!_30 Posted September 8, 2006 Report Posted September 8, 2006 By far, the majority of the defects reported were null pointer dereferences (446 defects). A large number of defects resulted from the code not checking for null after memory was allocated. In addition, there were many cases where the return value of functions designed to return null were not checked prior to dereferencing.Memory management issues accounted for the next highest defect count (141 defects). A large number of these defects arose as a result of a function returning abruptly when it had encountered an error. In such cases, the code neglected to free allocated memory, even though that memory would have been de-allocated had the function run its full course. Uninitialized variable use only accounted for 68 defects. For the most part these defects arose when it was assumed that the code would follow a certain path. However, there were instances where no checks were made to ensure the execution path followed the desired route. An interesting analysis of the Firefox code reveals 611 defects and 71 vulnerabilities found in Firefox.Using Klocwork’s K7 static analysis tool, I examined the large and complicated code base of the popular open source browser, Firefox. Overall it is clear that Firefox is a very well written and high quality piece of software. Several builds were performed on the code, culminating in the final analysis of version 1.5.0.6. The analysis resulted in 655 defects and 71 potential security vulnerabilities. The Firefox team has been given the analysis results, and they will determine if or how they will deal with the issues.Now, to be fair, most of the vulnerabilities are insignificant and quite easy to fix, but I can't help but feel that as Firefox becomes popular, the security conscious will be looking to a more obscure browser for safety.So .. : Quote