App testing firm Coverity uncovered 88 high-risk defects in the source code for the Android kernel used in HTC’s Droid Incredible.
The data was collected for the “2010 Coverity Scan Open Source Integrity Report.” Although Coverity refrained from revealing the specific defects, the company counts issues such as memory corruptions, memory illegal accesses and resource leaks that can potentially lead to security vulnerabilities or system crashes as high risk.
Coverity said it has notified HTC of the issues. In all, the firm found 359 defects in the Android kernel used in HTC Droid Incredible. The good news is that the Android kernel has a defect density of 0.47 defects per 1,000 lines of code, which is better than the industry average of one defect per l,000 lines of code.
“The defects we found were in the Android kernel as configured for the HTC Droid Incredible, but there are many more vendors than Google and HTC that contributed code into the kernel,” said Coverity co-founder Andy Chou. “There is a complex supply chain for all modern software, and smartphone software is a good example of this complexity. The Android kernel code is derived from the Linux kernel, which has thousands of contributors from the open-source community and commercial companies.”
In addition to the issues affecting HTC Droid Incredible, the report includes analysis of more than 60 million lines of code from 291 of the most widely used open-source projects, including Firefox and Apache. A total of 15,278 defects were found, according to the report.
“We are hoping that this report will shed some light on this issue and show that ultimately, for consumers, defects are defects, no matter where the code comes from,” Chou said.
Editor’s Note: A previous version of the story incorrectly reported the defect density of the analyzed Android kernel.