[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 60086] PVS-Studio: Rechecking Apache HTTP Server


Christophe JAILLET <christophe.jaillet@xxxxxxxxxx> changed:

           What    |Removed                     |Added
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #1 from Christophe JAILLET <christophe.jaillet@xxxxxxxxxx> ---
For the records and to give credit to your static analyzer, the "Suspicious
expression" has been fixed in r1797550 and is recorded as a CVE (CVE-2017-7679)

"Incorrect check for an empty string" has been fixed in r1812307 and is now
also spotted by gcc 8.1+

"Incrementing a pointer instead of the value" is a mystery to me. This code
does not seem to be there anymore!

"Incorrect password clearing" is recorded as bug 58921.

"Uninitialized variable" is part of APR, not httpd itself. I'll apply a fix for

"Incorrect check of HRESULT" is fixed in r1832198.

"Superfluous operation?" is fixed in r1832200.

"Redundant condition" is fixed in r1832202.

Thanks for the report. This should have help us close a potential security
issue much earlier :(
Anyway, any new analysis would be appreciated.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx