Coverity?

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Coverity?

Henric Jungheim

At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode.  Does anyone own this setup?

https://scan.coverity.com/projects/audacity


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Coverity?

MartynShaw
Hi Henric

It would appear that I am an admin on Coverity for Audacity, although I have not used it.

I logged in and changed the "Repository URL" to "https://github.com/audacity/audacity" (and the Homepage URL).  Does anything else need to happen?

I think that Campbell Barton set this up for us.

TTFN
Martyn

On 24 June 2017 at 15:48, Henric Jungheim <[hidden email]> wrote:

At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode.  Does anyone own this setup?

https://scan.coverity.com/projects/audacity


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Coverity?

Arturo 'Buanzo' Busleiman
Administrator
Thank you Martyn. If you have privileges to add admins, maybe it would be useful for me to have an account.

Cheers!


On Sun, Jun 25, 2017 at 3:05 PM, Martyn Shaw <[hidden email]> wrote:
Hi Henric

It would appear that I am an admin on Coverity for Audacity, although I have not used it.

I logged in and changed the "Repository URL" to "https://github.com/audacity/audacity" (and the Homepage URL).  Does anything else need to happen?

I think that Campbell Barton set this up for us.

TTFN
Martyn

On 24 June 2017 at 15:48, Henric Jungheim <[hidden email]> wrote:

At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode.  Does anyone own this setup?

https://scan.coverity.com/projects/audacity


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Coverity?

MartynShaw
Done!
Martyn

On 25 June 2017 at 19:12, Arturo 'Buanzo' Busleiman <[hidden email]> wrote:
Thank you Martyn. If you have privileges to add admins, maybe it would be useful for me to have an account.

Cheers!


On Sun, Jun 25, 2017 at 3:05 PM, Martyn Shaw <[hidden email]> wrote:
Hi Henric

It would appear that I am an admin on Coverity for Audacity, although I have not used it.

I logged in and changed the "Repository URL" to "https://github.com/audacity/audacity" (and the Homepage URL).  Does anything else need to happen?

I think that Campbell Barton set this up for us.

TTFN
Martyn

On 24 June 2017 at 15:48, Henric Jungheim <[hidden email]> wrote:

At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode.  Does anyone own this setup?

https://scan.coverity.com/projects/audacity


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Coverity?

Henric Jungheim
In reply to this post by MartynShaw

To be really useful, some more recent builds have to be
analyzed and people need to look at the results.  For the
former, perhaps this might be useful?

   https://scan.coverity.com/travis_ci

For the latter, I'd be happy to take a look.

AppVeyor has the Coverity tools installed on the normal
build images, but I have no idea what it would take to set
that up.  There is platform-specific code to interface with
audio drivers, and that kind of OS shim code is just the
place for hiding bugs.  I'm not sure if there is a good
Xcode CI setup that would work well with Coverity Scan, but
it shouldn't be too hard to have someone run through it by
hand.

For more general code quality, this might be of interest:
   http://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines

VS2015 and VS2017 have a checker for some of those
guidelines.

On Sun, Jun 25, 2017 at 07:05:26PM +0100, Martyn Shaw wrote:

>    Hi Henric
>    It would appear that I am an admin on Coverity for Audacity, although I
>    have not used it.
>    I logged in and changed the "Repository URL" to
>    "[1]https://github.com/audacity/audacity" (and the Homepage URL).Â
>    Does anything else need to happen?
>    I think that Campbell Barton set this up for us.
>    TTFN
>    Martyn
>
>    On 24 June 2017 at 15:48, Henric Jungheim <[2][hidden email]>
>    wrote:
>
>      At some point, Coverity Scan was set up for Audacity.
>      Unfortunately, it is pointing to a non-existent SVN
>      repository on googlecode.  Does anyone own this setup?
>      [3]https://scan.coverity.com/projects/audacity
>      ------------------------------------------------------------
>      ------------------
>      Check out the vibrant tech community on one of the world's most
>      engaging tech sites, Slashdot.org! [4]http://sdm.link/slashdot
>      _______________________________________________
>      audacity-devel mailing list
>      [5][hidden email]
>      [6]https://lists.sourceforge.net/lists/listinfo/audacity-devel
>
> References
>
>    1. https://github.com/audacity/audacity
>    2. mailto:[hidden email]
>    3. https://scan.coverity.com/projects/audacity
>    4. http://sdm.link/slashdot
>    5. mailto:[hidden email]
>    6. https://lists.sourceforge.net/lists/listinfo/audacity-devel

> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot

> _______________________________________________
> audacity-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/audacity-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Coverity?

Arturo 'Buanzo' Busleiman
Administrator
I had actually come across the C++ Core Guidelines, thru a post on stackoverflow if my memory serves me right this weekend. Great work, indeed.



On Sun, Jun 25, 2017 at 10:32 PM, Henric Jungheim <[hidden email]> wrote:

To be really useful, some more recent builds have to be
analyzed and people need to look at the results.  For the
former, perhaps this might be useful?

   https://scan.coverity.com/travis_ci

For the latter, I'd be happy to take a look.

AppVeyor has the Coverity tools installed on the normal
build images, but I have no idea what it would take to set
that up.  There is platform-specific code to interface with
audio drivers, and that kind of OS shim code is just the
place for hiding bugs.  I'm not sure if there is a good
Xcode CI setup that would work well with Coverity Scan, but
it shouldn't be too hard to have someone run through it by
hand.

For more general code quality, this might be of interest:
   http://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines

VS2015 and VS2017 have a checker for some of those
guidelines.

