Discussion:
Coverity?
(too old to reply)
Henric Jungheim
2017-06-24 14:48:14 UTC
Permalink
At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode. Does anyone own this setup?

https://scan.coverity.com/projects/audacity
Martyn Shaw
2017-06-25 18:05:26 UTC
Permalink
Hi Henric

It would appear that I am an admin on Coverity for Audacity, although I
have not used it.

I logged in and changed the "Repository URL" to "
https://github.com/audacity/audacity" (and the Homepage URL). Does
anything else need to happen?

I think that Campbell Barton set this up for us.

TTFN
Martyn
Post by Henric Jungheim
At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode. Does anyone own this setup?
https://scan.coverity.com/projects/audacity
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Arturo 'Buanzo' Busleiman
2017-06-25 18:12:21 UTC
Permalink
Thank you Martyn. If you have privileges to add admins, maybe it would be
useful for me to have an account.

Cheers!
Post by Martyn Shaw
Hi Henric
It would appear that I am an admin on Coverity for Audacity, although I
have not used it.
I logged in and changed the "Repository URL" to "
https://github.com/audacity/audacity" (and the Homepage URL). Does
anything else need to happen?
I think that Campbell Barton set this up for us.
TTFN
Martyn
Post by Henric Jungheim
At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode. Does anyone own this setup?
https://scan.coverity.com/projects/audacity
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Martyn Shaw
2017-06-25 19:15:54 UTC
Permalink
Done!
Martyn
Post by Arturo 'Buanzo' Busleiman
Thank you Martyn. If you have privileges to add admins, maybe it would be
useful for me to have an account.
Cheers!
Post by Martyn Shaw
Hi Henric
It would appear that I am an admin on Coverity for Audacity, although I
have not used it.
I logged in and changed the "Repository URL" to "
https://github.com/audacity/audacity" (and the Homepage URL). Does
anything else need to happen?
I think that Campbell Barton set this up for us.
TTFN
Martyn
Post by Henric Jungheim
At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode. Does anyone own this setup?
https://scan.coverity.com/projects/audacity
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Arturo 'Buanzo' Busleiman
2017-06-26 13:33:08 UTC
Permalink
Yes, thank you Martyn!
Post by Martyn Shaw
Done!
Martyn
Post by Arturo 'Buanzo' Busleiman
Thank you Martyn. If you have privileges to add admins, maybe it would be
useful for me to have an account.
Cheers!
Post by Martyn Shaw
Hi Henric
It would appear that I am an admin on Coverity for Audacity, although I
have not used it.
I logged in and changed the "Repository URL" to "
https://github.com/audacity/audacity" (and the Homepage URL). Does
anything else need to happen?
I think that Campbell Barton set this up for us.
TTFN
Martyn
Post by Henric Jungheim
At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode. Does anyone own this setup?
https://scan.coverity.com/projects/audacity
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Henric Jungheim
2017-06-26 01:32:04 UTC
Permalink
To be really useful, some more recent builds have to be
analyzed and people need to look at the results. For the
former, perhaps this might be useful?

https://scan.coverity.com/travis_ci

For the latter, I'd be happy to take a look.

AppVeyor has the Coverity tools installed on the normal
build images, but I have no idea what it would take to set
that up. There is platform-specific code to interface with
audio drivers, and that kind of OS shim code is just the
place for hiding bugs. I'm not sure if there is a good
Xcode CI setup that would work well with Coverity Scan, but
it shouldn't be too hard to have someone run through it by
hand.

For more general code quality, this might be of interest:
http://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines

