[dpdk-dev] Coverity policy for upstream (base) drivers.

Matthew Hall mhall at mhcomputing.net
Thu Nov 12 23:55:11 CET 2015

Previous message: [dpdk-dev] Coverity policy for upstream (base) drivers.
Next message: [dpdk-dev] Coverity policy for upstream (base) drivers.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Nov 12, 2015 at 02:05:08PM -0800, Stephen Hemminger wrote:
> Looking at the Coverity scan for DPDK, it looks like all the base
> drivers are marked to be ignored.
> 
> Although the changes to base drivers should not be done directly through
> DPDK list. I think it is still valuable to have these driver scanned and
> notify (badger) the vendors to fix there code.
> 
> Since lots of the bugs could be there, just blindly ignoring warnings
> and issues is being naive.

I am with Stephen. Ignoring base driver vulns is a bad practice.

With these L1-L4 bugs the chances are good somebody could trigger these and 
find 0days using tools as old and simple as this one:

http://isic.sourceforge.net/

Matthew.

Previous message: [dpdk-dev] Coverity policy for upstream (base) drivers.
Next message: [dpdk-dev] Coverity policy for upstream (base) drivers.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list