The goal of this exercise is to familiarize yourself with the Coverity workflow.
A quick-and-dirty guide for getting started with Coverity can be found here.
Please, work in pairs!
You can submit your answers in Brightspace; the deadline for submission is Tuesday 16 April 2019, 12:00.
You can either submit your answers as a PDF file or as a report.txt
.
(don't forget to mention the student id of you and your partner)
An intrepid programmer has made some modifications to the same C program we looked at in the exercise from week 1. Analyse this program using Coverity, and examine the results in Coverity Connect.
#include <stdlib.h>
#include <stdio.h>
#include <math.h>
int data[1024];
void pushItemOfData(int newValue)
{
unsigned int i = 1024;
while (i >= 0) {
data[i] = data[i-- + 1];
}
data[0] = newValue;
}
int readData(int *dest, const char *fn)
{
FILE* f = fopen(fn, "r");
int count;
while(!feof(f)) {
char tmp[10];
int value;
fread(tmp, 10, 1, f);
value = atoi(tmp);
if(value <= 0) return count;
pushItemOfData(value);
count++;
}
fclose(f);
}
int main(int argc, char **argv)
{
readData(data, "data.txt");
return 0;
}
You can download this source code here.
In Exercise 1, you have already reviewed the function pushItemOfData
. Perform a similar code review for readData
.
Analyze the program using Coverity, and compare the results it finds with your manual review.
Describe the issues found by Coverity, and if possible propose a fix. (Optionally, you can try to analyze your fixed version.)
Can you find a functional defect in the code that is not reported by Coverity?