Success Stories: Sample of Defects found and fixed

Project Checker Name Language Category Developer Description  
kortemik/OpenTechBFG NEGATIVE_RETURNS C/C++ Integer handling issues New feature implementation got stuck for days because old code had obscure implementation which caused debuging nightmare. ...  View Defect
  LiquidityC/flat RETURN_LOCAL C/C++ Memory - illegal accesses This was the kind of error that most likely would never cause a problem during development but could have wreaked havoc after a release. It would have been terrible to...  View Defect
  linux-next weekly scan NO_EFFECT C/C++ Control flow issues A simple decrement that wraps around causing an array overflow on lsm->lsm_oinfo[i[. The impact is double-edged - there is a read off the end of an array, and if that...  View Defect
  Keldo/DCT TAINTED_STRING C/C++ Insecure data handling None, this application is far to small to have any significant effect on a systems memory ...  View Defect
  TeskaLabs/Frame_Transporter MISSING_BREAK C/C++ Control flow issues This one is pretty awesome. It is a corner case that would flash once in the blue moon - but with serious impact on the production availability. This one alone...  View Defect
  cryfs/cryfs ORDER_REVERSAL C/C++ Program hangs We had some spurious hangs and never knew why. I would never have thought of looking at this piece of code if coverity hadn't found it....  View Defect
  Ring RESOURCE_LEAK C/C++ Resource leaks Each call of the impacted function may consumes many bytes (it's a file path). This function is on a critical section related to the security and our application has an...  View Defect
  kmod STRING_OVERFLOW C/C++ Security best practices violations Buffer overflow and possibly corrupting the module database. Triggered the development of a new set of APIs (scratchbuf) inside the project to elegantly deal with stack + heap buffers....  View Defect
  Linux DEADCODE C/C++ Control flow issues This error detected by CoverityScan detected a case where the driver would never run at the maximum CPI clock speed. The deadcode detection allowed me to easily spot the bug...  View Defect
  LabPlot NEGATIVE_RETURNS C/C++ Integer handling issues Negative index used in the code could result in a totally wrong behavior in the application. The occurrence of this wrong index was not seen in the code. With the...  View Defect
  GNUnet/gnunet CONSTANT_EXPRESSION_RESULT C/C++ Integer handling issues Prevents code to pick proper 2 GB memory allocation for very large quotas, resulting in possibly a very small (instead of very large) bit map being used, drastically reducing performance....  View Defect
  !CHAOS Control System RESOURCE_LEAK C/C++ Resource leaks good found memory leaks...  View Defect
  LyX REVERSE_INULL C/C++ Null pointer dereferences This code will definitely crash due to a null pointer dereference in certain cases....  View Defect
  wazuh/ossec-wazuh USE_AFTER_FREE C/C++ Memory - illegal accesses This pointer was the resaon of a memory leak...  View Defect
  ScummVM OVERRUN C/C++ Memory - illegal accesses Realy nice catch by Coverity. We've been getting report on the random crashes, and here it is, the swapped check for index and actual indexed array value. Thanks, Coverity!...  View Defect
  ScummVM USELESS_CALL C/C++ Incorrect expression An extremely nice thing which was discovered only by Coverity. We have 2 class methods: clear() which clears the surface and empty() which checks whether the surface is 0 size....  View Defect
  freetds2 FORWARD_NULL C/C++ Null pointer dereferences This bug was quite hard to spot! This could allow the server to make the client crash due to the NULL pointer dereference....  View Defect
  freetds2 TAINTED_STRING C/C++ Insecure data handling Although not a critical application this prevents a real SQL injection....  View Defect
  FreeBSD UNINIT C/C++ Uninitialized variables We were using the wrong "pages in" counter FreeBSD's ZFS port:could cause performance issues.Luckily this is not production code ... yet....  View Defect
  scilab ALLOC_FREE_MISMATCH C/C++ API usage errors Coverity's suggestion to fix this bug is to use a delete[] deallocator, but the concerned file is in C so that won't work. I have to revisit my code to...  View Defect
  FreeBSD UNINIT C/C++ Memory - illegal accesses It is pretty easy to miss such things when adding a new feature. It even looked as a false positive at first....  View Defect
  WiredTiger DEADCODE C/C++ Control flow issues Found logically dead code that would never have been accessed. Allowing it to be removed. May never have occurred wiithout...  View Defect
