Hello,
I compiled git/master using the clang 4.0 static analyzer with
scan-build ./configure --with-libpcre --with-openssl
scan-build make
and here are the results:
https://mail.aegee.org/dpa/scan-build-git-4fa66c85f11/
Please note, that the information is only about what gets actually
compiled, code disabled by #if .. #endif is not considered (e.g. when
determining whether a variable assignment is useless). There are
probably false-positives. However in case of e.g. builtin/notes.c:1018,
builtin/reset.c:294 or fast-import.c:2057 I consider the hints as justified.
This is for your information, I wouldn't have a problem if you ignore
the analysis. When you are worried about javascript, use lynx.
Regards
Дилян
