Friday, May 23, 2025

COVERITY is not just a tool

 For all the Code developers in C language, may be you have heard of this tool already:







I came across this tool few years back and had been wanting to know it more.

Writing some of its features as available on net:

Coverity is a static code analysis tool from Synopsysused to identify and fix defects and security vulnerabilities in source code.

I also liked the detailed reporting done by this tool.

Defects that can be found by Coverity (list not complete):

Please comment if anyone wants to add more in this list.

  • resources leaks
  • dereferences of NULL pointers
  • incorrect usage of APIs
  • use of uninitialized data
  • memory corruptions
  • buffer overruns
  • control flow issues
  • error handling issues
  • incorrect expressions
  • concurrency issues
  • insecure data handling
  • unsafe use of signed values
  • use of resources that have been freed
  • wrong indentation
  • Missing break in switch case


  • Resource Leaks:
    Coverity Scan identifies memory leaks, where memory is allocated but never released, leading to potential performance problems and system crashes.
  • NULL Pointer Dereferences:
    Coverity Scan flags instances where a program attempts to access memory pointed to by a NULL pointer, resulting in crashes or undefined behavior.
  • API Usage Errors:
    Coverity Scan detects incorrect usage of APIs, including cases where the wrong parameters are passed, leading to unpredictable results or security vulnerabilities.
  • Uninitialized Data:
    Coverity Scan identifies code that uses data that has not been initialized, potentially leading to unpredictable program behavior.
  • Memory Corruption:
    Coverity Scan flags issues where memory is overwritten or altered unexpectedly, potentially leading to crashes or security exploits.
  • Buffer Overruns:
    Coverity Scan detects when code attempts to write beyond the allocated buffer size, potentially leading to memory corruption or crashes.
  • Control Flow Issues:
    Coverity Scan flags problems with the flow of control in the program, including cases where loops don't terminate correctly or where the program takes an unexpected branch.
  • Error Handling Problems:
    Coverity Scan identifies cases where error conditions are not handled properly, potentially leading to unexpected program behavior or security vulnerabilities.
  • Incorrect Expressions:
    Coverity Scan flags issues where expressions are not evaluated correctly, including cases where operators are used incorrectly or where the order of operations is not followed.
  • Concurrency Issues:
    Coverity Scan detects problems with concurrent code, including cases where multiple threads access shared resources without proper synchronization.
  • Insecure Data Handling:
    Coverity Scan flags issues where data is handled insecurely, potentially leading to security vulnerabilities.
  • Unsafe Use of Signed Values:
    Coverity Scan identifies cases where signed integer arithmetic is used unsafely, potentially leading to overflows or other errors.
  • Use of Freed Resources:
    Coverity Scan flags issues where code attempts to use resources that have already been freed.
Posted by at No comments:
Subscribe to: Posts (Atom)

Mindbox