PVS-Studio team regularly checks different open projects and publishes articles on the results of these checks. This time, Andrey Karpov (CTO) accomplished the checking of some projects that are part of the Tizen operating system and has detected about 900 errors. The article is devoted to the review of many of these errors and will be useful both for beginners and experienced developers.
The types of errors that will be discussed in the article:
CWE-14: Compiler Removal of Code to Clear Buffers
CWE-131: Incorrect Calculation of Buffer Size
CWE-134 Use of Externally-Controlled Format String
CWE-393 Return of Wrong Status Code
CWE-457: Use of Uninitialized Variable
CWE-476: NULL Pointer Dereference
CWE-562: Return of Stack Variable Address
CWE-563: Assignment to Variable without Use ('Unused Variable')
CWE-570: Expression is Always False
CWE-571: Expression is Always True
CWE-690: Unchecked Return Value to NULL Pointer Dereference
CWE-697: Insufficient Comparison
CWE-762: Mismatched Memory Management Routines
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-805: Buffer Access with Incorrect Length Value
It is impossible to describe all the 900 errors, that is why most of them will be provided in a list. However, if you wish, you can examine each of the found defects, using the information provided about the location of the error.
According to the results, there is a prediction in the article, that the PVS-Studio analyzer can identify about 27000 errors in this project. This article demonstrates that during the development of the large projects, static analysis is not just a useful, but an absolutely necessary part of the development process. Get some coffee and cookies, as there is a programmer thriller waiting for us.
Link to the article: https://www.viva64.com/en/b/0519/