search

chriskohlhoff / asio

Asio C++ Library
http://think-async.com/Asio
4.94k stars 1.22k forks source link

Coverity static analysis defects (Trac ticket #13331) #640

Open ghost opened 3 years ago

ghost commented 3 years ago

@mloskot commented on Sep 21, 2018, 8:51 AM UTC:

(copied from https://svn.boost.org/trac10/ticket/13331, only Asio's parts from the attached report)

Boost 1.57.0

A static analysis tool called Coverity found medium and high defects in the boost source code. See attached file for defect type, defect category, filename and line number of defect.

Defect Type Defect Category Line Number Filename
Unchecked return value from library Error handling issues 473 /boost/include/boost/asio/detail/impl/epoll_reactor.ipp
Unchecked return value from library Error handling issues 84 /boost/include/boost/asio/detail/impl/eventfd_select_interrupter.ipp
Unchecked return value from library Error handling issues 581 /boost/include/boost/asio/detail/impl/signal_set_service.ipp
Unchecked return value from library Error handling issues 500 /boost/include/boost/asio/detail/impl/epoll_reactor.ipp
Unitialized pointer field Unitialized members 54,55,58,59,60,62,606 /boost/include/boost/asio/detail/impl/epoll_reactor.ipp
Out-of-bounds access Memory-corruptions 385 /boost/include/boost/asio/impl/read_until.hpp
Out-of-bounds access Memory-corruptions 577 /boost/include/boost/asio/impl/read_until.hpp
Uninitialized scalar filed Uninitialized members 50 /boost/include/boost/asio/detail/timer_queue.hpp
Unchecked return value Error handling issues 46 /boost/include/boost/asio/detail/posix_mutex.hpp

This issue was moved by chriskohlhoff from boostorg/asio#148.

ghost commented 3 years ago

@vinniefalco commented on Oct 11, 2018, 3:09 PM UTC:

Boost version 1.57.0? Or do you mean 1.67.0?

ghost commented 3 years ago

@mloskot commented on Oct 12, 2018, 9:52 AM UTC:

I meant what I copied from the Trac ticket, without doing any verification though

image

ghost commented 3 years ago

@vinniefalco commented on Oct 12, 2018, 4:37 PM UTC:

Every Coverity anaysis on my own code that people have run for me, only turned up false positives. Your mileage may vary.

ghost commented 3 years ago

@mloskot commented on Oct 12, 2018, 7:24 PM UTC:

vinniefalco I am not the author of this analysis. This was just me cleaning up backlog of Trac tickets, split-moving this one to GitHub. Please, take it as FYI and do with it what you desire.