Down to 0 issues on Coverity Scan.
As of 7 January, we're down to 0 issues on Coverity Scan. This is great news!
In case you haven't heard of them, Coverity makes top-of-the-line static analysis tools (programs that analyse other programs looking for possible bugs). They're a big serious company, with a serious "enterprise" pricing structure. But, fortunately to us, they have a program to provide the use of these tools, free of charge, to selected open source projects. They've been scanning development snapshots of Tor for bugs since last September.
In September, they found 171 issues in our code. Many of these were just sloppiness in our unit tests' error handing, but a good fraction were real bugs in our main codebase, a couple of which could have resulted in crashes under unusual circumstances that probably would have been hard to debug. By December, we were down to 15 issues. Now we're at 0, at long last.
Congratulations and thanks to everybody who helped analyse and fix the bugs here, and many thanks to the administrators of Coverity Scan for helping us out.
Comments
Please note that the comment area below has been archived.
Blind?
AM I blind? I can't find Tor on that website.
I asked them the same
I asked them the same question back in December. It turns out they hadn't updated the official list (or most of the website) in a while. I wish they would, but I am glad that they are better at adding projects than updating their website.
I'm confused about
I'm confused about something: The Tor network reveals the IP addresses of all its relay nodes (look at the "View the Network" button in your Vidalia control panel). Doesn't this reveal all the nodes running Tor, and therefore any Tor client and their IP address? It would seem to me that any person or organization with the ability to track down each IP address in the Tor network would still be able to find the user that they are looking for. Am misunderstanding something?
Clients aren't nodes. Nodes
Clients aren't nodes. Nodes are volunteer-operated relays. Clients do not relay traffic by default.
There are about 1200 nodes, give or take. That's the list you see in Vidalia.[*] There are hundreds of thousands of clients. That list, you don't see.
[*] There are also nodes you don't see. Read up on "bridges" to learn more about these. The idea is to give people the option to run nodes that aren't advertised publicly in order to help people in censored countries.
Looks like there are more coverity bugs to fix next!
http://scan.coverity.com/ points to "rung 0", "rung 1", "rung 2". We have made it
to the end of rung 0. Now they've upgraded us to their newer scanning algorithm.
So, I suppose that means you should expect two more of these blogs posts,
sometime in the future! :)
hmm
I wasn't aware Coverity was an mmorpg. ;)
lol ;) gz anyway, well done,
lol ;)
gz anyway, well done, keep up the good work !
Changes in version 0.2.0.33
Changes in version 0.2.0.33 - 2009-01-21
o Security fixes:
- Fix a heap-corruption bug that may be remotely triggerable on
some platforms. Reported by Ilja van Sprundel.