| * |
kortemik/OpenTechBFG |
NEGATIVE_RETURNS |
C/C++ |
Integer handling issues |
New feature implementation got stuck for days because old code had obscure implementation which caused debuging nightmare. ... |
View Defect |
| |
LiquidityC/flat |
RETURN_LOCAL |
C/C++ |
Memory - illegal accesses |
This was the kind of error that most likely would never cause a problem during development but could have wreaked havoc after a release. It would have been terrible to... |
View Defect |
| |
linux-next weekly scan |
NO_EFFECT |
C/C++ |
Control flow issues |
A simple decrement that wraps around causing an array overflow on lsm->lsm_oinfo[i[. The impact is double-edged - there is a read off the end of an array, and if that... |
View Defect |
| |
Keldo/DCT |
TAINTED_STRING |
C/C++ |
Insecure data handling |
None, this application is far to small to have any significant effect on a systems memory ... |
View Defect |
| |
TeskaLabs/Frame_Transporter |
MISSING_BREAK |
C/C++ |
Control flow issues |
This one is pretty awesome. It is a corner case that would flash once in the blue moon - but with serious impact on the production availability. This one alone... |
View Defect |
| |
cryfs/cryfs |
ORDER_REVERSAL |
C/C++ |
Program hangs |
We had some spurious hangs and never knew why. I would never have thought of looking at this piece of code if coverity hadn't found it.... |
View Defect |
| |
Ring |
RESOURCE_LEAK |
C/C++ |
Resource leaks |
Each call of the impacted function may consumes many bytes (it's a file path). This function is on a critical section related to the security and our application has an... |
View Defect |
| |
kmod |
STRING_OVERFLOW |
C/C++ |
Security best practices violations |
Buffer overflow and possibly corrupting the module database. Triggered the development of a new set of APIs (scratchbuf) inside the project to elegantly deal with stack + heap buffers.... |
View Defect |
| |
Linux |
DEADCODE |
C/C++ |
Control flow issues |
This error detected by CoverityScan detected a case where the driver would never run at the maximum CPI clock speed. The deadcode detection allowed me to easily spot the bug... |
View Defect |
| |
LabPlot |
NEGATIVE_RETURNS |
C/C++ |
Integer handling issues |
Negative index used in the code could result in a totally wrong behavior in the application. The occurrence of this wrong index was not seen in the code. With the... |
View Defect |
| |
GNUnet/gnunet |
CONSTANT_EXPRESSION_RESULT |
C/C++ |
Integer handling issues |
Prevents code to pick proper 2 GB memory allocation for very large quotas, resulting in possibly a very small (instead of very large) bit map being used, drastically reducing performance.... |
View Defect |
| |
!CHAOS Control System |
RESOURCE_LEAK |
C/C++ |
Resource leaks |
good found memory leaks... |
View Defect |
| |
LyX |
REVERSE_INULL |
C/C++ |
Null pointer dereferences |
This code will definitely crash due to a null pointer dereference in certain cases.... |
View Defect |
| |
wazuh/ossec-wazuh |
USE_AFTER_FREE |
C/C++ |
Memory - illegal accesses |
This pointer was the resaon of a memory leak... |
View Defect |
| |
ScummVM |
OVERRUN |
C/C++ |
Memory - illegal accesses |
Realy nice catch by Coverity. We've been getting report on the random crashes, and here it is, the swapped check for index and actual indexed array value. Thanks, Coverity!... |
View Defect |
| |
ScummVM |
USELESS_CALL |
C/C++ |
Incorrect expression |
An extremely nice thing which was discovered only by Coverity. We have 2 class methods: clear() which clears the surface and empty() which checks whether the surface is 0 size.... |
View Defect |
| |
freetds2 |
FORWARD_NULL |
C/C++ |
Null pointer dereferences |
This bug was quite hard to spot! This could allow the server to make the client crash due to the NULL pointer dereference.... |
