On Fri, Nov 16, 2007 at 12:26:30AM +0000, Brandon Enright wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey guys, this is awesome. How did we manage a Coverity scan?
I met their Open Source Strategist David Maxwell at a Google Summer of
Code Summit and sweet talked him into scanning the Nmap code base :).
Then Kris volunteered to look over their report today and has so far
confirmed and fixed a number of issues they identified. So it looks
like the effort is paying off, just in time for the stable release :).
Here are the types of issues Coverity reported when scanning SOC6
(many of these are, of course, false positives):
Defects found : 32 Total
7 DEADCODE
8 FORWARD_NULL
3 NEGATIVE_RETURNS
2 NULL_RETURNS
2 OVERRUN_STATIC
4 RESOURCE_LEAK
2 REVERSE_INULL
1 UNINIT
3 USE_AFTER_FREE
Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Nov 15 2007
Intro
