I've been working with DataStax on their use of Coverity with Cassandra, and decided to give the Hadoop 1.2.1 source tarball a run through our analyzer. I found some interesting issues, and noticed that some of them are integer overflow defects that align with the open MAPREDUCE-5032 issue. Other issues range from concurrency problems to cross-site scripting to resource leaks, but I haven't tried to match those up to existing JIRA issues.
Email is not the best forum for investigating these issues, so I'd be happy to post them on Coverity's Scan server for your review. If you're not familiar with Coverity Scan, it is our free cloud-based service for OSS projects (https://scan.coverity.com). I realize that false positives can be a concern, and I'd like to point out that Coverity is specifically designed to minimize false positives. If somebody is interested in looking through the results, please let me know. To get an initial analysis into Scan, please let me know whether the 1.2.1 source is a good place to start. I can analyze a different rev/branch if that's more interesting. If you see value, we can always set up additional branches. Best regards, and thanks for your time. Jon Jarboe | Senior Technical Manager Coverity | 185 Berry Street | Suite 6500, Lobby 3 | San Francisco, CA 94107 O: +1 214-531-3496 | M: +1 214-531-3496 | E: jjar...@coverity.com<mailto:jjar...@coverity.com> Web: www.coverity.com<http://www.coverity.com> | Twitter: @Coverity The Leader in Development Testing