View Defect |
| |
freetds2 |
TAINTED_STRING |
C/C++ |
Insecure data handling |
Although not a critical application this prevents a real SQL injection.... |
View Defect |
| |
FreeBSD |
UNINIT |
C/C++ |
Uninitialized variables |
We were using the wrong "pages in" counter FreeBSD's ZFS port:could cause performance issues.Luckily this is not production code ... yet.... |
View Defect |
| |
scilab |
ALLOC_FREE_MISMATCH |
C/C++ |
API usage errors |
Coverity's suggestion to fix this bug is to use a delete[] deallocator, but the concerned file is in C so that won't work. I have to revisit my code to... |
View Defect |
| |
FreeBSD |
UNINIT |
C/C++ |
Memory - illegal accesses |
It is pretty easy to miss such things when adding a new feature. It even looked as a false positive at first.... |
View Defect |
| |
WiredTiger |
DEADCODE |
C/C++ |
Control flow issues |
Found logically dead code that would never have been accessed. Allowing it to be removed. May never have occurred wiithout... |
View Defect |
| |
Linux |
UNINIT |
C/C++ |
Uninitialized variables |
This was potentially problematic, due to the assert on an uninitialized variable. But the much bigger win was that along with 4 other similar CIDs highlighted code replication; fixing the... |
View Defect |
| |
jirkadanek/Strongtalk |
ASSERT_SIDE_EFFECT |
C/C++ |
Incorrect expression |
This does not have any impact, because it is just an assert. It is kind of funny, though. And this error has been in the codebase for the last 9... |
View Defect |
| |
openfpm_pdata |
OVERRUN |
C/C++ |
Memory - corruptions |
Coverty scan correctly understood the logic of this code, and reported that the loop condition is wrong. In particular setHigh, set an internal array of size given by template parameter... |
View Defect |
| |
OpenOffice |
RESOURCE_LEAK |
C/C++ |
Resource leaks |
Memory leak: Coverity has found around 20!... |
View Defect |
| |
digiKam |
CHECKED_RETURN |
C/C++ |
Error handling issues |
This introduce severe dysfunctions in digiKam database interface which can let temp table create in DB while application is shutdown...... |
View Defect |
| |
gammu/gammu |
DEADCODE |
C/C++ |
Control flow issues |
The condition was silently wrong - it should have been if (*pos == 0) break;, but if (pos == 0) break; was used instead.... |
View Defect |
| |
CalebFenton/simplify |
FB.HE_EQUALS_USE_HASHCODE |
Java |
FindBugs: Bad practice |
This causes a VERY subtle and annoying correctness bug since these objects are stored in a hashmap.... |
View Defect |
| |
CalebFenton/simplify |
FORWARD_NULL |
Java |
Null pointer dereferences |
This fault is buried deep within some complex logic that makes it really hard to track. These types of problems usually lead to insidious correctness errors since exceptions are caught... |
View Defect |
| |
CalebFenton/simplify |
INVALIDATE_ITERATOR |
Java |
API usage errors |
This bug ONLY surfaces when debugging or running the program with her verbosity. The toString() method on an often inspected object can sometimes modify the object, and possibly go into... |
View Defect |
| |
scilab |
RESOURCE_LEAK |
C/C++ |
Resource leaks |
Allocated memory leaked in several cases. All of them were pinpointed by Coverity, kudos!... |
View Defect |
| |
ovirt-engine |
NULL_RETURNS |
Java |
Null pointer dereferences |
Possible Null Pointer exception was found in a feature in which I'm the feature owner. That exception could have rendered the entire feature non operational (And many log messages that... |
View Defect |
| |
vitamin-caig/zxtune |
UNUSED_VALUE |
C/C++ |
Code maintainability issues |
Unused value and previous write overwriting found in the defect meant error in algorithm.... |
View Defect |
| |
Zarafa |
COPY_PASTE_ERROR |
C/C++ |
Incorrect expression |
