A guy sent an email to our support saying that the analyzer was producing four false positives at once on one line of his code.
Qt
A typo
Continue reading
Pointers are more abstract than you might expect in C
By Stefan Schulze Frielinghaus
A pointer references a location in memory and dereferencing a pointer refers to the lookup of the value of the memory location the pointer references. The value of a pointer is a memory address. The C standard does not define the representation of a memory address. This is crucial since not every architecture makes use of the same memory addressing paradigm. Most modern architectures make use of a linear address space or something similar. Still, even this is not precise enough since you might want to talk about physical or virtual addresses. Some architectures make even use of non-numeric addresses. For example, the Symbolics Lisp Machine makes use of tuples of the form (object, offset) as addresses.
Android Operating System: One Potential Vulnerability per 4000 Lines of C++ Code
For many years, Andrey Karpov has been publishing articles on code quality, and bugs reviews of open source projects. For example, he is the author of such publications as “The Ultimate Question of Programming, Refactoring, and Everything” and “27 000 Errors in the Tizen Operating System“.
Recently, the open source Android operating system has become of interest for him. He researched that part of the operating system code, which is written in the C and C++ languages. After that he came to a conclusion, which always takes place after such research: human error is always possible. By using the PVS-Studio tool, it becomes possible to detect at least one security defect (potential vulnerability) per 4000 lines of code.
Android
Conversion error between little-endian and big-endian data formats
Continue reading
Amazon Lumberyard
A couple of memory-handling defects
Continue reading
Static Analysis in Video Game Development: Top 10 Software Bugs
If you are a software developer working in the video game industry and wondering what else you could do to improve the quality of your product or make the development process easier and you don’t use static analysis – it’s just the right time to start doing so. You doubt that? OK, I’ll try to convince you. And if you are just looking to see what coding mistakes are common with video-game and game-engine developers, then you’re, again, at the right place: I have picked the most interesting ones for you.
Krita 4.0
Problems with Null Pointers
Continue reading
Unity
Early nullifying
Continue reading
XNU Kernel
Null pointer dereference
Continue reading
