DEV Community

Alex Astva
Alex Astva

Posted on

Every 4000 lines of Android code contain a potential vulnerability

Every 4000 lines of Android code contain a potential vulnerability

Last year, developers of the static code analyzer PVS-Studio already cited the result of their research on the operating system Tizen example and now again the choice fell on another, no less popular OS, Android. Looking ahead, I want to note that I didn't expect such a huge number of mistakes in such a popular product!

In the article, mistakes carried in even such a high-quality codeare striped on examples, in fact even those tested by Coverity.

In total, the developers described about 490 potential vulnerabilities. For example, CWE-14: Compiler Removal of Code to Clear Buffers, which is a serious type of potential vulnerability and leads to access to private data.

Among the others you can find:
• CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
• CWE-393: Return of Wrong Status Code
• CWE-480: Use of Incorrect Operator
• CWE-561: Dead Code
• CWE-690: Unchecked Return Value to NULL Pointer Dereference
• CWE-762: Mismatched Memory Management Routines

And many other interesting examples of almost 2 million lines of code in C and C ++! Wow!

Source - https://www.viva64.com/en/b/0579/

Top comments (0)