After having studied one of the coverity.com reports at length last night, I

decided it was a good idea to properly document my thoughts in a comment near
the code that was identified as a possible flaw. A false positive as far as I
can see.

diff --git a/src/main.c b/src/main.c
index 949fc2ff843d370f0ef48b76bb6ca088f863c91c..7de7e42d93fb8d17874d852cc5eb74d58d0cd520 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -4240,6 +4240,13 @@ operate(struct Configurable *config, int argc, argv_item_t argv[])
       for(i = 0;
           (url = urls?glob_next_url(urls):(i?NULL:strdup(url)));
           i++) {
+        /* NOTE: In the condition expression in the for() statement above, the
+           'url' variable is only ever strdup()ed if (i == 0) and thus never
+           when this loops later on. Further down in this function we call
+           free(url) and then the code loops. Static code parsers may thus get
+           tricked into believing that we have a potential access-after-free
+           here.  I can however not spot any such case. */
+
         int infd = STDIN_FILENO;
         bool infdopen;
         char *outfile;