Use Coverity SCAN on exiv2 code-base
|Status:||Closed||Start date:||06 Feb 2013|
|Assignee:||Mahesh Hegde||% Done:|
|Category:||coverity||Estimated time:||8.00 hours|
#2 Updated by Robin Mills about 6 years ago
I've done a build (from the trunk) and submitted the tar file for analysis. I got the happy little message: "Your request has been submitted. An email will be sent to firstname.lastname@example.org when it is complete."
I've also added myself as a user of the project "Exiv2" and got the equally happy little message: ".... an email will be send to Robin when ....".
There is something a little odd. The following page does not list Exiv2 as a project:http://scan.coverity.com/all-projects.html
However, perhaps this is because our tar ball has not been analysis yet. No project is listed with '0' lines analyzed.
I'll add Gilles as a user when I've received emails from Coverity.
#4 Updated by Gilles Caulier about 6 years ago
I take a look and It's clear that issue #982064 is a big priority. This is why i like this tool. Where 80% of report are minor, 10%-15% are major issue. It's that i can see with whole digiKam, where more that 700 items have been detected...
#6 Updated by Robin Mills about 6 years ago
Abhinav requested to be subscribed as a user of Exiv2 on Coverity. I added him of course.
I anybody else (Andreas?) wants to be added, please let me know.
If you're already registered with Coverity for another project, please let me know your Coverity username.
#8 Updated by Robin Mills over 4 years ago
- Assignee changed from Robin Mills to Mahesh Hegde
I'm going to assign this to Mahesh. He has already done work on this. When Mahesh's GSoC2013 Video Write code is promoted to the trunk (which I will undertake), Mahesh hopes to complete the elimination of all issues from Coverity Scan for v0.25.
#12 Updated by Robin Mills over 2 years ago
- Status changed from Assigned to New
- Assignee deleted (
I'm going to defer this for v0.27. I'm also removing Robin as the assignee. I hope to have a team hangout in October 2016 to deal with assignments for v0.27.
This issue is ranked 3 on "Desirable Features" for v0.27.
#13 Updated by Robin Mills over 2 years ago
- Status changed from New to Assigned
- Assignee set to Mahesh Hegde
I've talked to Mahesh and he's willing to work on this in 2017. Thank You, Mahesh for getting involved. A few points about this:
1) I ran this about 3 years ago. I don't remember much about it. However I suspect that initially there will be numerous issues. When they have been fixed, the reports will become shorter. New issues will be minor and infrequent.
2) When new issues appear, just report them on Redmine. They'll get fixed. You don't need to fix them unless you wish to fix them.
3) After a little while, it will probably be possible to get the buildserver to run a script periodically and publish the results.
4) This is one of those tasks that seems "invisible". You are enhancing the quality of the code base. When the code is "perfect", there will nothing to say about this! Silence is Golden
I'm am very willing to get involved if you need help with this task. If you're unable to spend time on this task, please assign it back to me so that I know that the issue is not being serviced.
#14 Updated by Robin Mills 4 months ago
- Status changed from Assigned to Closed
- Target version changed from 0.28 to 0.27
- % Done changed from 20 to 100
- Estimated time set to 8.00
I'm closing this issue as part of the Exiv2 v0.27 Review process. The primary focus of v0.27 has been security fixes. Many CVEs have been reported and fixed.
I'm closing everything relating the Coverity. Regrettably, Team Exiv2 has in-sufficient resources to deal with Coverity. I'd like to thank Mahesh for working on this.