Prevent also checks for memory leaks, where memory is allocated to create a software object but never reclaimed for the system when the object is disposed of. It "sizechecks" or looks for a pointer that has been cast as a data type too large for the memory assigned to hold it, causing a memory overwrite. Eleven open source projects have been scanned for the 12 defects and cleaned up the resulting discovered defects sufficiently to advance to a second "rung" or new phase of Coverity checking. They were: the Perl, PHP, Python, and Tcl scripting languages; Samba; Amanda backup and recovery project; NTP, the Network Time Protocol, which coordinates correct timing between two dissimilarly timed systems; OpenPAM, the open source method of aggregating multiple user authentication schemes; OpenVPN, the open source VPN; and Overdose, a Yahoo chat client.
Coverity called attention to the 11 as it announced an advanced round of checking for those projects that had completed two rounds of checks. Rung 0 and Rung 1 completed 12 defect checks. The Coverity checking engine is now capable of 60 checks, but not all of them will be immediately applied to the 11 projects. There will be Rungs 3, 4, and 5 as well. Maxwell said Coverity is trying to pace the amount of defect information it throws at open source projects so that they don't get distracted or overwhelmed by the lists of what the Prevent checkers are finding.
The results being cited come from scans automatically conducted on each build of an open source project, which occurs at least weekly and often several times a week. What the scan results don't show is the number of false positives in the supposed bug list. Until developers on an open source team check out each Prevent finding, it may or may not be a bug.