  Linux UNINIT C/C++ Uninitialized variables This was potentially problematic, due to the assert on an uninitialized variable. But the much bigger win was that along with 4 other similar CIDs highlighted code replication; fixing the...  View Defect
  jirkadanek/Strongtalk ASSERT_SIDE_EFFECT C/C++ Incorrect expression This does not have any impact, because it is just an assert. It is kind of funny, though. And this error has been in the codebase for the last 9...  View Defect
  openfpm_pdata OVERRUN C/C++ Memory - corruptions Coverty scan correctly understood the logic of this code, and reported that the loop condition is wrong. In particular setHigh, set an internal array of size given by template parameter...  View Defect
  OpenOffice RESOURCE_LEAK C/C++ Resource leaks Memory leak: Coverity has found around 20!...  View Defect
  digiKam CHECKED_RETURN C/C++ Error handling issues This introduce severe dysfunctions in digiKam database interface which can let temp table create in DB while application is shutdown......  View Defect
  gammu/gammu DEADCODE C/C++ Control flow issues The condition was silently wrong - it should have been if (*pos == 0) break;, but if (pos == 0) break; was used instead....  View Defect
  CalebFenton/simplify FB.HE_EQUALS_USE_HASHCODE Java FindBugs: Bad practice This causes a VERY subtle and annoying correctness bug since these objects are stored in a hashmap....  View Defect
  CalebFenton/simplify FORWARD_NULL Java Null pointer dereferences This fault is buried deep within some complex logic that makes it really hard to track. These types of problems usually lead to insidious correctness errors since exceptions are caught...  View Defect
  CalebFenton/simplify INVALIDATE_ITERATOR Java API usage errors This bug ONLY surfaces when debugging or running the program with her verbosity. The toString() method on an often inspected object can sometimes modify the object, and possibly go into...  View Defect
  scilab RESOURCE_LEAK C/C++ Resource leaks Allocated memory leaked in several cases. All of them were pinpointed by Coverity, kudos!...  View Defect
  ovirt-engine NULL_RETURNS Java Null pointer dereferences Possible Null Pointer exception was found in a feature in which I'm the feature owner. That exception could have rendered the entire feature non operational (And many log messages that...  View Defect
  vitamin-caig/zxtune UNUSED_VALUE C/C++ Code maintainability issues Unused value and previous write overwriting found in the defect meant error in algorithm....  View Defect
  Zarafa COPY_PASTE_ERROR C/C++ Incorrect expression Coverity found a case where a copy/paste action went wrong. It could cause e-mails stored with incorrect names. That usually upsets customers....  View Defect
  digiKam DEADCODE C/C++ Possible Control flow issues The code is dead and will be never processed because 'decoded' outside the scope and redefined in local. So 'decoded' will always false. Simple and excellent job. Congratulation !...  View Defect
  tcl COPY_PASTE_ERROR C/C++ Incorrect expression Setting an incorrect jump target leads to a certain crash if the code is exercised. Interestingly enough, this is a tiny corner case that was (obviously) NOT exercised in our...  View Defect
  xfsprogs DEADCODE C/C++ Control flow issues Relatively low, but also relatively hilarious - someone decided to "shut up" a GCC warning in 2006 by putting parentheses around an assignment used as a truth value, but misplaced...  View Defect
  GemRB UNUSED_VALUE C/C++ Incorrect expression Impact is low, just wanted to commend you! It would cause game actors to teleport to the wrong coordinates....  View Defect
  !CHAOS Control System RESOURCE_LEAK C/C++ Resource leaks very useful to find this very horrible bug...  View Defect
  elbing/harvey UNINIT C/C++ Memory - illegal accesses in this case, we're using a pointer to memory which is not guaranteed to be zero, and potentially corrupting the malloc arena in the process. Fixed by setting name to...  View Defect
  elbing/harvey BUFFER_SIZE_WARNING C/C++ Memory - illegal accesses Oh joy. This is in the key management code which converts passwords. This has also been there forever....  View Defect
  elbing/harvey UNINIT C/C++ Uninitialized variables This has been there for decade, and was shipped in a real product. And nobody every found it....  View Defect
  Efm - jesus SIZEOF_MISMATCH C/C++ Incorrect expression This fixed weird behaviour that was really hard to find. It worked normally, but sometimes devices had cryptic types. valgrind wasnt that usefull because of its slowness. WELL done coverity...  View Defect
  KBibTeX COPY_PASTE_ERROR C/C++ Incorrect expression This copy&paste effect would have been virtually impossible to detect by a human reader -- the two variables that got mixed up had too similar names....  View Defect
