Some of you may know about the Coverity Scan project. It’s something of advertising for Coverity, but it runs open source code through the Coverity Prevent static analyzer.
Last summer, one of their blog posts, they mentioned a potential strncmp bug in our code, which was fixed in 2.3.0 and later: https://communities.coverity.com/blogs/security/2012/07/19/more-defects-like-the-mysql-memcmp-vulnerability So it’s been a todo to get their scan build working. I submitted the first scan tonight. It’s not difficult, although their install instructions are lousy -- you have to get regex for your compiler right. (So g++-4.2 didn’t match g++?!) Right now: * 233 code quality issues * 43 security issues Some of these are likely false positives or errors in other code (e.g., Eigen) so I’ll do some quick triage. Anyhow, if you’d like me to add you to the members list, you can submit builds and/or see the defects. -Geoff --- Prof. Geoffrey Hutchison Department of Chemistry University of Pittsburgh tel: (412) 648-0492 email: geo...@pitt.edu web: http://hutchison.chem.pitt.edu/ ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ OpenBabel-Devel mailing list OpenBabel-Devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openbabel-devel
