pguyot
Github's CodeQL returns way too many errors
LGTM's company was acquired by GitHub and they later created more tests. Some of these tests are actually founded and code should probably be fixed. Typically, the tool revealed some dead code.
There is a PR to run tests on every pull requests and pushes, even if it takes quite a long time (about one hour). https://github.com/pguyot/Einstein/pull/127
Before merging it, we probably should fix the two critical alerts (usage of strcat that could overflow), as many other alerts as possible and decide on which tests to actually disable (for example we can disable the test reporting FIXME comments). https://github.com/pguyot/Einstein/pull/127/checks?check_run_id=4752834281 https://github.com/pguyot/Einstein/security/code-scanning?page=1&query=is%3Aopen+pr%3A127
Thanks for adding this feature. Most (all?) of the FIXMEs are my fault, and as I mention in what became mit little todo list in #119, I will go through all FIXMEs and re document them and change them into TODOs, unless they are urgent bugs.
This is going to be interesting for the FLTK UI code. There is little use in deleting a button in a dialog box that is only allocated once and will live for the entire runtime of the app. Second, FLTK automatically delete all UI elements inside a window whenever the window is deleted. Explicitly deleting a button would be wrong. I will check how to suppress those false positives.
The FIXMEs are not so much an issue, and I actually disabled the report on LGTM. We can agree on the semantic but just changing them to TODOs is probably not worth the effort. I noticed some of them are "incomplete" implementations, such as libffi not being ported to Windows & iOS.