X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fstring.c;h=db54a094b789a90e2f1d721c8b06ebbe426c8c53;hb=ae20c80970d513823f3d36e73ec9657bf4b0e197;hp=e0e0fa5ae536db9a0294e8373ecf77c643e69f81;hpb=d1af83598f7d6b32516a11bb28e569d592a05c48;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/string.c b/src/src/string.c
index e0e0fa5ae..db54a094b 100644
--- a/src/src/string.c
+++ b/src/src/string.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) University of Cambridge 1995 - 2016 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Miscellaneous string-handling functions. Some are not required for
@@ -913,7 +913,7 @@ sep_is_special = iscntrl(sep);
 
 if (buffer != NULL)
   {
-  register int p = 0;
+  int p = 0;
   for (; *s != 0; s++)
     {
     if (*s == sep && (*(++s) != sep || sep_is_special)) break;
@@ -1086,7 +1086,9 @@ Returns:   pointer to the start of the string, changed if copied for expansion.
            Note that a NUL is not added, though space is left for one. This is
            because string_cat() is often called multiple times to build up a
            string - there's no point adding the NUL till the end.
+
 */
+/* coverity[+alloc] */
 
 uschar *
 string_cat(uschar *string, int *size, int *ptr, const uschar *s, int count)
@@ -1132,8 +1134,14 @@ if (p + count >= *size)
 
 /* Because we always specify the exact number of characters to copy, we can
 use memcpy(), which is likely to be more efficient than strncopy() because the
-latter has to check for zero bytes. */
+latter has to check for zero bytes.
+
+The Coverity annotation deals with the lack of correlated variable tracking;
+common use is a null string and zero size and pointer, on first use for a
+string being built. The "if" above then allocates, but Coverity assume that
+the "if" might not happen and whines for a null-deref done by the memcpy(). */
 
+/* coverity[deref_parm_field_in_call] */
 memcpy(string + p, s, count);
 *ptr = p + count;
 return string;
@@ -1518,6 +1526,7 @@ specified messages. If it does, the message just gets truncated, and there
 doesn't seem much we can do about that. */
 
 (void)string_vformat(buffer+15, sizeof(buffer) - 15, format, ap);
+va_end(ap);
 
 return (eno == EACCES)?
   string_sprintf("%s: %s (euid=%ld egid=%ld)", buffer, strerror(eno),