All streams
Search
Write a publication
Pull to refresh
475.51
Global rating

Open source *

Open source software

ArticlesPostsNewsAuthors
Show first
Rating limit
Level of difficulty

ONLYOFFICE Community Server: how bugs contribute to the emergence of security problems

Reading time12 min
Reach and readers1K
PVS-Studio corporate blog.NET * C# * Open source * Information Security *
image1.png

Server-side network applications rarely get the chance to join the ranks of our reviews of errors found in open source software. This is probably due to their popularity. After all, we try to pay attention to the projects that readers themselves offer us. At the same time, servers often perform very important functions, but their performance and benefits remain invisible to most users. So, by chance, the code of ONLYOFFICE Community Server was checked. It turned out to be a very fun review.
Read more →
Total votes 2: ↑1 and ↓1+2
Comments2

Talking About Errors in the QuantConnect Lean Code

Reading time17 min
Reach and readers476
PVS-Studio corporate blog.NET * C# * Open source *
image1.png

This article discusses errors found using a static analyzer in an open source project. There are some simple things that can help you avoid them. For example, the usage of language syntactic constructs starting from C# 8.0. We hope it will be exciting. Have fun reading!
Read more →
Total votes 2: ↑1 and ↓10
Comments0

Analyzing the Code Quality of Microsoft's Open XML SDK

Reading time10 min
Reach and readers1K
PVS-Studio corporate blogDevelopment for Office 365 * Open source * C# * .NET *
image1.png

My first encounter with Open XML SDK took place when I was looking for a library that I could use to create some accounting documents in Word. After more than 7 years of working with Word API, I wanted to try something new and easier-to-use. That's how I learned that Microsoft offered an alternative solution. As tradition has it, before our team adopts any program or library, we check them with the PVS-Studio analyzer.
Read more →
Total votes 4: ↑1 and ↓3-1
Comments1

Checking Clang 11 with PVS-Studio

Reading time10 min
Reach and readers1.1K
PVS-Studio corporate blogC++ * Open source * Information Security * Compilers *
PVS-Studio: I'm still worthy

Every now and then, we have to write articles about how we've checked another fresh version of some compiler. That's not really much fun. However, as practice shows, if we stop doing that for a while, folks start doubting whether PVS-Studio is worth its title of a good catcher of bugs and vulnerabilities. What if the new compiler can do that too? Sure, compilers evolve, but so does PVS-Studio – and it proves, again and again, its ability to catch bugs even in high-quality projects such as compilers.
Read more →
Total votes 3: ↑2 and ↓1+1
Comments0

Checking a Header-Only C++ Library Collection (awesome-hpp)

Reading time17 min
Reach and readers1.3K
PVS-Studio corporate blogOpen source * C++ *
PVS-Studio and Awesome hpp

Somehow, we've happened to check most of the libraries making up a collection called "Awesome hpp". These are small header-only projects in C++. Hopefully, the information about the bugs we've found will help make the libraries better. We'll also be happy to see the developers use PVS-Studio on a regular basis thanks to the free-license option we provide.
Read more →
Rating0
Comments0

Amnesia: The Dark Descent or How to Forget to Fix Copy Paste

Reading time14 min
Reach and readers842
PVS-Studio corporate blogGame development * Open source * C++ *
image1.png

Just before the release of the "Amnesia: Rebirth" game, the vendor "Fractional Games" opened the source code of the legendary "Amnesia: The Dark Descent" and its sequel "Amnesia: A Machine For Pigs". Why not use the static analysis tool to see what dreadful mistakes are hidden in the inside of these cult horror games?
Read more →
Rating0
Comments0

JavaCC 21 Parser Generator

Reading time4 min
Reach and readers2.9K
Java * Open source *
From sandbox

JavaCC 21 is a continuation of work on the venerable JavaCC parser generator, originally developed at Sun Microsystems in the 1990’s and released under a liberal open source license in 2003. It is currently the most advanced version of JavaCC. It has many feature enhancements (with more to come soon) and also generates much more modern, readable Java code. Also, certain key bugs have finally been fixed. (N.B. The “21” in JavaCC 21 is not a version number. It is simply part of the project name and means that this is a JavaCC for the 21st century!)

Read more →
Total votes 8: ↑8 and ↓0+8
Comments0

Why it is important to apply static analysis for open libraries that you add to your project

Reading time7 min
Reach and readers932
PVS-Studio corporate blogPerfect code * Programming * Open source * C++ *
PVS-Studio and Awesome header-only C++ libraries

Modern applications are built from third-party libraries like a wall from bricks. Their usage is the only option to complete the project in a reasonable time, spending a sensible budget, so it's a usual practice. However, taking all the bricks indiscriminately may not be such a good idea. If there are several options, it is useful to take time to analyze open libraries in order to choose the best one.
Read more →
Total votes 1: ↑0 and ↓1-1
Comments1

Crime, Race and Lethal Force in the USA — Part 3

Reading time24 min
Reach and readers2K
Python * Open source * Data Mining * Big Data *
Translation
image
This is the concluding part of my article devoted to a statistical analysis of police shootings and criminality among the white and the black population of the United States. In the first part, we talked about the research background, goals, assumptions, and source data; in the second part, we investigated the national use-of-force and crime data and tracked their connection with race.
Read more →
Total votes 3: ↑3 and ↓0+3
Comments0

