Potential problems in 2.1.12 discovered by Coverity static source code scan
jdennis at redhat.com
Wed Oct 19 16:31:47 CEST 2011
We've started to perform static source code analysis on things we ship
in the interest of trying to improve quality. We've been very impressed
with the Coverity tools, they do an excellent job of finding problems.
Coverity is not open source but they support open source projects by
providing access to open source projects to some of their tools (you
might consider registering with Covertiy). We have a Coverity license
and have been granted permission to share our scan results with our
upstream open source projects. We have just completed a scan on version
2.1.12 and I wanted to share the results. They are attached.
Not every item flagged by the scan is meaningful, but we've learned by
running the scans on our own code quite a bit of what is reported were
actually undiscovered problems worth fixing.
I recognize the timing would have been better if the scan had been
performed prior to the release but we're still in the process of getting
Coverity integrated into our tool chain.
I wonder if the problems cropping up in 3.0 might be identified by a
Coverity scan ...
Hope this helps,
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Freeradius-Devel