[Scummvm-devel] Static analysis of ScummVM by Coverity

Eugene Sandulenko sev at scummvm.org
Mon Apr 15 16:45:25 CEST 2013


Hi guys,

I realized that Coverity offers free access to their excellent tools to
Open Source projects.

Thus I submitted ScummVM to Coverity (Mac build), and results of the
analysis are available.

Please get registered here:
http://scan.coverity.com/user_register.html(email me with the password
request).

In essence, the results are presented in a table below. Quick inspection
showed that many of the findings are very true. However I understand that
in some cases the game data will never exceed some threshold, still there
are no sanity checks in many places, and Coverity found them.

I plan to build the solution from time to time, the platform over there
allows to mark issues as false positives or fixed and then track their
history.

So please assign the findings to yourself when you fix them, or mark as
confirmed, so other will not waste their time on analysis and we can
process the output step by step.

Here is the result summary:

Defect occurrences found : 2143 Total
 4 ARRAY_VS_SINGLETON
 1 ASSERT_SIDE_EFFECT
 4 BAD_COMPARE
 1 BAD_FREE
 1 BAD_OVERRIDE
 43 CHECKED_RETURN
 6 CONSTANT_EXPRESSION_RESULT
 17 COPY_PASTE_ERROR
 3 CTOR_DTOR_LEAK
 91 DEADCODE
 3 DELETE_ARRAY
 1 EVALUATION_ORDER
 131 FORWARD_NULL
 65 MISSING_BREAK
 21 NEGATIVE_RETURNS
 8 NO_EFFECT
 26 NULL_RETURNS
 153 OVERRUN
 7 PASS_BY_VALUE
 63 RESOURCE_LEAK
 1 RETURN_LOCAL
 21 REVERSE_INULL
 13 REVERSE_NEGATIVE
 225 SIGN_EXTENSION
 2 SIZECHECK
 1 SIZEOF_MISMATCH
 72 UNINIT
 989 UNINIT_CTOR
 28 UNREACHABLE
 128 UNUSED_VALUE
 9 USE_AFTER_FREE
 5 VARARGS


Eugene
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.scummvm.org/pipermail/scummvm-devel/attachments/20130415/65ba0293/attachment.html>


More information about the Scummvm-devel mailing list