Feature #883

Use Coverity SCAN on exiv2 code-base

Added by Robin Mills over 8 years ago. Updated over 2 years ago.

Target version:
Start date:
06 Feb 2013
Due date:
% Done:


Estimated time:
8.00 h

Associated revisions

Revision 2990 (diff)
Added by Robin Mills over 8 years ago

Issue: #883. Fix for Coverity Scan Issue:982065

Revision 2991 (diff)
Added by Robin Mills over 8 years ago

Issue: #883. Fix for Coverity Scan Issue:982064



Updated by Robin Mills over 8 years ago

I've filled in the registration form for Exiv2 and expect it'll be approved. Gilles has asked: "my SCAN account is cgilles. Can you add me to the project". Yes, I'll do that when the Exiv2 SCAN business is available.


Updated by Robin Mills over 8 years ago

I've done a build (from the trunk) and submitted the tar file for analysis. I got the happy little message: "Your request has been submitted. An email will be sent to when it is complete."

I've also added myself as a user of the project "Exiv2" and got the equally happy little message: ".... an email will be send to Robin when ....".

There is something a little odd. The following page does not list Exiv2 as a project:

However, perhaps this is because our tar ball has not been analysis yet. No project is listed with '0' lines analyzed.

I'll add Gilles as a user when I've received emails from Coverity.


Updated by Robin Mills over 8 years ago

Right. I've got the first build report and it can be accessed at: 80 issues to be examined (yuck, more work).

I've added Gilles as a user and I believe he'll be able to access the test report.


Updated by Gilles Caulier over 8 years ago

Thanks Robin,

I take a look and It's clear that issue #982064 is a big priority. This is why i like this tool. Where 80% of report are minor, 10%-15% are major issue. It's that i can see with whole digiKam, where more that 700 items have been detected...

Gilles Caulier


Updated by Robin Mills over 8 years ago

For sure this is a useful tool for code review. I'll start on the fixes on Sunday afternoon - when I get back from running in a 10K event.

I've written proposals for several GSoC projects in the forum.



Updated by Robin Mills over 8 years ago

Abhinav requested to be subscribed as a user of Exiv2 on Coverity. I added him of course.

I anybody else (Andreas?) wants to be added, please let me know.

If you're already registered with Coverity for another project, please let me know your Coverity username.


Updated by Robin Mills almost 8 years ago

  • Target version changed from 0.24 to 0.25

Some work has been done on this. However the GSoC 2013 projects have consumed the teams energy. I hope this issue will receive more attention for 0.25.


Updated by Robin Mills almost 7 years ago

  • Assignee changed from Robin Mills to Mahesh Hegde

I'm going to assign this to Mahesh. He has already done work on this. When Mahesh's GSoC2013 Video Write code is promoted to the trunk (which I will undertake), Mahesh hopes to complete the elimination of all issues from Coverity Scan for v0.25.


Updated by Alan Pater about 6 years ago

  • Category changed from build to coverity
  • Target version changed from 0.25 to 0.26
  • % Done changed from 0 to 20

Updated by Robin Mills almost 6 years ago

  • Target version changed from 0.26 to 1.0

I'm going to push this issue to v1.0. There is no reason to push for this to be ready for v0.26. Of course, I'll be delighted if it is done for v0.26.


Updated by Robin Mills about 5 years ago

  • Assignee changed from Mahesh Hegde to Robin Mills
  • Target version changed from 1.0 to 0.28

Updated by Robin Mills almost 5 years ago

  • Status changed from Assigned to New
  • Assignee deleted (Robin Mills)

I'm going to defer this for v0.27. I'm also removing Robin as the assignee. I hope to have a team hangout in October 2016 to deal with assignments for v0.27.

This issue is ranked 3 on "Desirable Features" for v0.27.


Updated by Robin Mills over 4 years ago

  • Status changed from New to Assigned
  • Assignee set to Mahesh Hegde

I've talked to Mahesh and he's willing to work on this in 2017. Thank You, Mahesh for getting involved. A few points about this:

1) I ran this about 3 years ago. I don't remember much about it. However I suspect that initially there will be numerous issues. When they have been fixed, the reports will become shorter. New issues will be minor and infrequent.
2) When new issues appear, just report them on Redmine. They'll get fixed. You don't need to fix them unless you wish to fix them.
3) After a little while, it will probably be possible to get the buildserver to run a script periodically and publish the results.
4) This is one of those tasks that seems "invisible". You are enhancing the quality of the code base. When the code is "perfect", there will nothing to say about this! Silence is Golden

I'm am very willing to get involved if you need help with this task. If you're unable to spend time on this task, please assign it back to me so that I know that the issue is not being serviced.


Updated by Robin Mills over 2 years ago

  • Status changed from Assigned to Closed
  • Target version changed from 0.28 to 0.27
  • % Done changed from 20 to 100
  • Estimated time set to 8.00 h

I'm closing this issue as part of the Exiv2 v0.27 Review process. The primary focus of v0.27 has been security fixes. Many CVEs have been reported and fixed.

I'm closing everything relating the Coverity. Regrettably, Team Exiv2 has in-sufficient resources to deal with Coverity. I'd like to thank Mahesh for working on this.

Also available in: Atom PDF