homepage Welcome to WebmasterWorld Guest from 54.205.247.203
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Browsers / Firefox Browser Usage and Support
Forum Library, Charter, Moderators: incrediBILL

Firefox Browser Usage and Support Forum

    
655 bugs and 71 security issues in Firefox source code
At least in theory...
pmkpmk




msg:3077183
 12:15 pm on Sep 9, 2006 (gmt 0)

US and Canada based company "Klocwork" is currently evaluating popular Open Source packages with their source-code analysis tool "K7". One of their projects was to have a look at Firefox:

Overall it is clear that Firefox is a very well written and high quality piece of software. Several builds were performed on the code, culminating in the final analysis of version 1.5.0.6. The analysis resulted in 655 defects and 71 potential security vulnerabilities. The Firefox team has been given the analysis results, and they will determine if or how they will deal with the issues.

The results in a more detailed view: [g2zero.com...]

For me it seems most of the issues are of theoretical nature. I also have trust in the core developers to check and fix these issues pretty fast. A similar analysis on the sourcecode of IE would be interesting though, but I doubt we will ever see results of such an analysis.

 

asquithea




msg:3077339
 4:26 pm on Sep 9, 2006 (gmt 0)

From my experience using similar static analysis tools on my company's code, I suspect that many of the null pointer dereference issues will never result in a crash -- automatic code analysis overlooks the inherent constraints that the code runs under. I doubt more than 1 or 2 of all of these errors are actually exploitable, in practice.

That's not to say this kind of analysis isn't useful - if this kind of tool raises a warning, it's usually indicative of either a minor bug or programmer laziness.

655 bugs actually struck me as being on the low side for code this size. They must have either severely constrained the kinds of warnings the tool could produce, or most issues typically found by static analysis must have been removed by other, similar tools.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Browsers / Firefox Browser Usage and Support
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved