Database - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Database


Analysis Finds MySQL Code Low on Bugs



 By: Lisa Vaas
2005-02-04
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Database story.


  Table of Contents:
  1. Analysis Finds MySQL Code Low on Bugs
  2. ' Response Time '

Rate This Article:
Poor Best
Analysis Finds MySQL Code Low on Bugs
( Page 1 of 2 )

Just in time to counter security taints from last week's MySpooler worm, which spread via weak MySQL passwords on Windows installations, MySQL gets a clean bill of health from code-analysis firm Coverity.Just in time to counter security taints from last weeks MySpooler worm, which spread via weak MySQL passwords on Windows installations, MySQL on Friday got a clean bill of health from code analysis firm Coverity Inc.

The five Stanford University researchers at Coverity, who analyzed the security of the Linux kernel over a period of four years, this month are planning to release an analysis of the security and quality of MySQL code that found the database to have an "excellent" bug density.

Coverity did the analysis at the request of MySQL AB, the company that markets and develops the code for the open-source database under a dual-licensing structure.

Resource Library:
Coverity researchers analyzed MySQL Version 4.1.8 in January. The types of defects discovered were crash-causing defects, performance degradation and security vulnerabilities.

Out of 425,000 lines of code analyzed, Coverity identified 97 bugs, which included Deadcode, or unused code due to logic flaws, which can lead to improper system function; forward null, which can cause system crash; negative returns, static overrun and overrun dynamic, all of which can cause data corruption, possible crash or possible malicious attack; resource leak; reverse null; uninitialized variable; and unused value.

The company has used the same code-checking technology on source code from customers including Oracle Corp. and Veritas Software Corp., among others.

In the wake of the MySpooler worm, users criticized MySQL for not hardening the database. Read more here.

For comparisons sake, Coverity found more than 1,000 defects in the Linux kernel Version 2.4.1 in 2001, at a time when the source code contained 1.6 million lines of code.

Coverity CEO Seth Hallem said the relative cleanliness of MySQL code is likely attributable to a few things: First, it is shepherded by MySQL AB, the Uppsala, Sweden-based company that markets and develops the database under a dual-licensing structure. "Theyre putting their necks on the line," he said. "Theyre certainly more interested than a project with less industry penetration or less of a profit motive."

Next Page: MySQL gets high marks for alacrity in security response time.





  Reader Comments: Analysis Finds MySQL Code Low on Bugs
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Database Articles          >>> More By Lisa Vaas
 


