Examining defects in the Firefox code base - This Post - External Link

Examining defects in the Firefox code base

Using Klocwork’s K7 static analysis tool, I examined the large and complicated code base of the popular open source browser, Firefox. Overall it is clear that Firefox is a very well written and high quality piece of software. Several builds were performed on the code, culminating in the final analysis of version 1.5.0.6. The analysis resulted in 655 defects and 71 potential security vulnerabilities. The Firefox team has been given the analysis results, and they will determine if or how they will deal with the issues.

Only someone with in-depth knowledge and background of the Firefox code could judge the danger of a particular security vulnerability; therefore, I have not included more detailed information of these security vulnerabilities that could lead to the spreading of unfounded rumours of potential exploits. However, for those interested, I’ve provided more details of the defects below.

A closer look at reported defects in build 1.5.0.6

By far, the majority of the defects reported were null pointer dereferences (446 defects). A large number of defects resulted from the code not checking for null after memory was allocated. In addition, there were many cases where the return value of functions designed to return null were not checked prior to dereferencing.

Memory management issues accounted for the next highest defect count (141 defects). A large number of these defects arose as a result of a function returning abruptly when it had encountered an error. In such cases, the code neglected to free allocated memory, even though that memory would have been de-allocated had the function run its full course.

Uninitialized variable use only accounted for 68 defects. For the most part these defects arose when it was assumed that the code would follow a certain path. However, there were instances where no checks were made to ensure the execution path followed the desired route.