coverity介绍
静态源代码分析允许我们在软件开发周期的早期阶段发现和修复缺陷,节省数以百万计的相关成本。
coverity常见软件缺陷修复方法
对于一些不知道修复的缺陷,通过http://cwe.mitre.org/data/index.html网址输入id,查找该缺陷的具体含义,并找到解决方法。
- CWE-170: Improper Null Termination
字符串缺少终止字符,某些函数中访问字符串是以终止字符标记的,缺少的话,会导致越界访问,存在引发异常的风险。
<该例子引用http://cwe.mitre.org/data/definitions/170.html>
#define MAXLEN 1024
...
char *pathbuf[MAXLEN];
...
read(cfgfile,inputbuf,MAXLEN); //does not null terminate
strcpy(pathbuf,inputbuf); //requires null terminated input
...
- CWE-563: Assignment to Variable without Use
<该例子引用http://cwe.mitre.org/data/definitions/563.html>
r = getName();
r = getNewBuffer(buf);
- CWE-252: Unchecked Return Value
int returnChunkSize(void *) {
/* if chunk info is valid, return the size of usable memory,
1. else, return -1 to indicate an error
*/
...
}
int main() {
...
memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));
...
}
If returnChunkSize() happens to encounter an error it will return -1. Notice that the return value is not checked before the memcpy operation (CWE-252), so -1 can be passed as the size argument to memcpy() (CWE-805). Because memcpy() assumes that the value is unsigned, it will be interpreted as MAXINT-1 (CWE-195), and therefore will copy far more memory than is likely available to the destination buffer (CWE-787, CWE-788).
- CWE-367: Time-of-check Time-of-use (TOCTOU) Race C