  niskyRobotics/javadeck INFINITE_LOOP Java Program hangs Detected an oversight while programming, that would have possibly caused severe hardware damage to a competition robot by not allowing the drivetrain to shut down....  View Defect
  zaproxy/zaproxy COPY_PASTE_ERROR Java Incorrect expression Copy & paste errors might not often cause system crashes, but developer headaches. Unexpected behavior can be pain to hunt down when one of these is involved. I currently know...  View Defect
  jeroennijhof/pam_tacplus RESOURCE_LEAK C/C++ Resource leaks This is indeed a memory leak....  View Defect
  curl TAINTED_SCALAR C/C++ Insecure data handling This turned out to be a security flaw, now known as CVE-2015-3237. Full description here: It could make a malicious server fool a client to send off data from...  View Defect
  msoos/cryptominisat COPY_PASTE_ERROR C/C++ Incorrect expression Prototypical copy-paste error. I used code by someone else that I didn't fully understand (MIT licensed), and Coverity caught a bug I didn't even half understand but the fix was...  View Defect
  msoos/cryptominisat UNINIT C/C++ Uninitialized variables Variable "var" was uninitialized, then function that was supposed to fill it in was called. However, when that func failed, it filled a variable "val" and then printed that in...  View Defect
  TarotClub OVERRUN C/C++ Memory - corruptions Buffer overflow difficult to find by reading the code that would result a crash if path is too long. Good catch Coverity!...  View Defect
  OpenRA/OpenRA BAD_LOCK_OBJECT C# Unreliable locking behavior We didn't figure ourselves where those threading issues came from and tried to hide them with hacks. Now it can finally be properly fixed....  View Defect
  gluster/glusterfs NULL_RETURNS C/C++ Null pointer dereferences It was causing glusterd daemon crash for glusterfs. with solve of this bug problems have gone. this patch have merged in upstream master branch. patch id. ...  View Defect
  FenixEdu/fenixedu-academic PATH_MANIPULATION Java High impact security Allowing users to specify a file to be downloaded in the Application Server's file system, leading to information leakage....  View Defect
  digiKam TAINTED_SCALAR C/C++ Insecure data handling increase a lots the security of code ...  View Defect
  CombLayer DEADCODE C/C++ Control flow issues Typical "easy to spot if you know there is a problem error". The code processes a physics modification option line given either from the command line or file. The format...  View Defect
  xfsprogs BAD_SIZEOF C/C++ Incorrect expression With two string literals, "SGI_ACL_FILE" and "SGI_ACL_DEFAULT", the addition of the (unsigned char *) cast resulted in sizeof returning 7 (size of pointer minus one), rather than the length of...  View Defect
  Kodi OVERRUN C/C++ Memory - corruptions Impacts a highly used used area of our code which could cause problems when running for extended time. Coverity scan helps our developers finding issues like these. Although i'm only...  View Defect
  Kodi OVERRUN C/C++ Memory - illegal accesses We haven't noticed an impact of the bug but the out of bounds access has been present since at least 2009 without anybody spotting it. If it wasn't for coverity...  View Defect
  FreeBSD RESOURCE_LEAK C/C++ Resource leaks Resource leaks: I hate them, especially in libc, which is code you expect to be hot....  View Defect
  kortemik/OpenTechBFG COPY_PASTE_ERROR C/C++ Incorrect expression Our code base contains a lot of copy paste mistakes, we are glad that there is a tool like coverity that can help to detect them. For a human it...  View Defect
  kortemik/OpenTechBFG RESOURCE_LEAK C/C++ Resource leaks Even documented "we don't need to care, I think" issue can become an issue when one does not check the background implementation. Coverity did help us find the cause for...  View Defect
  kortemik/OpenTechBFG FORWARD_NULL C/C++ Null pointer dereferences This defect on our template caused null pointer deferencing in over hundred use cases. Now that we can sort it out it will make our game more stable....  View Defect
  Chocobo1/qBittorrent OVERRUN C/C++ Memory - illegal accesses Although the detected out-of-bounds access is not likely to be exploited; the important part is: Coverity give us a chance to rethink/review code section which we overlooked before and ultimately...  View Defect
  ssurface RESOURCE_LEAK C/C++ Resource leaks it was leading to a crash...  View Defect
  ssurface RESOURCE_LEAK C/C++ Resource leaks it was leading to a crash...  View Defect
  wxMathplot COPY_PASTE_ERROR C/C++ Incorrect expression Without coverity i probably would not have found this copy&paste error. Thanks for this checker. The impact of this issue would be a wrong positioned text message on the screen....  View Defect