VS2015 and VS2017 have a checker for some of those
guidelines.
Post by Martyn Shaw
Hi Henric
It would appear that I am an admin on Coverity for Audacity, although I
have not used it.
I logged in and changed the "Repository URL" to
"[1]https://github.com/audacity/audacity" (and the Homepage URL).Â
Does anything else need to happen?
I think that Campbell Barton set this up for us.
TTFN
Martyn
At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode. Does anyone own this setup?
[3]https://scan.coverity.com/projects/audacity
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! [4]http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[6]https://lists.sourceforge.net/lists/listinfo/audacity-devel
References
1. https://github.com/audacity/audacity
3. https://scan.coverity.com/projects/audacity
4. http://sdm.link/slashdot
6. https://lists.sourceforge.net/lists/listinfo/audacity-devel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Arturo 'Buanzo' Busleiman
2017-06-26 13:32:52 UTC
Permalink
I had actually come across the C++ Core Guidelines, thru a post on
stackoverflow if my memory serves me right this weekend. Great work, indeed.
Post by Henric Jungheim
To be really useful, some more recent builds have to be
analyzed and people need to look at the results. For the
former, perhaps this might be useful?
https://scan.coverity.com/travis_ci
For the latter, I'd be happy to take a look.
AppVeyor has the Coverity tools installed on the normal
build images, but I have no idea what it would take to set
that up. There is platform-specific code to interface with
audio drivers, and that kind of OS shim code is just the
place for hiding bugs. I'm not sure if there is a good
Xcode CI setup that would work well with Coverity Scan, but
it shouldn't be too hard to have someone run through it by
hand.
http://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines
VS2015 and VS2017 have a checker for some of those
guidelines.
Post by Martyn Shaw
Hi Henric
It would appear that I am an admin on Coverity for Audacity, although
I
Post by Martyn Shaw
have not used it.
I logged in and changed the "Repository URL" to
"[1]https://github.com/audacity/audacity" (and the Homepage URL).Â
Does anything else need to happen?
I think that Campbell Barton set this up for us.
TTFN
Martyn
At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode. Does anyone own this setup?
[3]https://scan.coverity.com/projects/audacity
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! [4]http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[6]https://lists.sourceforge.net/lists/listinfo/audacity-devel
References
1. https://github.com/audacity/audacity
3. https://scan.coverity.com/projects/audacity
4. http://sdm.link/slashdot
6. https://lists.sourceforge.net/lists/listinfo/audacity-devel
------------------------------------------------------------
------------------
Post by Martyn Shaw
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Henric Jungheim
2017-06-26 19:21:56 UTC
Permalink
The data from the last official Audacity Coverity scan (from
May 18, 2014) and a new scan I ran on my x64 fork
(https://scan.coverity.com/projects/henricj-audacity) both
find two "out-of-bounds read" defects in AudioIO.cpp.
"RatesToTry[i]" after the for loop will have i ==
NumRatesToTry, which is past the end of the array.

https://github.com/audacity/audacity/blob/master/src/AudioIO.cpp#L2741
https://github.com/audacity/audacity/blob/master/src/AudioIO.cpp#L2807
Post by Henric Jungheim
To be really useful, some more recent builds have to be
analyzed and people need to look at the results. For the
former, perhaps this might be useful?
https://scan.coverity.com/travis_ci
For the latter, I'd be happy to take a look.
AppVeyor has the Coverity tools installed on the normal
build images, but I have no idea what it would take to set
that up. There is platform-specific code to interface with
audio drivers, and that kind of OS shim code is just the
place for hiding bugs. I'm not sure if there is a good
Xcode CI setup that would work well with Coverity Scan, but
it shouldn't be too hard to have someone run through it by
hand.
http://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines
VS2015 and VS2017 have a checker for some of those
guidelines.
Post by Martyn Shaw
Hi Henric
It would appear that I am an admin on Coverity for Audacity, although I
have not used it.
I logged in and changed the "Repository URL" to
"[1]https://github.com/audacity/audacity" (and the Homepage URL).Â
Does anything else need to happen?
I think that Campbell Barton set this up for us.
TTFN
Martyn
At some point, Coverity Scan was set up for Audacity.
Unfortunately, it is pointing to a non-existent SVN
repository on googlecode. Does anyone own this setup?
[3]https://scan.coverity.com/projects/audacity
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! [4]http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
[6]https://lists.sourceforge.net/lists/listinfo/audacity-devel
References
1. https://github.com/audacity/audacity
3. https://scan.coverity.com/projects/audacity
4. http://sdm.link/slashdot
6. https://lists.sourceforge.net/lists/listinfo/audacity-devel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
audacity-devel mailing list
https://lists.sourceforge.net/lists/listinfo/audacity-devel
Loading...