Potential problems in 2.1.12 discovered by Coverity static source code scan

John Dennis jdennis at redhat.com
Wed Oct 19 16:31:47 CEST 2011

We've started to perform static source code analysis on things we ship 
in the interest of trying to improve quality. We've been very impressed 
with the Coverity tools, they do an excellent job of finding problems.

Coverity is not open source but they support open source projects by 
providing access to open source projects to some of their tools (you 
might consider registering with Covertiy). We have a Coverity license 
and have been granted permission to share our scan results with our 
upstream open source projects. We have just completed a scan on version 
2.1.12 and I wanted to share the results. They are attached.

Not every item flagged by the scan is meaningful, but we've learned by 
running the scans on our own code quite a bit of what is reported were 
actually undiscovered problems worth fixing.

I recognize the timing would have been better if the scan had been 
performed prior to the release but we're still in the process of getting 
Coverity integrated into our tool chain.

I wonder if the problems cropping up in 3.0 might be identified by a 
Coverity scan ...

Hope this helps,


John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: freeradius-2.1.12_coverity_scan.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20111019/3d3aff83/attachment.txt>

More information about the Freeradius-Devel mailing list