://github.com/zeromq/libzmq/commit/4d3516f634a4a5e3f522f5cb277da3
> > 8b188d32eb
> 
> I've tested Sonarcloud, they are saying DPDK stinks (22000 code smells
> flagged) :-)
> 
> https://sonarcloud.io/dashboard?id=bluca_dpdk
> 
> It seems the main "security" issues it highlights are the usage of
> sprintf, strcpy and strcat. They can probably be easily filtered out.
> 

Have we not got all those changed yet? Just about every static analysis
tool under the sun is going to flag those functions, so we are better
off just replacing them ASAP.

/Bruce


More information about the dev mailing list