← Back to team overview

maria-developers team mailing list archive

Re: Coverity scan results

 

Hi, Christian!

On Feb 06, Christian Convey wrote:
> Hey guys,
> 
> For those of you who missed it, I volunteered to try gettin MariaDB
> scanned as part of the Coverity Scan service.  I just got the trunk
> scanned for the first time, and a lot of potential-problem reports
> came up.  I did a spot check on one of them, and the report looks like
> a true-positive.
>
> Coverity Scan reports:
> 178 high-impact problems
> 1020 medium-impact problems
> 47 low-impact problems.

MySQL was under the Coverity Scan twice (at least twice - that's what
I've personally was involved in). The first report found about 300
defects, and about 200 of them were false positives, 50 of them were
real, and others were not in the MySQL code. The second has found only
about 20 defects, and only because Coverity has implemented new checkers
since the first scan.

I cannot believe that in the few years since the last report we've
introduced 1200 new defects.

> Any suggestions for how to get these looked at by the appropriate
> developers?  It seems crazy for me to enter 1000+ bug reports into the
> bug tracker.
> 
> I believe I have the power to create new user accounts in Coverity
> Scan's MariaDB project, for any MariaDB developer who wants to see the
> results.

Okay, you can create an account for me. But it would be better if you
could find which of those defects are real.

Regards,
Sergei



Follow ups

References