x}r8s;iW1ŋKmiXTF((ئHIVO 7]hɗj9劲%L D"·$i9cr3ݩkj΢.w}![f8iTEK ]ߤ~Am;t =4mFNHB~}@~sfD%x_'Щѩ&€wɄZIКؕ>}~qlv .hvLIlG5tuGpnFA|QCѺQQy$pm<$Q}# QT5I ib1lp2JH n>,!\ZIa^_y yN tq(r~7P7nǾ;s2w0XMDVwS&>dRr-2QȲnMw3a[mѡlطZkuE9,},^/[,\hӟoF_{JU4Eٿ]vή $(֝[p m+iu]+i0n{'y@α{A~$?Fj}&UJDZ-i& 0h!5&tt<_B^,9@FI?nn/4E;J KHs = (2,#uGҾ췯;6鷏ώ;Sdo̲1<ZMӀ Zvb!?Y VӓkIGNs!+|qg>!5M0\̱¬:֪o~=co!&w@"rVJze_R ?#3p=jIo]}::$7cY>韐/ !}_w nr@ i/],,Y`MIpL2T~`]NjoNX uZPĿ"G/H>'!hI#r Bг,`@o%`9`P ar T<ʦBICvn2V{TKh!+K@fsfd(4{~4 cbB|#'fXr`Y \d+|i)lb ը6؛ri:|:ioB{4 0sҺ<,$-XLcF0pq_!O\?C18y<2M '[BSjj33-F  o _׆K c*8tԳtgqq?_ZN®tْүhOvpuу=9Je!6#{e{W+HLZ`!?ՊRRՄ4i/#Y /m0ܑk}>aD6#ΜD(-CZ!3 O΁4uD8_-OAM&4%qӠ8TUƮݙY$8MG9Fi$]k|[P vfȍ>N6N1L Ma}^D ϓ1W5 d,fqNg0cp&vN{֡,)3?t\:kt?y{Wz&[wtv'@^􁯍C-oZ# d0=̞̝A mۨX9)6?b(_J`Y V8g;}Dp懿ԫ0짜JEVK`zցDZ%yHǞ1]]2Y1Gci}SUה*eƬɲ(Ъ6#iA/%e.N1)Q(&v}j;_&I|SeYȣV)+Y+T\U񋰷8C+`-XRj#L*"'o&ŏ[o(urvOG~T>UʠˏHU*J5yUr=)i7xџ6YD+(++i-Y2ǽa m.E[& 4˷ʨKu3[*X.DД4Ϩ;Rb i kGQh-Bwyr `3Wf44َcpDM?ҁh)03?0RlʪVW%봺%I?NM=1h+QcKBuṚo{{kC4÷,L)~39Ȕ)xT-kZb[Ԫwc"i!`0\?=bHp?n ]^*~ t9#T`| @`'d1s<œo =$Ԅ7; +A񷠐n)ɡXXD>ġifR{e">QTk㘘۽ ~[( L $q)YUihja{i12A$Ks?; %Sv/is0q3љnt/3!9kw><{=kq 4 }U\q@*V-|~<:m~61zˁNIM$(Xq,I!s^Y{{:9\~; yEp0Z<!hQ^8돝K%y;$˶u߽o= rHp'Bjw>^$'d0 s|n]G'6b `xѤĢ^Y ]s>ͥ=`L̴M\gwhNPD(Vp9c㻞Xa*/q)y{h&})s'AuhaJwnio6Ş`4 ݣvR:}i?v;}p¾"CWq :i)`* 94XhHn X"2NIJa'>8zdM#}ݾJfyӼ4hɘAhl7B_7nC]`l]s!T xBo~ˤaW*]c{*{w}wo]VZtC.qB1Vd/)&%ϓE L OKt1ڬ/ۥ{HkYXxlS;O ?ֈ '|Ȟ8^jѼc+輳2 [a[C؞qaLpx2HC%6÷Fp7N Ϧf_ O%FJ ,Q`mZ،9!/hvpmU4bZy"N0So1֢$g |o(o&򽡎xknZS*9;oL_lXS|  \(.BӞ܊MQ@(|2.mE.zQv%Fc7Y+x˗iL@4ۺg Y!>'!QJZEٗwry ;3%!"̵Hz@mn\UDfQs)O}m?