Re: Fw: [nmap-svn] r6240 - nmap

[Fyodor <fyodor () insecure org>]

On Fri, Nov 16, 2007 at 12:26:30AM +0000, Brandon Enright wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey guys, this is awesome.  How did we manage a Coverity scan?

I met their Open Source Strategist David Maxwell at a Google Summer of
Code Summit and sweet talked him into scanning the Nmap code base :).
Then Kris volunteered to look over their report today and has so far
confirmed and fixed a number of issues they identified.  So it looks
like the effort is paying off, just in time for the stable release :).

Here are the types of issues Coverity reported when scanning SOC6
(many of these are, of course, false positives):

Defects found            : 32 Total
                            7 DEADCODE
                            8 FORWARD_NULL
                            3 NEGATIVE_RETURNS
                            2 NULL_RETURNS
                            2 OVERRUN_STATIC
                            4 RESOURCE_LEAK
                            2 REVERSE_INULL
                            1 UNINIT
                            3 USE_AFTER_FREE

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org