The nice guys on Coverity did a new scan on curl (the 7.19.0 source code) and they dug a bunch of new flaws. The previous version they checked was 7.16.1, release some 20 months before. The new changes are not only because of how the code has changed in the mean time, but it seems their scanner have improved a bit since the last time as well!
Here’s a sample view of how libcurl might dereference a NULL pointer with a step-by-step explanation on what conditions that lead to the flaw:
They identify 22 flaws and I found it interesting to compare the top list of bad functions as reported by Coverity with the complexity list I showed the other day. First we need to ignore the 9 flaws Coverity found in the ‘curl’ tool code (i.e not within the library). Then the 10 remaining functions with flaws marked by Coverity are:
- Curl_getinfo (4 flaws, all the other ones have one each)
- Curl_cookie_add (present in the complexity top-10 table)
- FormAdd (present in the complexity top-10 table)
- parsedate
- ftp_parse_url_path
- tftp_do
- resolve_server
- curl_easy_pause
- add_closure
- Curl_connect
See? Only two of them were present in that list. The Coverity tool does in fact also count the complexity for each function, and while it doesn’t match the values pmccabe shows exactly, they seem to agree in general about what functions that are the most complex ones.
Ok, now let’s go work on fixing all these problems…