Stack Overflow
Stack Overflow

Questions tagged [coverity]

Coverity is a static code analysis tool for C, C++ and other programming languages.

Coverity is a static code analysis tool for C, C++ and other programming languages.

Synopsys offers a free online version of Coverity called Coverity Scan available for opensource projects.

322 questions
2
votes
0 answers

Security tool unsafe deserialization

Coverity shows the block of code with unsafe deserialization. Here the body that i am receiving is internal api call which it treats as external. but i am not sure how to get the fix. is there a way we can validate here so that it is acceptable. i…
Shashank Jain
  • 58
  • 10
2
votes
1 answer

C++ coverity issue STRING_OVERFLOW

I see a coverity issue for the following code: #define LEN 32 typedef char BUFFER[LEN+1]; void func(char* str) { BUFFER buf; strcpy((char*)buf, str); } The issue says - "Copy into fixed size buffer (STRING_OVERFLOW)" for the strcpy()…
Hrishikesh Bawane
  • 149
  • 3
  • 13
2
votes
1 answer

Calling a function with uninitalized struct variable as a parameter doesn't produce a warning

I have the following code in c++: #include typedef struct Pair{ int x; int y; }Pair; void dumFun(Pair p){} int main() { Pair p; if (0){ p = {1,2}; } dumFun(p); return 0; } …
Tuval4980
  • 71
  • 1
  • 4
2
votes
1 answer

How can I disable coverity checking using code annotation?

There is a problem, coverity finds an error (potential OoB) in the place of the code where semantically this problem cannot arise. Because of the static analyzer’s message, I don’t want to make an additional check for this place in the blueprint. Is…
Anton Mamedov
  • 23
  • 1
  • 3
2
votes
2 answers

Coverity. Configure to ignore certain sections of the source code

Looking for a way to configure coverity to ignore certain code sections. For example let's say I have source code with func1 and func2. I don't want coverity to analyse func1, but I still want it to analyse func2. Is there a way to do that? Is there…
TheLighthouse
  • 49
  • 1
  • 6
2
votes
1 answer

At what stage should coverity static analysis be done?

When should we do coverity static analysis (no build, buildless capture since we don't use compiled language) in our CI lifecycle? We have stages like test, build, deploy. What are the pros and cons of different approaches? This is for a django…
Sharat Naik
  • 67
  • 8
2
votes
1 answer

When using a SAST tool, why do we have to use a "build wrapper" for compiled languages (e.g. C/C++)?

I am new to SAST tools. It's amazing to run those tools and find out bugs that are sometimes obvious but we just didn't notice. While I know how to run the tools, I still have many questions in mind how these incredible tools work under the…
Walton C
  • 33
  • 5
2
votes
0 answers

Synopsys Coverity configuration with Azure DevOps Pipeline (Linux Agent)

I am new to working with Azure DevOps. I am trying to create a pipeline using Azure DevOps for Build a Linux project. In the pipeline I added Synopsys Coverity task for Coverity analysis. I also installed Coverity in my self hosted agent. I use the…
Koushik mondal
  • 187
  • 2
  • 10
2
votes
0 answers

Multiple markers at this line(C++) Regarding function

I'm getting the above error in my code. File Scope Prototypes static void pressure_val_update(void); The above prototype is been used in below function void ui_vcr_menu_update(const MENU_CONTROL_T *p, UINT8 HAL) { pressure_val_update(); …
Brgv
  • 21
  • 5
2
votes
1 answer

Coverity Scan Build Tool C/C++ instructions: sysctl vsyscall=emulate

The Troubleshooting section of the Coverity Scan Build Tool C/C++ instructions states: WARNING: Linux users on kernel version 4.8.x and newer will need to apply a sysctl parameter to support our binaries. Without this parameter, our binaries…
Dimitri
  • 161
  • 1
  • 3
2
votes
1 answer

coverity 2017.07 segfaults on debian buster and stretch

I was trying to update my coverity setup and I can't even run cov-build --help without it segfaulting. See the following asciinema for reproduction steps. I forgot to show that the md5sum matches in the asciinema, but I assure you it does. I did…
grim
  • 760
  • 4
  • 13
2
votes
1 answer

Coverity Command Line Commands / API documentation

I'm getting started with Coverity with a new job that I have but I'm having a terrible time trying to find documentation around this tool. I'm looking for command line tools / documentation for how to run coverity for scripting purposes. The end…
knapptimezzz
  • 51
  • 2
  • 8
2
votes
1 answer

Internal errors in Coverity when building C++11 code

I'm getting internal errors in Coverity when building a C++11 project. The log shows errors like this: Internal error #2688: assertion failed at: "edg/src/lower_name.c", line 4810 internal error #2688: assertion failed at: "edg/src/scope_stk.c",…
neverlord
  • 890
  • 6
  • 12
2
votes
1 answer

How do I use Coverity modelling to mark a method as non-returning?

I am using the free Coverity Scan service for a learning project and I would like to model a few methods as either always throwing exceptions, or calling internally System.exit(), hence non-returning, in order to get better results from Coverity's…
ddimitrov
  • 3,293
  • 3
  • 31
  • 46
2
votes
2 answers

MISRA warning 12.4: integer conversion resulted in truncation (negation operation)

In a huge macro I have in a program aimed for a 16-bit processor, the following code (simplified) appears several times: typedef unsigned short int uint16_t; uint16_t var; var = ~0xFFFF; MISRA complains with the warning 12.4: integer conversion…
Ben9000RPM
  • 101
  • 1
  • 8
1 2 3
21 22