---------- Forwarded message ----------
From: Jon Jarboe <[EMAIL PROTECTED]>
Date: Mon, Aug 26, 2013 at 8:21 AM
Subject: FW: Coverity Scan (MAPREDUCE-5032)
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
I've been working with DataStax on their use of Coverity with Cassandra,
and decided to give the Hadoop 1.2.1 source tarball a run through our
analyzer. I found some interesting issues, and noticed that some of them
are integer overflow defects that align with the open MAPREDUCE-5032 issue.
Other issues range from concurrency problems to cross-site scripting to
resource leaks, but I haven't tried to match those up to existing JIRA
Email is not the best forum for investigating these issues, so I'd be happy
to post them on Coverity's Scan server for your review. If you're not
familiar with Coverity Scan, it is our free cloud-based service for OSS
projects (https://scan.coverity.com). I realize that false positives can
be a concern, and I'd like to point out that Coverity is specifically
designed to minimize false positives.
If somebody is interested in looking through the results, please let me
know. To get an initial analysis into Scan, please let me know whether the
1.2.1 source is a good place to start. I can analyze a different
rev/branch if that's more interesting. If you see value, we can always set
up additional branches.
Best regards, and thanks for your time.
Jon Jarboe | Senior Technical Manager
Coverity | 185 Berry Street | Suite 6500, Lobby 3 | San Francisco, CA 94107
O: +1 214-531-3496 | M: +1 214-531-3496 | E: [EMAIL PROTECTED]<mailto:
Web: www.coverity.com<http://www.coverity.com> | Twitter: @Coverity
The Leader in Development Testing