Archive for the ‘Nasty Bugs’ Category

  • Stack smashing

    on May 3, 11 • by Alen Zukich • with No Comments

    Stack smashing

    A while ago I talked about memory overflows.  Now in this latest installment, as we look at more interesting bugs, I’ve come across a new example.  Here is a situation described by a customer as “stack smashing”, which occurs when you copy a string of unknown length into a fixed buffer size. Just like the memory overflow post this is another form of a buffer overflow.  So there you have it, just more terminology to describe bad things in your code.  Gwyn promises to give a follow up to these posts with some details on

    Read More »
  • Memory overflows

    on Apr 12, 11 • by Alen Zukich • with 1 Comment

    Memory overflows

    A few years back a customer said they had all kinds of trouble with bugs corrupting their stack.  Even though they asked if source code analysis tools could help find stack corruption, once we got an example, we found that they were really looking for was memory overflows.  So what on earth is a memory overflow?  Does that even exist? Yes, except it is probably not what you’re thinking, it’s not the same as a memory leak;  a memory overflow is quite different.  A memory overflow is really just a form of a buffer overflow. 

    Read More »
  • Another resource leak

    on Mar 1, 11 • by Alen Zukich • with 1 Comment

    It happened again.  For what seems like the 100th time, someone reports to me that they are seeing a number of false positive reports on the resource leak checker.  For those not familiar with a resource leak, take a look at a previous post.  Although resource leaks apply across most languages, the place where this question keeps coming  up seems to always be in Java or C# code.  My last query came from Java code, so we will use that as an example.  Here was a report where the FileInputSteam is not closed on exit

    Read More »
  • Dealing with a different type of backlog…your bug backlog

    on Feb 3, 11 • by Todd Landry • with 2 Comments

    Dealing with a different type of backlog…your bug backlog

    As a product manager, the only backlog I typically care about is my product backlog. Do I have the right stories in there? Do the stories have enough detail? Are they properly prioritized? You know, that kind of stuff. Today, however, I’m going to write about a very different backlog, that is the static analysis defect backlog. A static analysis backlog is created when you run a static analysis product on your code base for the very first time. Chances are pretty good that the first analysis is going to list a large number of defects,

    Read More »
  • Patterns of Bugs

    on Jan 18, 11 • by Brendan Harrison • with 1 Comment

    Patterns of Bugs

    Nice blog post from Walter Bright over at Dr. Dobbs on the Patterns of Bugs. He ties together bug patterns, recommended process changes, and the resulting productivity payoff from making these improvements. He recommends a bunch of process changes, including static analysis, code reviews, and coding standards, then goes on to review examples of different bug patterns. A few can be detected with static analysis (coding mistakes as written) but many are errors with the code as intended (something static analysis doesn’t check… that’s what testing is for). His main recommendation seems to be that

    Read More »
  • Multicore exposes more frog versus snake (deadlock) bugs

    on Sep 30, 10 • by Eric Hollebone • with 2 Comments

    Multicore exposes more frog versus snake (deadlock) bugs

    Continuing the discussion about the embedded community moving to muticore/hetrogeneous hardware from watch out here comes multicore, embedded software development teams have historically been shielded from mulitcore issues. This is due to the specialized functionality of many embedded application classes and the inherent serialized nature of the C language.[1] Muticore is an ambiguous term for software developers and one they don’t really use; software developers think in terms of threads/processes and concurrency, not how many cores or processors are available on the target. Concurrency is not a new topic either as Mark Smotherman captured in a history of multithreading, it has been a

    Read More »
  • Top 5 Java quality bugs

    on Oct 13, 09 • by Alen Zukich • with No Comments

    In a previous posts I reviewed the Top 5 C/C++ and Top 5 C# quality bugs that I that I see time and time again looking at customer code. I wrote my Java Top 5 with an embedded programming focus and the folks at www.embedded.com decided to publish it on their site. Here’s a snippet below and the full Top 5 Java bugs article can be found here. While C dominates as the programming language of choice for embedded development, the use of Java is definitely on the rise. In fact, according to a recent

    Read More »
  • Top 5 C# quality bugs

    on Sep 1, 09 • by Alen Zukich • with No Comments

    In a previous post I provided the top 5 C/C++ quality bugs that I that I see time and time again looking at customer code.  Time for the C# version: 1.    Null pointer exceptions from a method 1                  public class A { 2                      public A foo() { 3                          if (flag) 4                              return null; 5                          return new A(); 6                      } 7 8                      public void var() { 9                          A a = foo(); 10                         if (flag) 11                             a.foo(); 12                     } 13 14                     private int flag; 15                 } This is the most common issue I see.  In this example

    Read More »
  • Top 5 C/C++ quality bugs

    on Jul 14, 09 • by Alen Zukich • with 1 Comment

    A recent article on the top five causes of poor software quality and top 5 non-technical mistakes inspired me to also provide a top five on software quality bugs.  Here is my top 5 list of bugs (with some simple examples) that I see time and time again looking at customer code: 1.    Null Pointer dereference This is far and beyond the most common issue that I see time and time again. void npd_gen_must() { int *p = 0; // NULL is assigned. *p = 1;  // pointer is dereferenced } Now this example is

    Read More »
  • Bugs and your Backlog

    on Jul 7, 09 • by Todd Landry • with No Comments

    There was a recent blog on whether or not you should have bugs (that were not found during the most recent iteration) added to your product backlog, or kept in a separate bug backlog. Here at Klocwork we have a defect database that is closely monitored by Support, dev, PM, and so on…suffice it to say, it has a high degree of visibility within the organization and will probably never go away. Being an Agile company we also have a product backlog that is reviewed daily and prioritized regularly. Every two weeks (coinciding with our

    Read More »
Scroll to top