Crime, Race and Lethal Force in the USA — Part 1

Reading time8 min
Reach and readers2.9K
Python * Open source * Data Mining *
Translation
image

Do the police in the US really shoot black people more often than white people? Is use of lethal force connected with race? How is crime related to race? What are the odds of getting shot by the police if you are white and if you are black? We're taking public data and python with pandas to shed some light on these questions, propaganda and politics set far aside.
Read more →
Total votes 5: ↑3 and ↓2+3
Comments0

Checking QEMU using PVS-Studio

Reading time14 min
Reach and readers695
PVS-Studio corporate blogC * C++ * Open source * Programming *
image1.png

QEMU is a rather well-known application for emulation. Static analysis can help developers of complex projects such as QEMU catch errors at early stages and generally improve quality and reliability of a project. In this article, we will check the source code of the QEMU application for potential vulnerabilities and errors using the PVS-Studio static analysis tool.
Read more →
Total votes 3: ↑3 and ↓0+3
Comments0

Checking the Code of XMage, and Why You Won't Be Able to Get the Special Rare Cards of the Dragon's Maze Collection

Reading time13 min
Reach and readers766
PVS-Studio corporate blogGame development * Open source * Java *
image1.png

XMage is a client-server application for playing Magic: The Gathering (MTG). XMage's development was started in early 2010. Since then, it has seen 182 releases, attracted an army of contributors, and it's still being actively developed even now. All that makes it a good reason for us to contribute to its development too! So, today the PVS-Studio unicorn is going to check the code base of XMage and maybe even get into a fight with some entities.
Read more →
Rating0
Comments0

Static code analysis of the PMDK library collection by Intel and errors that are not actual errors

Reading time14 min
Reach and readers867
PVS-Studio corporate blogC * C++ * Open source * Information Security *
PVS-Studio, PMDK

We were asked to check a collection of open source PMDK libraries for developing and debugging applications with NVRAM support by PVS-Studio. Well, why not? Moreover, this is a small project in C and C++ with a total code base size of about 170 KLOC without comments. Which means, the results review won't take much energy and time. Let's go.
Read more →
Total votes 2: ↑2 and ↓0+2
Comments1

Unicorns break into RTS: analyzing the OpenRA source code

Reading time16 min
Reach and readers773
PVS-Studio corporate blogC# * Open source * Games and game consoles
image1.png

This article is about the check of the OpenRA project using the static PVS-Studio analyzer. What is OpenRA? It is an open source game engine designed to create real-time strategies. The article describes the analysis process, project features, and warnings that PVS-Studio has issued. And, of course, here we will discuss some features of the analyzer that made the project checking process more comfortable.
Read more →
Rating0
Comments0

The Code of the Command & Conquer Game: Bugs from the 90's. Volume two

Reading time13 min
Reach and readers3.5K
PVS-Studio corporate blogC * C++ * Open source * Game development *
image1.png

The American company Electronic Arts Inc (EA) has opened the source code of the games Command & Conquer: Tiberian Dawn and Command & Conquer: Red Alert publicly available. Several dozen errors were detected in the source code using the PVS-Studio analyzer, so, please, welcome the continuation of found defects review.
Read more →
Total votes 4: ↑4 and ↓0+4
Comments1

The Code of the Command & Conquer Game: Bugs From the 90's. Volume one

Reading time13 min
Reach and readers2.1K
PVS-Studio corporate blogC * C++ * Open source * Game development *
image1.png

The American company Electronic Arts Inc (EA) has made the source code of the games Command & Conquer: Tibetan Dawn and Command & Conquer: Red Alert publicly available. This code should help the game community to develop mods and maps, create custom units, and customize the gameplay logic. We all now have a unique opportunity to plunge into the history of development, which is very different from the modern one. Back then, there was no StackOverflow site, convenient code editors, or powerful compilers. Moreover, at that time, there were no static analyzers, and the first thing the community will face is hundreds of errors in the code. This is what the PVS-Studio team will help you with by pointing out the erroneous places.
Read more →
Total votes 2: ↑2 and ↓0+2
Comments1

NSA, Ghidra, and Unicorns

Reading time12 min
Reach and readers1.1K
PVS-Studio corporate blogJava * Open source * Reverse engineering *

NSA, Ghidra, and Unicorns

This time, the PVS-Studio team's attention was attracted by Ghidra, a big bad reverse-engineering framework allowing developers to analyze binary files and do horrible things to them. The most remarkable fact about it is not even that it's free and easily extensible with plugins but that it was developed and uploaded to GitHub for public access by NSA. On the one hand, you bet NSA has enough resources for keeping their code base clean. On the other hand, new contributors, who are not well familiar with it, may have accidentally introduced bugs that could stay unnoticed. So, we decided to feed the project to our static analyzer and see if it has any code issues.
Read more →
Rating0
Comments0

Single line code or check of Nethermind using PVS-Studio C# for Linux

Reading time14 min
Reach and readers1K
PVS-Studio corporate blog.NET * C# * Open source * Development for Linux *

Рисунок 1

This article coincides with the beta testing start of PVS-Studio C# for Linux, as well as the plugin for Rider. For such a wonderful reason, we checked the source code of the Nethermind product using these tools. This article will cover some distinguished and, in some cases, funny errors.
Read more →
Total votes 3: ↑3 and ↓0+3
Comments0
123
4
5678

Authors' contribution

Your account

Sections

Information

Services

Support
© 2006–2025, Habr