[Kde-imaging] digiKam registered as new project for Coverity SCAN

Gilles Caulier caulier.gilles at gmail.com
Thu Feb 14 13:25:27 UTC 2013 

If you are not convinced by SCAN tool, i found 2 great infine loop bugs in
trace :

364void ImportFilterModel::slotRowsAboutToBeRemoved(const QModelIndex&
/*parent*/, int start, int end)
 365{
 366    QList<CamItemInfo> infos;
 367

non_progress_update: Update "i++" makes no progress toward falsifying the
loop condition "i > end".

CID 981140 (#1 of 1): Infinite loop (INFINITE_LOOP)loop_top: Top of the
loop.

loop_condition: If "i > end" is initially true then it will remain true.
368    for (int i = start; i > end; i++)
 369    {
 370        infos << camItemInfo(index(i, 0));

loop_bottom: Bottom of the loop.
371    }

...

352void ImportFilterModel::slotRowsInserted(const QModelIndex& /*parent*/,
int start, int end)
353{
354    QList<CamItemInfo> infos;
355

non_progress_update: Update "i++" makes no progress toward falsifying the
loop condition "i > end".

CID 981139 (#1 of 1): Infinite loop (INFINITE_LOOP)loop_top: Top of the
loop.

loop_condition: If "i > end" is initially true then it will remain true.
356    for (int i = start; i > end; i++)
357    {
358        infos << camItemInfo(index(i, 0));

loop_bottom: Bottom of the loop.
359    }

Gilles



2013/2/13 Gilles Caulier <caulier.gilles at gmail.com>

> Hi all developers,
>
> I registered digiKam to Coverity static analyse program dedicated for
> open-source project :
>
> http://scan.coverity.com/
> http://en.wikipedia.org/wiki/Coverity#Scan_.28Open_Source.29
>
> As you already see my previous mail about traces generated with this tool
> by Red Hat team, i step the stage to use Coverity as default static
> code analyzer to detect programming errors.
>
> I compiled and submitted a first tarball to SCAN web interface (500Mb of
> db file), and 30mns later i receive a mail to said that analyse is ready to
> be read through Coverity Connect Manager.
>
> Web interface is really nice to use and to parse important errors. It's
> really  more suitable than an export to text list as Red Hat sent me
> previously.
>
> I recommend to all developers who want to improve source code to take an
> account to Coverity SCAN web interface.
>
> To register you, please send me your information :
>
> - user name
> - email :
> - given name
> - family name
>
> ... in fact all information to field in this page :
> http://scan.coverity.com/create_user.html
>
> Later, when your account will be created, you will need to login to
> Connect Manager
>
> scan5.coverity.com:8080
>
> with your Username and a password sent to you in a private mail. You will
> be able to take a look to all trace generated by my scans loaded.
>
> I plan to process scan upload to Coverity server automatically each week
> end using a script, as other main Open-Source projects do...
>
> I waiting your info to process registration
>
> Best
>
> Gilles Caulier
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-imaging/attachments/20130214/43f4665c/attachment-0001.html>

More information about the Kde-imaging mailing list