billziss-gh
commented
2 years ago Thanks for the suggestion and sorry for the long delay in responding.
I am trying to assess whether registering with Coverity would provide value to this project. Looking at the links you provided I see that Coverity identified some defects, but it is not obvious how to drill down and get details about the defects. For example, in the btrfs-next link there is a defect identified as "Buffer Copy without Checking Size of Input". However there is no detail where in the code the defect is or why the tool decided that the defect exists.
I also note that unfortunately static analysis tools often do not do well with projects like WinFsp. Many of them simply do not handle Windows kernel mode well and even if they do they do not handle file system drivers well. Even Microsoft's own static analysis tools have many failings in that regard.
In my experience the best way to minimize Windows driver defects (other than a rigorous test suite) is to consistently develop and test under the Driver Verifier. I do this with WinFsp religiously.
Enhancement Request
Coverity offers free scan to open source projects, for example btrfs-next and kvm-guest-drivers-windows Please register this project to Coverity Scan , it will be of benefit to the users and developers.