Coverity Uncovers More Problems In Mesa
A handful of memory-related issues were plugged up yesterday in Mesa thanks to the Coverity static code analysis tools.
A Radeon memory leak, use-after-free, uninitialized variable usage, and other problems were fixed up yesterday in the mainline Mesa cpde=base. These issues were spotted during an internal Coverity scan of the Mesa code-base at Red Hat. None of these newly discovered flaws though are critical in nature.
Coverity scans in the past have found dozens of problems in Mesa and hundreds of other free software projects.
For those unfamiliar with Coverity, their commercial static code analysis tool generally does a very good job at detecting bugs within C/C#/C++ and Java code-bases. While it's commercial closed-source software, they do scan open-source projects and have found thousands of bugs over the years. Coverity's Quality Advisor product is able to spot all sorts of errors from incorrect API usage, memory problems, null pointer dereferences, performance inefficiences, resource leaks, deadlocks, best practice coding errors, and code maintainability issues.
For those that may be looking for open-source alternatives to some of the features offered by the Coverity tools, one of the closest (and most hopeful) competitors would be LLVM's Clang compiler with its built-in static analyzer. Other useful static analysis tools that are open-source include cppcheck, Stanford's Saturn, and Calysto, among many others.
A Radeon memory leak, use-after-free, uninitialized variable usage, and other problems were fixed up yesterday in the mainline Mesa cpde=base. These issues were spotted during an internal Coverity scan of the Mesa code-base at Red Hat. None of these newly discovered flaws though are critical in nature.
Coverity scans in the past have found dozens of problems in Mesa and hundreds of other free software projects.
For those unfamiliar with Coverity, their commercial static code analysis tool generally does a very good job at detecting bugs within C/C#/C++ and Java code-bases. While it's commercial closed-source software, they do scan open-source projects and have found thousands of bugs over the years. Coverity's Quality Advisor product is able to spot all sorts of errors from incorrect API usage, memory problems, null pointer dereferences, performance inefficiences, resource leaks, deadlocks, best practice coding errors, and code maintainability issues.
For those that may be looking for open-source alternatives to some of the features offered by the Coverity tools, one of the closest (and most hopeful) competitors would be LLVM's Clang compiler with its built-in static analyzer. Other useful static analysis tools that are open-source include cppcheck, Stanford's Saturn, and Calysto, among many others.
3 Comments