Hi! Here is an example on why manual introspection is required on all static analyzer output:
On Wed, 28 Jan 2026 12:35, Sam James said: > p = strchr (program, '|'); > - *p++ = 0; > + if (p) > + *p++ = 0; This is is something the analyzer did not got right. This if-branch is only entered iff program_name already contains a '|'. program is a copy of program_name. A log_assert could be used but the code is short enoigh to see that this will never be triggred. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-devel mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-devel
