Mozilla and Coverity

Some of you might have noticed that on some of the checkins that are made recently the word coverity has been mentioned.

Coverity is a bug finding system that is capable of detecting defects and security vulnerabilities in the source code. Coverity detects at compile time bugs that will crash the system at runtime. Examples include memory leaks, use after frees, and illegal pointer accesses. Coverity also pinpoints security vulnerabilities in your source code that hackers can exploit. This eliminates serious problems such as denial of service, data/memory corruption and escalation of privileges in the earliest stage of development. Example vulnerabilities detected include buffer overruns, integer overflows, format string errors and SQL injections attacks and many more.

In collaboration with Stanford University, Coverity is scanning the Mozilla source code. This is great news for the Mozilla project. We're getting a free audit of the source code. This will improve the quality of the code and hopefully fix some of the bugs that still exists in the Mozilla source code.

The status of the Coverity scan as of today is:
- 232 total bugs
- 116 open bugs
- 99 fixed bugs

May 18, 2006 11:14 AM | Posted in Mozilla


Back Next


Are those links really correct?

Comment by Matthew Wilson at May 18, 2006 12:54 PM | Permalink

Matthew - 'coverity' is a keyword so you can easily search in Bugzilla for these bugs.

Site icon Comment by Robin at May 18, 2006 02:35 PM | Permalink

If you log into the Coverity system there are 528 outstanding problems. Some of the difference is caused by problems marked as fixed, but the fix hasn't yet made it through Bugzilla, CVS and back to Coverity for verification. Last time I looked mozilla/security had the highest number of hits with about 1/3 of them.

Comment by Jon Smirl at May 18, 2006 04:58 PM | Permalink

A big congrats to Coverity for finding all these bugs as well as the people fixing them. And while there are some Invalid, Duplicate, and Wontfix, this is a *good thing*.

Site icon Comment by alanjstr at May 20, 2006 07:38 AM | Permalink

Most (all?) of the Coverity bugs fixed didn't make it into the branch due to release timing. When will they be seen in a released code base? 1.8.1?

Comment by Steve at June 5, 2006 07:28 PM | Permalink

Post a comment

Remember Me?

Please enter the security code you see here

You're here: Home - Mozilla and Coverity
Get the Mozilla Firefox browser