On Sun, Jun 25, 2017 at 07:05:26PM +0100, Martyn Shaw wrote:
>    Hi Henric
>    It would appear that I am an admin on Coverity for Audacity, although I
>    have not used it.
>    I logged in and changed the "Repository URL" to
>    "[1]https://github.com/audacity/audacity" (and the Homepage URL).Â
>    Does anything else need to happen?
>    I think that Campbell Barton set this up for us.
>    TTFN
>    Martyn
>
>    On 24 June 2017 at 15:48, Henric Jungheim <[2][hidden email]>
>    wrote:
>
>      At some point, Coverity Scan was set up for Audacity.
>      Unfortunately, it is pointing to a non-existent SVN
>      repository on googlecode.  Does anyone own this setup?
>      [3]https://scan.coverity.com/projects/audacity
>      ------------------------------------------------------------
>      ------------------
>      Check out the vibrant tech community on one of the world's most
>      engaging tech sites, Slashdot.org! [4]http://sdm.link/slashdot
>      _______________________________________________
>      audacity-devel mailing list
>      [5][hidden email]
>      [6]https://lists.sourceforge.net/lists/listinfo/audacity-devel
>
> References
>
>    1. https://github.com/audacity/audacity
>    2. mailto:[hidden email]
>    3. https://scan.coverity.com/projects/audacity
>    4. http://sdm.link/slashdot
>    5. mailto:[hidden email]
>    6. https://lists.sourceforge.net/lists/listinfo/audacity-devel

> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot

> _______________________________________________
> audacity-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/audacity-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Coverity?

Arturo 'Buanzo' Busleiman
Administrator
In reply to this post by MartynShaw
Yes, thank you Martyn!


On Sun, Jun 25, 2017 at 4:15 PM, Martyn Shaw <[hidden email]> wrote:
Done!
Martyn

On 25 June 2017 at 19:12, Arturo 'Buanzo' Busleiman <[hidden email]> wrote:
Thank you Martyn. If you have privileges to add admins, maybe it would be useful for me to have an account.

Cheers!


On Sun, Jun 25, 2017 at 3:05 PM, Martyn Shaw <[hidden email]> wrote:
Hi Henric

It would appear that I am an admin on Coverity for Audacity, although I have not used it.

I logged in and changed the "Repository URL" to "https://github.com/audacity/audacity" (and the Homepage URL).  Does anything else need to happen?

I think that Campbell Barton set this up for us.

TTFN
Martyn

On 24 June 2017 at 15:48, Henric Jungheim <[hidden email]> wrote:

At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode.  Does anyone own this setup?

https://scan.coverity.com/projects/audacity


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Coverity?

Henric Jungheim
In reply to this post by Henric Jungheim

The data from the last official Audacity Coverity scan (from
May 18, 2014) and a new scan I ran on my x64 fork
(https://scan.coverity.com/projects/henricj-audacity) both
find two "out-of-bounds read" defects in AudioIO.cpp.
"RatesToTry[i]" after the for loop will have i ==
NumRatesToTry, which is past the end of the array.

https://github.com/audacity/audacity/blob/master/src/AudioIO.cpp#L2741
https://github.com/audacity/audacity/blob/master/src/AudioIO.cpp#L2807



On Sun, Jun 25, 2017 at 06:32:04PM -0700, Henric Jungheim wrote:

>
> To be really useful, some more recent builds have to be
> analyzed and people need to look at the results.  For the
> former, perhaps this might be useful?
>
>    https://scan.coverity.com/travis_ci
>
> For the latter, I'd be happy to take a look.
>
> AppVeyor has the Coverity tools installed on the normal
> build images, but I have no idea what it would take to set
> that up.  There is platform-specific code to interface with
> audio drivers, and that kind of OS shim code is just the
> place for hiding bugs.  I'm not sure if there is a good
> Xcode CI setup that would work well with Coverity Scan, but
> it shouldn't be too hard to have someone run through it by
> hand.
>
> For more general code quality, this might be of interest:
>    http://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines
>
> VS2015 and VS2017 have a checker for some of those
> guidelines.
>
> On Sun, Jun 25, 2017 at 07:05:26PM +0100, Martyn Shaw wrote:
> >    Hi Henric
> >    It would appear that I am an admin on Coverity for Audacity, although I
> >    have not used it.
> >    I logged in and changed the "Repository URL" to
> >    "[1]https://github.com/audacity/audacity" (and the Homepage URL).Â
> >    Does anything else need to happen?
> >    I think that Campbell Barton set this up for us.
> >    TTFN
> >    Martyn
> >
> >    On 24 June 2017 at 15:48, Henric Jungheim <[2][hidden email]>
> >    wrote:
> >
> >      At some point, Coverity Scan was set up for Audacity.
> >      Unfortunately, it is pointing to a non-existent SVN
> >      repository on googlecode.  Does anyone own this setup?
> >      [3]https://scan.coverity.com/projects/audacity
> >      ------------------------------------------------------------
> >      ------------------
> >      Check out the vibrant tech community on one of the world's most
> >      engaging tech sites, Slashdot.org! [4]http://sdm.link/slashdot
> >      _______________________________________________
> >      audacity-devel mailing list
> >      [5][hidden email]
> >      [6]https://lists.sourceforge.net/lists/listinfo/audacity-devel
> >
> > References
> >
> >    1. https://github.com/audacity/audacity
> >    2. mailto:[hidden email]
> >    3. https://scan.coverity.com/projects/audacity
> >    4. http://sdm.link/slashdot
> >    5. mailto:[hidden email]
> >    6. https://lists.sourceforge.net/lists/listinfo/audacity-devel
>
> > ------------------------------------------------------------------------------
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
> > _______________________________________________
> > audacity-devel mailing list
> > [hidden email]
> > https://lists.sourceforge.net/lists/listinfo/audacity-devel
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> audacity-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/audacity-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Loading...