various resource leaks, use-after-free
This report serves mostly as a tracker for the high-impact defects as found by Coverity [1], e.g., resource leaks, use-after-free, out-of-bounds access etc. Some of them might be insignificant.
Comments (16)
-
-
reporter I'll do some digging. Luckily, most (all?) of the issues are just chores.
-
reporter - edited description
-
-
assigned issue to
-
assigned issue to
-
@danwu Can you start a branch for the high-priority fixes shown by Coverity ?
-
Created branch danwu/coverity_fixes to start fixing the high-priority defects reported by Coverity. Could you please redirect Coverity to that branch so that we can monitor the updates (before it is merged to master)?
-
reporter Done. It builds once a week on Friday nights.
-
It seems that Coverity is still using MOAB master branch. CID 141389, 141391, 141395, 141396 should have been fixed in branch danwu/coverity_fixes.
-
reporter My bad. Resubmitted, tests currently running.
-
reporter @danwu Is this something you're still working on or can I switch back tests to master?
-
Most high-priority defects have been fixed, but there are still 4 left which are hard to fix (I tried to fix some of them but still marked by Coverity as defects). It is better for us to review these 4 defects to take further steps. No need to switch back to master at this time, as this branch can be easlily rebased with master if required.
-
reporter What happened to this?
-
I merged the fixes to master yesterday. And so the branch may come up as closed? You can run Coverity and other tools directly on master now. There are no other pending fixes.
-
reporter Ah, I'd missed that. Great!
I just did a new scan on master, and indeed many issues are solved now. Of couse, a handful new ones have appeared, too.
-
reporter - changed status to resolved
Let's just close this issue and take a look at https://scan.coverity.com/projects/moab?tab=overview once in a while.
-
Sounds good. The new defects are from PRs that were merged recently. I'll ask the contributors to fix the issues.
- Log in to comment
Yes Nico. We will start tackling the high priority ones first. We already went through multiple rounds of defect corrections with cppcheck and valgrind. If you have the time, feel free to submit PRs for any of the defects found by Coverity.