Coverity found a case where a copy/paste action went wrong. It could cause e-mails stored with incorrect names. That usually upsets customers.... |
View Defect |
| |
digiKam |
DEADCODE |
C/C++ |
Possible Control flow issues |
The code is dead and will be never processed because 'decoded' outside the scope and redefined in local. So 'decoded' will always false. Simple and excellent job. Congratulation !... |
View Defect |
| |
tcl |
COPY_PASTE_ERROR |
C/C++ |
Incorrect expression |
Setting an incorrect jump target leads to a certain crash if the code is exercised. Interestingly enough, this is a tiny corner case that was (obviously) NOT exercised in our... |
View Defect |
| |
xfsprogs |
DEADCODE |
C/C++ |
Control flow issues |
Relatively low, but also relatively hilarious - someone decided to "shut up" a GCC warning in 2006 by putting parentheses around an assignment used as a truth value, but misplaced... |
View Defect |
| |
GemRB |
UNUSED_VALUE |
C/C++ |
Incorrect expression |
Impact is low, just wanted to commend you! It would cause game actors to teleport to the wrong coordinates.... |
View Defect |
| |
!CHAOS Control System |
RESOURCE_LEAK |
C/C++ |
Resource leaks |
very useful to find this very horrible bug... |
View Defect |
| |
elbing/harvey |
UNINIT |
C/C++ |
Memory - illegal accesses |
in this case, we're using a pointer to memory which is not guaranteed to be zero, and potentially corrupting the malloc arena in the process. Fixed by setting name to... |
View Defect |
| |
elbing/harvey |
BUFFER_SIZE_WARNING |
C/C++ |
Memory - illegal accesses |
Oh joy. This is in the key management code which converts passwords. This has also been there forever.... |
View Defect |
| |
elbing/harvey |
UNINIT |
C/C++ |
Uninitialized variables |
This has been there for decade, and was shipped in a real product. And nobody every found it.... |
View Defect |
| |
Efm - jesus |
SIZEOF_MISMATCH |
C/C++ |
Incorrect expression |
This fixed weird behaviour that was really hard to find. It worked normally, but sometimes devices had cryptic types. valgrind wasnt that usefull because of its slowness. WELL done coverity... |
View Defect |
| |
KBibTeX |
COPY_PASTE_ERROR |
C/C++ |
Incorrect expression |
This copy&paste effect would have been virtually impossible to detect by a human reader -- the two variables that got mixed up had too similar names.... |
View Defect |
| |
niskyRobotics/javadeck |
INFINITE_LOOP |
Java |
Program hangs |
Detected an oversight while programming, that would have possibly caused severe hardware damage to a competition robot by not allowing the drivetrain to shut down.... |
View Defect |
| |
zaproxy/zaproxy |
COPY_PASTE_ERROR |
Java |
Incorrect expression |
Copy & paste errors might not often cause system crashes, but developer headaches. Unexpected behavior can be pain to hunt down when one of these is involved. I currently know... |
View Defect |
| |
jeroennijhof/pam_tacplus |
RESOURCE_LEAK |
C/C++ |
Resource leaks |
This is indeed a memory leak.... |
View Defect |
| |
curl |
TAINTED_SCALAR |
C/C++ |
Insecure data handling |
This turned out to be a security flaw, now known as CVE-2015-3237. Full description here: http://curl.haxx.se/docs/adv_20150617B.html It could make a malicious server fool a client to send off data from... |
View Defect |
| |
msoos/cryptominisat |
COPY_PASTE_ERROR |
C/C++ |
Incorrect expression |
Prototypical copy-paste error. I used code by someone else that I didn't fully understand (MIT licensed), and Coverity caught a bug I didn't even half understand but the fix was... |
View Defect |
| |
msoos/cryptominisat |
UNINIT |
C/C++ |
Uninitialized variables |
Variable "var" was uninitialized, then function that was supposed to fill it in was called. However, when that func failed, it filled a variable "val" and then printed that in... |
View Defect |
