Stack Overflow
Stack Overflow

Questions tagged [coverity]

Coverity is a static code analysis tool for C, C++ and other programming languages.

Coverity is a static code analysis tool for C, C++ and other programming languages.

Synopsys offers a free online version of Coverity called Coverity Scan available for opensource projects.

322 questions
6
votes
1 answer

Coverity Scan Setup?

Coverity offers a free scanning service for free and open source projects (http://scan.coverity.com). I'm trying to configure a project for a scan according to Download Coverity Scan Self-Build. From their web page: For each build: cd to your…
jww
  • 97,681
  • 90
  • 411
  • 885
5
votes
1 answer

Why does using += on a nullable type result in a FORWARD_NULL defect

No doubt there are other, perhaps better ways to do this, but I'm trying to understand what is going on here. In the below example, coverity is reporting a FORWARD_NULL defect on the fourth line. double? foo = null; double bar = 1.23; foo +=…
Michael J.
  • 349
  • 1
  • 10
5
votes
2 answers

What is the meaning of coverity warning : RW.ROUTINE_NOT_EMITTED?

I am facing below coverity warning: Type: Parse recovery warning (RW.ROUTINE_NOT_EMITTED) Classification: Unclassified Severity: Unspecified Action: Undecided Owner: Unassigned Defect only exists locally. Not sure what this means ??
Pushpendra
  • 459
  • 1
  • 4
  • 18
5
votes
2 answers

Run Coverity scan for every Travis pull request build

I want to automate student assignment grading system as much as possible. Ideally these steps will be taken when submitting the assignment. Student forks my Github repository and modifies files Student pushes the local code to his repository and…
gkiko
  • 2,283
  • 3
  • 30
  • 50
4
votes
2 answers

Disable Rule 2.2 checker

My shop is using Coverity 2019.3. We have MISRA-C 2004 enabled. I want to disable MISRA-C 2004 Rule 2.2: Source code shall only use /* ... */ comments. The cov-analyze command has disable option, but it only shows checkers. For example, one could…
Thomas Matthews
  • 56,849
  • 17
  • 98
  • 154
4
votes
0 answers

How can I set up up components in Coverity Scan

I am trying to set up Coverity Scan for my Open Source project. I can produce a local build and upload it fine, all of that works. But I am unable to create components using Coverity's web UI. I tried adding components under the project's analysis…
Kristian Duske
  • 1,769
  • 9
  • 14
4
votes
1 answer

Suppress messages in Coverity using attributes?

We're using Coverity to analyze our C# code for defects. We have some unit-tests that explicitly verify that null-parameters are handled correctly. These are listed as defects by Coverity. If this was Microsofts own code analysis we could tag our…
Lasse V. Karlsen
  • 380,855
  • 102
  • 628
  • 825
4
votes
2 answers

Coverity Scan fails to build with _GNU_SOURCE defined

The Coverity Scan Build Tool fails to compile any C file that includes on Ubuntu 18.04 when _GNU_SOURCE is defined: $ cat > main.c #include int main() { } $ $ gcc -D_GNU_SOURCE=1 -o main main.c $ $…
Dimitri
  • 161
  • 1
  • 3
4
votes
1 answer

Can coverity tool scan python codebase for SCA and security issues?

Can coverity be used for scanning python code base. If yes, then what inputs to be given in cov-build command? It would be good to have whole sequence of cov commands for scanning python code.
user3820278
  • 41
  • 1
  • 3
4
votes
2 answers

Coverity and "Failed to initialize ICU, try using the --prevent-root option"

I have the bin directory in the build directory of my project. When I run the command ./bin/cov-build --dir cov-int make I get the following error - [ERROR] Failed to initialize ICU, try using the --prevent-root option.
Sid Gairola
  • 101
  • 1
  • 6
4
votes
1 answer

Coverity OpenSource Scan: Failed to retrieve tar file

We are trying to use the Coverity OpenSource service but have problems submitting our project files for analyses. Whenever submitting the project.tgz to the coverity (no matter whether this is done via the automation instruction or via the website…
js84
  • 3,676
  • 2
  • 19
  • 23
4
votes
1 answer

Resource leak when getting HttpContext.Current.User.Identity.Name

I use HttpContext to retrieve current user name of the coming HTTP request, however when running coverity analysis, it reports a resource leak. public class UsersController:ApiController { private string userName; public…
Bargitta
  • 2,266
  • 4
  • 22
  • 35
4
votes
1 answer

Does Coverity support xbuild (mono)?

I've a C# project: https://github.com/Pro/dkim-exchange It uses Travis CI: https://travis-ci.org/Pro/dkim-exchange Travis successfully builds my project. I wanted to set up Coverity to do automatic code quality measurements. For this I configured my…
Stefan Profanter
  • 6,458
  • 6
  • 41
  • 73
4
votes
2 answers

Add coverity scan to Qt app

I'm trying to add Coverity Scan static analysis to my Qt project but I'm not able to get the result. I download the coverity scan build tools and use the following command line: cov-build --dir cov-int make Which produces the following log: ... my…
Martin Delille
  • 11,360
  • 15
  • 65
  • 132
3
votes
0 answers

Coverity issues for Filesystem path, filename, or URI manipulation in C#, .NET Core

We had a Coverity scan performed in our code and found the issue related to "Filesystem path, filename, or URI manipulation" which is a high impact security issue. This is the code we had at first: var xxxFilesPath =…
ROY
  • 63
  • 8
1
2
3
21 22