ӕ䆥cwns/=gsXՏgCIYn@lZ)W]}[|BÑ|)q(ӏJi0 Lk:t\PD?4|ELw')TϣЯV'Wcn_SwTؿR0#nU jvwwR( H'Lx8cW,x7>P 7DYH" -g&JM)xLƜve({P>R0Qx^΃R @%9 &.0,s^pe @LvӔGl+vT;, nSn+6ʵd\6S%Wޮ8ΐWĪjR')0V~hN?46-#^zgI>q[l{p:֫PgX:fWw詉=M209z٠nS?X E'I K!sMl?Xyo 8J?fI[4^(Org=P # ZQ4r& םF֫ .M;AjFz)1Ta:=9lf.fS# KgTǡTRX 􏠱=eԛyRRqLXs=,8 < Lnx0' QH&#+oTI_awUnnK*ix9Lb3)H: nK̥5טeNr[$S\!.H 'TzaT 4d=o<DXE ˦; |ԋGߞ\z)VN=zGm"&+]`-%XJ'G p="$>9zS*EbފjRBEW"r0֏I sBAVO, < -! l?-"Z# t3AxoL,=4gxMV{ūԃ>f4ѥs}tRBO@M[wT̘cJqp$G8G88׀2D$4VV|*؍%ipۚ׸ّz_ו{Nlzn"#u.z3GJwg)RU֍ 1YK 5{J*&=#LGK.ap>}eXJO&InWkՕ`zn*A>OHZu^g%?`&A%oy6& ~y67ҋD*Mm"vĢna׃ ny#$ @tyUs[c&"s|2Tj]LdVWGlܡx.'#uޱuO N$\TW뚦l4D8xE [ !@@X o WO|OZ%lȧ޹j1-PꅔS!A _넽Nu3luFXTۦ77!G<]ElE)W6MfFs/xp0K{pjqmj+&"VhnS{Cyף 8Ԁ1}k`KJ  d-A֨= )>A|c]K.L߼߼߼߼߼xSkz򶽩=ԶV_jXu 0;5l0g0CbI~Z"8_曠ܠwF<_Aa+z~UGæb7pH/ce <ƽ3Y q[)O(6hُfXK֯|mofFl2Ӥ7.$qzq){=6X5X67~ʛ/uZ4@9FB+D\(^y3ú1Ŀڢ@k*.O5R/ǖ~؉ aHҟ8vOF3>V3g8`P tqqx>G}ផ ?qaJVc\WKNCwZhl~Z ev>{ʃVe ]vOR4ş z;U+.)D7{#P~KgRWoixYȿY!&AgZ3h~Lфl6怲<^$I-ڦ/h P|F0 c 9xQk|ȪhF̊>wt)RrWjp,yˉuYf{c~BP22@44kI/NI&8Ǧp썗4SqDg݁/ФXz"M"K)z0:kҽ>u]|ç;2aR&?_ 7W/K{~i T_ݷ$8@̫%ײd=IvE I#(hILÑ@u}sTQR"ќjK"n8aʶ}6ċQ{fDA'rpя"xcO{ es^ة7>k_A'-gtYΞCy%<{6Bڐ>I#$:u@o@amIY0Yl.)pìf0n!ۿP'}dɷ 1V^Dcf2QȏaD%|_CC~@wwjOaR--:'7| "EWB~7Vq8Idwň'|[-0Uňk('>?ķH5>ZG ^b,n] B,6ԉaDم4ȡ-bâ 1ʵm <߉o",t㫸Z4!2m!2~j*bdFyAx!Fv;Kb+n6Q{$Ip+jj5޹A^bzE1ckzzD,?t"RVЮ(> l?QX2Lzmʹ<8?%ԣQ8gFSYh9ѽbcjFj5e_]-O?P/ ]ZX,:Ȓ~WeL<^^A֋+ iM3"rRIA$zTG^0JRMxS>b\y z Gg>)fF<@ƏLvh;bw=Vں蚵q)y,y -J/,'c0/';`^hRLR`N3Q|->"AdRL D ''+j  w=ktP#D$~kh㽽WԄm$5DX#e3NgNt2Щ Hۡ$Z[dнT["}FsgW'b^o9g0c.,9+6 xfVVTm}qV.R)q<ə莥 5,?