wiki:GCI/Coding/CoverityIssues

Version 4 (modified by Gedare Bloom, on 09/12/18 at 19:22:30) (diff)

--

File RTEMS Ticket for a Coverity Scan Issue

Coverity Scan is a static analyzer that can identify various types of potential software defects. Coverity offers free use of this analyzer for free software projects. Issues identified for RTEMS are at https://scan.coverity.com/projects/rtems.

Coverity Scan identifies POTENTIAL issues. Some may be real bugs. Others may indicate that Coverity Scan does not have full awareness of the program life. For example, memory allocated during RTEMS initialization may appear to be leaked because it is never freed, but this is deliberate and the issue marked as such in Coverity Scan.

Directions for Students

You will need to get an account on Coverity Scan and request access to the RTEMS Project.

Find an issue which is not included in the list of tickets below. Investigate the issue, and if it is a real bug then file a ticket at https://devel.rtems.org against 5.1 using ticket #3514 as a guide.

  • The title should have an English summary and the CID number from the Coverity report.
  • The summary should include the offending code with some context.
  • If you can provide any insight into the issue, please feel free to add it. If the RTEMS source code has a copyright that indicates it originated in another project, please do make note of that. It is sometimes possible just to check the original source to see if the issue is fixed.
  • You may need to ask questions (on the devel mailing list or IRC) to confirm whether or not the Coverity issue is a real bug or not.

Tickets

The following open tickets correspond to Coverity issues.

Ticket Summary Owner
#2926 Coverity Reports Multiple Out of Bounds Accesses in rtd-mdreloc-sparc.c chrisj@…
#3514 Resource Leak in hexdump-parse.c (CID 26032)
#3544 Coverity flags use of uninitialized variable in e500-mmu.c Sebastian Huber
#3570 Resource leak in flashdisk.c (CID 1439298)
#3597 Variable tmp_dirent not initialized CID 1440356
#3946 capture-support: Dead Code (CID #1461469 \) Needs Funding
#3948 Export Issues from Coverity Scan
#4431 record-filter-zlib.cc: Unchecked return value from library error spotted by Coverity

Directions for Mentors

Compare the Coverity report with the ticket that was filed. You'll need a Coverity account. Confirm the ticket appears in the table above, that the ticket contains the CID number and reproduces the problem/context of the Coverity report.