Android Operating System: One Potential Vulnerability per 4000 Lines of C++ Code

 

For many years, Andrey Karpov has been publishing articles on code quality, and bugs reviews of open source projects. For example, he is the author of such publications as “The Ultimate Question of Programming, Refactoring, and Everything” and “27 000 Errors in the Tizen Operating System“.

image1

Recently, the open source Android operating system has become of interest for him. He researched that part of the operating system code, which is written in the C and C++ languages. After that he came to a conclusion, which always takes place after such research: human error is always possible. By using the PVS-Studio tool, it becomes possible to detect at least one security defect (potential vulnerability) per 4000 lines of code.

Continue reading

Static Analysis in Video Game Development: Top 10 Software Bugs

If you are a software developer working in the video game industry and wondering what else you could do to improve the quality of your product or make the development process easier and you don’t use static analysis – it’s just the right time to start doing so. You doubt that? OK, I’ll try to convince you. And if you are just looking to see what coding mistakes are common with video-game and game-engine developers, then you’re, again, at the right place: I have picked the most interesting ones for you.

Continue reading

Researcher Claims Samsung’s Tizen OS is Poorly Programmed; Contains 27,000 Bugs!

A researcher has claimed that Samsung’s Tizen operating system that runs on millions of Samsung products is so poorly programmed that it could contain nearly 27,000 programming errors, which could also lead to thousands of vulnerabilities.
image554542

Tizen is a Linux-based open-source operating system backed by Intel and Samsung Electronics, which has been in development since early 2012 and designed for smartphones, tablets, smart TVs, smart watches, cameras and PCs.

Continue reading

Top 10 bugs in C++ open source projects, checked in 2016

While the world is discussing the 89th Ceremony of Oscar award and charts of actors and costumes, we’ve decided to write a review article about the IT-sphere. The article is going to cover the most interesting bugs, made in open source projects in 2016. This year was remarkable for our tool, as PVS-Studio has become available on Linux OS. The errors we present are hopefully, already fixed, but every reader can see how serious are the errors made by developers.

Picture 6 Continue reading

The First Bug on Mars

In 1971, the USSR delivered the first planetary rovers on skis to Mars, whose task was to puncture the surface with a rod (housing a dynamic penetrometer and a radiation densitometer) to see if Mars was solid or liquid dusty. The first probe crashed on November 27; the second soft-landed on December 2 but didn’t manage to get out of the “shell” of the lander, so that attempt didn’t count.

image1

Continue reading

Fun and Bugs in Microsoft Word 1.1a

The Microsoft company made a present to all programmers eager to dig into some interesting stuff: they opened the source codes of MS-DOS v 1.1, v 2.0 and Word for Windows 1.1a. The MS-DOS operating system is written in an assembler, so the analyzer cannot be applied to it. But Word is written in C. Word 1.1a’s source codes are almost 25 years old, but we still managed to analyze it. There’s no practical use of it, of course. Just for fun.

hqdefault

Continue reading

One more tool is now free

Static code analyzers are tools that help programmers find bugs on the earliest stages of development.

We are happy to announce that now you can use PVS-Studio static code analyzer for free, for educational purposes, so that individual developers and enthusiastic teams could also fully use it. To find out how to use this tool for free – please read the following sections.

1f5ic0

Continue reading

Bug Inside: A Tiny Chance of a Huge Error on Pentium

“An average spreadsheet user could encounter this subtle flaw once in every 27,000 years of use.”

— Intel

“I give a scenario in which FDIV bugs are encountered once every three milliseconds or so.”

— Vaughan Pratt (SUN logo designer and coauthor of the Knuth-Morris-Pratt algorithm)

Picture 14

Continue reading

Why Windows 8 drivers have so many bugs

We have checked the Windows 8 Driver Samples pack with our PVS-Studio analyzer and found various bugs in its samples. There is nothing horrible about it – bugs can be found everywhere, so the title of this article may sound a bit high-flown. But these particular errors may be really dangerous, as it is a usual practice for developers to use demo samples as a basis for their own projects or borrow code fragments from them.

r1yl0r5

Continue reading

“Why is there no artificial intelligence yet?” Or, analysis of CNTK tool kit from Microsoft Research.

Microsoft have given open access to the source code of a tool kit that is used in the company to speed up the development of artificial intelligence: Computational Network Toolkit is now available at Github. The developers had to create their own custom solution, because the existing tools did not work fast enough.

Let’s have a look at the analysis results of the source code of this project, as done by our static code analyzer.

1e4e9l

Continue reading