| |
TarotClub |
OVERRUN |
C/C++ |
Memory - corruptions |
Buffer overflow difficult to find by reading the code that would result a crash if path is too long. Good catch Coverity!... |
View Defect |
| |
OpenRA/OpenRA |
BAD_LOCK_OBJECT |
C# |
Unreliable locking behavior |
We didn't figure ourselves where those threading issues came from and tried to hide them with hacks. https://github.com/OpenRA/OpenRA/pull/3727 Now it can finally be properly fixed.... |
View Defect |
| |
gluster/glusterfs |
NULL_RETURNS |
C/C++ |
Null pointer dereferences |
It was causing glusterd daemon crash for glusterfs. with solve of this bug problems have gone. this patch have merged in upstream master branch. patch id. http://review.gluster.org/#/c/10201/ http://review.gluster.org/#/c/10578/ ... |
View Defect |
| |
FenixEdu/fenixedu-academic |
PATH_MANIPULATION |
Java |
High impact security |
Allowing users to specify a file to be downloaded in the Application Server's file system, leading to information leakage.... |
View Defect |
| |
digiKam |
TAINTED_SCALAR |
C/C++ |
Insecure data handling |
increase a lots the security of code ... |
View Defect |
| |
CombLayer |
DEADCODE |
C/C++ |
Control flow issues |
Typical "easy to spot if you know there is a problem error". The code processes a physics modification option line given either from the command line or file. The format... |
View Defect |
| |
xfsprogs |
BAD_SIZEOF |
C/C++ |
Incorrect expression |
With two string literals, "SGI_ACL_FILE" and "SGI_ACL_DEFAULT", the addition of the (unsigned char *) cast resulted in sizeof returning 7 (size of pointer minus one), rather than the length of... |
View Defect |
| |
Kodi |
OVERRUN |
C/C++ |
Memory - corruptions |
Impacts a highly used used area of our code which could cause problems when running for extended time. Coverity scan helps our developers finding issues like these. Although i'm only... |
View Defect |
| |
Kodi |
OVERRUN |
C/C++ |
Memory - illegal accesses |
We haven't noticed an impact of the bug but the out of bounds access has been present since at least 2009 without anybody spotting it. If it wasn't for coverity... |
View Defect |
| |
FreeBSD |
RESOURCE_LEAK |
C/C++ |
Resource leaks |
Resource leaks: I hate them, especially in libc, which is code you expect to be hot.... |
View Defect |
| |
kortemik/OpenTechBFG |
COPY_PASTE_ERROR |
C/C++ |
Incorrect expression |
Our code base contains a lot of copy paste mistakes, we are glad that there is a tool like coverity that can help to detect them. For a human it... |
View Defect |
| |
kortemik/OpenTechBFG |
RESOURCE_LEAK |
C/C++ |
Resource leaks |
Even documented "we don't need to care, I think" issue can become an issue when one does not check the background implementation. Coverity did help us find the cause for... |
View Defect |
| |
kortemik/OpenTechBFG |
FORWARD_NULL |
C/C++ |
Null pointer dereferences |
This defect on our template caused null pointer deferencing in over hundred use cases. Now that we can sort it out it will make our game more stable.... |
View Defect |
| |
Chocobo1/qBittorrent |
OVERRUN |
C/C++ |
Memory - illegal accesses |
Although the detected out-of-bounds access is not likely to be exploited; the important part is: Coverity give us a chance to rethink/review code section which we overlooked before and ultimately... |
View Defect |
| |
ssurface |
RESOURCE_LEAK |
C/C++ |
Resource leaks |
it was leading to a crash... |
View Defect |
| |
ssurface |
RESOURCE_LEAK |
C/C++ |
Resource leaks |
it was leading to a crash... |
View Defect |
| |
wxMathplot |
COPY_PASTE_ERROR |
C/C++ |
Incorrect expression |
Without coverity i probably would not have found this copy&paste error. Thanks for this checker. The impact of this issue would be a wrong positioned text message on the screen.... |
View Defect |
