Potential issues from Coverity Static Analysis scan #17067
Labels
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
{{ message }}
I recently got a chance to run the bitcoin source code through Synopsys's static analysis tool, Coverity. I thought it'd be good to report some of the potential issues detected upstream. I am not a C++ expert, nor do I have the depth of the source-code here, so some of these may-be non-issues. Regardless, I'm reporting some of the "high" severity issues marked through the tool. Hoping someone with a deeper understanding of the code-base can better assess them and patch as necessary :)
https://github.com/bitcoin/bitcoin/blob/master/src/crypto/hmac_sha256.cpp#L14
and
https://github.com/bitcoin/bitcoin/blob/master/src/crypto/hmac_sha512.cpp#L14
https://github.com/bitcoin/bitcoin/blob/master/src/leveldb/table/table_builder.cc#L56
https://github.com/bitcoin/bitcoin/blob/master/src/leveldb/db/c.cc#L160
https://github.com/bitcoin/bitcoin/blob/master/src/key_io.cpp#L166 and https://github.com/bitcoin/bitcoin/blob/master/src/key_io.cpp#L189
There is also other "medium" and "low" severity issues that may or may not be patch worthy. If someone is interested, please email me or ping me on this issue.
The text was updated successfully, but these errors were encountered: