UniMRCP has achieved Coverity Scan defect density 0.07.
Coverity Scan, a robust static code analysis tool, initially reported more than 50 potential defects in the UniMRCP source code. Although nothing major affecting a real use-case popped up, among the reported issues were potential NULL pointer dereferences, an overflowed array index read, overlapping buffer copies and some others, which are undoubtedly worth having fixed.
All the reported defects, spread over core libraries, applications, test suites and Asterisk modules, have been fixed in the repository. Of course, there were also some false positives, where Coverity mistakenly believed the code could cause an issue. Even those cases have been addressed by revising the code in order to achieve a clean Coverity report. The only exception is an issue, inferred misuse of enum, reported for the sample UMC application, that was decided to take no action.
The reports are available on the Coverity Scan website. In order to access them, you have to create a new or log in to your existing Coverity account.
The UniMRCP source code has been analyzed with the help of other similar tools such as Rational Purify, Insure++, Valgrind. While all the mentioned tools are great and essential for software development, not all of them are affordable. Therefore, let's not forget and express our appreciation for the Coverity Scan service, which is based on the commercial Coverity Static Analysis Verification Engine and freely available to open source project users and maintainers.
Thank you everyone for using UniMRCP and enjoy your defect free ride!