similar to: FreeBSD Coverity scan issues in OpenSSH -> how to contribute back patches?

Hello Icecast Developers, I'm the CTO of Coverity, Inc., a company that does static source code analysis to look for defects in code. You may have heard of us or of our technology from its days at Stanford (the "Stanford Checker"). The reason I'm writing is because we have set up a framework internally to continually scan open source projects and provide the results of

https://bugzilla.samba.org/show_bug.cgi?id=13692 Bug ID: 13692 Summary: Coverity scan for rsync-3.1.3 Product: rsync Version: 3.1.3 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: core Assignee: wayned at samba.org Reporter: mruprich at

... is attached. I've not had a chance to look at these yet. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 80 OCaml packages (the OPEN alternative to F#) -------------- next part -------------- An HTML attachment was scrubbed... URL:

https://bugzilla.mindrot.org/show_bug.cgi?id=3289 Bug ID: 3289 Summary: Patch fixing the issues found by coverity scan Product: Portable OpenSSH Version: 8.5p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Miscellaneous Assignee:

These two fixes are the final two outstanding issues in tools/firmware. They are both quite minor. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -- 1.7.10.4

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2581 Bug ID: 2581 Summary: Coverity patches from Fedora Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: sshd Assignee:

The first patch is a leftover from the switch to libxl__create_qemu_logfile, and while there it also handles possible errors when opening /dev/null. The second one is a fix for the issues present in do_daemonize. Thanks, Roger.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> CC: Keir Fraser <keir@xen.org> CC: Jan Beulich <JBeulich@suse.com> CC: Tim Deegan <tim@xen.org> CC: Ian Campbell <Ian.Campbell@citrix.com> CC: Ian Jackson <Ian.Jackson@eu.citrix.com> --- misc/coverity_model.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+)

Hi all, I'm not sure if you are aware, but libvorbis has been scanned by the Coverity static analysis team : http://scan.coverity.com/ For libvorbis, it found 8 possible bugs. To fix these bugs Coverity need a repesentative from the project to contact them for access to the coverity reporting facilities. The reason I am keen to see Xiph take up this challenge is that when all

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -- 1.7.10.4

Hi Michal 2012/1/10 Michal Hlavinka <mihl-guest at alioth.debian.org> > Author: mihl-guest > Date: Tue Jan 10 09:10:04 2012 > New Revision: 3383 > URL: http://trac.networkupstools.org/projects/nut/changeset/3383 > > Log: > Creating a branch for Coverity reported problems > I'm very interested there! Have you been able to get NUT part of the Coverity Scan

Hello, Some news about the various QA and packaging tools. * Ubuntu Saucy nightly packages are now also available on http://llvm.org/apt * All distributions have new packages: - lldb-3.4-dev - contains the LLDB headers to build software on top of this - python-clang-3.4 - provides the python / clang bindings * polly is built again but, for now, only for Debian unstable (I have to backport

There are a few other issues that Coverity found, but I believe all can be ignored ... except one: We don't set umask anywhere inside nbdkit. Coverity complains that this is a problem where we create temporary files, since the result of mkstemp depends implicitly on the umask value. I think we might consider setting umask anyway (eg. to 022) just to make plugin behaviour more predictable.

http://git.annexia.org/?p=libguestfs.git;a=blob;f=daemon/xattr.c;h=2b4882a0de0982b52e35c0527dec9b238d83066d;hb=HEAD#l284 Coverity complains about the strcpy on line 295: 295 strcpy (&pathname[path_len+1], names[k]); "Overrunning static array of size 4096 bytes at byte position 4096 by accessing with pointer "&pathname[path_len + 1UL]" through dereference in call to

http://git.annexia.org/?p=libguestfs.git;a=blob;f=daemon/debug.c;h=cd3e8a5f0294a910782b38552d2b0757869f862c;hb=HEAD#l430 Coverity complains about the error path from posix_memalign (lines 477-482) saying that 'buf' will be leaked. However my reading of the posix_memalign man page is that if the return value from posix_memalign != 0 then 'buf' would not have been allocated. Rich.

[Re-sending to the ext3 list, with minor edits] I'm in the process of fixing errors generated by the Coverity tool on the Linux kernel, and I would like your comment on a set of problems reported in ext3. The main issue reported is not checking the return code of ext3_journal_get_write_access() in various places. I would like to know if there should be error handling in these cases. The

From: "Richard W.M. Jones" <rjones at redhat.com> Since we copy dirname + "/" + path to a fixed buffer of size PATH_MAX, we need to check that the buffer cannot overflow. --- helper/appliance.c | 16 ++++++++++++---- 1 files changed, 12 insertions(+), 4 deletions(-) diff --git a/helper/appliance.c b/helper/appliance.c index c4d0b32..05ad3e5 100644 ---

Coverity generates false positives when read_atomic() and write_atomic() are called with pointers to objects smaller than 64 bits (because it can''t see that the 64-bit access in the switych statement is dead code). I don''t want to automatically suppress all ofthose, because read_atomic() and write_atomic() could still be called with mis-cast pointers, but for atomic_t accessors

Hey We have a static analyzer setup for Xen called Coverity. It allows the code to be inspected for bugs and such. Originally I setup this so that we could make sure that there are no bugs that cause security issues - and as such invited only folks on the security Xen mailing list. But there are other folks who I am sure would like to contribute and as Coverity is pretty amazing at analyzing