Researcher Claims Samsung’s Tizen OS is Poorly Programmed; Contains 27,000 Bugs!

A researcher has claimed that Samsung’s Tizen operating system that runs on millions of Samsung products is so poorly programmed that it could contain nearly 27,000 programming errors, which could also lead to thousands of vulnerabilities.
image554542

Tizen is a Linux-based open-source operating system backed by Intel and Samsung Electronics, which has been in development since early 2012 and designed for smartphones, tablets, smart TVs, smart watches, cameras and PCs.

Continue reading

Top 10 bugs in C++ open source projects, checked in 2016

While the world is discussing the 89th Ceremony of Oscar award and charts of actors and costumes, we’ve decided to write a review article about the IT-sphere. The article is going to cover the most interesting bugs, made in open source projects in 2016. This year was remarkable for our tool, as PVS-Studio has become available on Linux OS. The errors we present are hopefully, already fixed, but every reader can see how serious are the errors made by developers.

Picture 6 Continue reading

Top 10 C# projects errors found in 2016

To measure the efficiency of our analyzer, and also to promote the methodology of static analysis, we regularly analyze open source projects for bugs and write articles about the results. 2016 was no exception. This year is especially important as it is the year of the “growth” of the C# analyzer. PVS-Studio has obtained a large number of new C# diagnostics, an improved virtual values mechanism (symbolic execution) and much more. Based on the results of our teamwork, I compiled a kind of chart of the most interesting bugs, found in various C# projects in 2016.

Picture 3

Continue reading

How to capture a variable in C# and not to shoot yourself in the foot

Back in 2005, with the release of C# 2.0 standard we got a possibility to pass a variable to the body of an anonymous delegate by capturing it from the current context. In 2008 the C# 3.0 brought us lambdas, user anonymous classes, LINQ requests and much more. Now it January, 2017 and the majority of C# developers are looking forward to the release of the C# 7.0 standard that should provide us a bunch of new useful features. However, there are still old features that need to be fixed. That’s why there are plenty of ways to shoot yourself in the foot. Today we are going to speak about one of them, and it is related with quite an unobvious mechanism of variable capture in the body of anonymous functions in C#.

Picture 1
Continue reading

The First Bug on Mars

In 1971, the USSR delivered the first planetary rovers on skis to Mars, whose task was to puncture the surface with a rod (housing a dynamic penetrometer and a radiation densitometer) to see if Mars was solid or liquid dusty. The first probe crashed on November 27; the second soft-landed on December 2 but didn’t manage to get out of the “shell” of the lander, so that attempt didn’t count.

image1

Continue reading

We continue checking Microsoft projects: analysis of PowerShell

It has become a “good tradition” for Microsoft to make their products open-source: CoreFX, .Net Compiler Platform (Roslyn), Code Contracts, MSBuild, and other projects. For us, the developers of PVS-Studio analyzer, it’s an opportunity to check well-known projects, tell people (including the project authors themselves) about the bugs we find, and additionally test our analyzer. Today we are going to talk about the errors found in another project by Microsoft, PowerShell.

4214_powershell20blore-logo_png-550x0

Continue reading

Flaws in Microsoft Code Contracts

We have successfully created and continue developing PVS-Studio analyzer for C/C++ languages. Over the time, it became clear that many of the diagnostics that we have implemented are not related to a specific programming language, so we decided to apply our experience to another programming language, namely C#. In this article, we are talking about the analysis of Code Contracts project by Microsoft done by our C# analyzer.

1fihzq

Continue reading

Analysis of .NET Core Libraries (CoreFX)

About a year ago Microsoft made the CoreCLR and CoreFX source code open. The latter project wasn’t of a big interest to us until recently, as it was written in C#, not in C++. But with the release of PVS-Studio 6.00 that now supports C# I decided to go back to the CoreFX and write an article about its analysis.

1e93eu Continue reading