_J)}#Q9̪ f㍸=#TP6iMh5%MF(hdtifSxa`+pSKC7R<6$AeЇ5T?0' )U05 njU@8AnKe6 CvvQ:coI XPp]I٫T~Nd>QhTJӑu va|$wzS41ߌ\ix## k3`y rF@YfOGP56WD:nY=CsN.7v߾U CyP_[{E .T49a(0:ߩ1q>9 7<R+SG8/  [zqeL\ϪC~!M}CcPx- rH8GPk[Ѿ+%LՎ\氟aHp=Sˁ-l2ȘhD MQ VHxLirtv$%"KJ!?)mDRRi{8d`8a9=c3bw`/}06xp/>G>w;WLQXj*!b3wȧX, }Ē$c,\T&}fA=bAa~L­!~&).yci 8^yN4_Z oX62 =<RXX_1[5=L꺂OJBveX zQxkwy7`fU3{8~{BOSz% %uW0`A i2bg4t\K -C#&a@}lFLvcٺ:BNפENmt;\;Kr>'lkEߢֳQQqi}uݹ<8F;d6ME`9,eiE)3C9lꌹ6Wc\sxYx鎾(ah,.6ug$;G(%lFyї51W>21S:9nzZ>ZAN|vuI+֓C@mj6~V CQqXmn¸~(hO1u{qt/ۅfdRRs`__לk(^_~NmwS__~48iCSi}>B?'(Shu֗wN IN9?t.sʡ+4/y|9s_/}/r{ȡE^^'esN S~909{ s#?0~9ׅws?]/rqWU?9{9^}~X_ S}y>>oʁorڿi&s$CPʑ.N pr+QT/ޯ<4|sYU~vïUX^йZ*4ˑ*Kҿ2~62A\wO aqʍz^S_xڞꖽpLڭe]9hq_l %^a/ ^敽d< xEB+gٔ@#X{#uO'NW6#ﹺ d^)Wsr>V=ןbMedG,D<mJ5BfaO@z6^D4k{HO9}ʒ\z[,8 vt{z&%.ͻL_|X-AhOWniMogA\Dpqk;O΋kwՕ |3b 5I?'OtVfw 4;) v[ЙqeeޢDFEk@-'`<[`?Znam= `/[烫6{̦d󰡲iJÙ#ш~ǰ &Zbg8 a箩-g蛡j:HÅMH|3v190l cG͆RiejRߑJ0lFGDP1|ˈɪ"+uW9 8]V*r `" *s>P`24UF` Ԋz!OJ1=4`­tKo1;BDO"OӱwB;fCWe:,$ŋtaSOp^Wv"H0~Y$P&`!֞.^͆$w bYǤi!#lɒ]k"bؖ"['mg&L; O,E~f&g- ĠG8О#cwˡB~ 22DS7r{鄙B΄[W٨sR%u Lu;& Qk`QϙerÄc6O 5U"yw|w&ɉؼt ޺Ccjd1=k +#P<ՍP},.I5sEEבE,&J # B:Ʉpwmփ _s8 VUݺ!׶+2}jSo:h}v;Wڳ ~P~9C >g̶ +Fcq}(!3Fc9H%)^xjA߮ed#W B㑸| ,* )Hmu(seKlÏl[v >=qb<#U:.~=IT~7)>4w^|7(6؆|%Og ϿaHO)t&I`Q'11|j;;1Te]XQYɶy S~n]O(#oݒ珸6x}ư҂I(,T6ys*>% ,1-iDKu A]?_vs[>/৲_bmR>ǔK ]'[٧3й?-Rw/e[͌o2_X ( LwT9N]]PjãōGXƸ[[) Iy>p;Щ0T\NX%eܔuF.DmhT4X %*l+7 /߶7WLTV׶2 X#&v$ѿ9V0|>,lp/>cwϏp`2﮳zNN7p2$Ӿ82#" $$jVI;;Q0&|iE-ȓl`Cv_)~ph[?2YA wVǰY2!&?O80Ux|-h\l};ݘ_e9Lgޜ"?P߯JQlw6k+ȀHY;D5Ra&(/z0~ ǯ g:~0>~0/rX)>ɲƘ]>xTL+ 52lt* X*!KůXF%IDb$8ґCA؞B*>e3C7Dn0BrC d[Hօuv\j/cY4~1<99.@OI"cXM1}a`|1GtƙW3.rW?a%Pr^kh?Xi/.:_xH%L}Sw= ɳaFk;O(Uƥx?XQ|=^'`gh-/=jD*(Ksӽ>igA0|Us1] ~s Wha<y&Fϖg UjT;IxdM_l+:cSEᘸe=WF|p(1{l~ )CUs̥D/4^JC\qrx6 }OTar$~XXqg;\d†[hxb7&;a1Բ66']/+