How can simple XML files processing turn into a security weakness? How can a blog deployed on your machine cause a data leak? Today we′ll find answers to these questions, learn what XXE is and how it...

We are pleased to announce the first release of PVS-Studio in 2022. In this article, we discuss various enhancements in managing Unreal Engine and ASP.NET Core projects. Keep reading to lea…

Seems like Microsoft has just announced Visual Studio 2022. And it already came out! For us at PVS-Studio, this meant only one thing — we must support this IDE in the next PVS-Studio releas…

We are often asked whether we send bug reports to developers of open-source projects. The answer is yes. More than that— we sometimes track the progress. This article is about one of the ca…

Let's continue with a series of small notes illustrating the PVS-Studio's ability to quickly find new errors in the code. If the analyzer is regularly used, of course :). Today we have anot…

You decided to make an app that works with SVG. Encouraged by the enthusiasm, you collected libraries and successfully made the application. But suddenly you find that the app is sending strange...

If you regularly use a static code analyzer, you can save time on guessing why the new code doesn't work as planned. Let's look at another interesting error — the function broke during refa…

This is the second part in a series of articles checking the MuditaOS operating system. In this article, we cover the bottlenecks of the project that are worth refactoring. The PVS-Studio s…

Millions of people use web applications based on ASP.NET Core. This is why we enhanced the mechanics of how PVS-Studio analyzes such projects. How does PVS-Studio work now? Let′s see! We ch…

Developers like graphics engines because they are easy to work with. The PVS-Studio team likes graphics engines because we often find interesting code fragments. One of our readers asked us…

Some believe that experienced developers do not make silly errors. Comparison errors? Dereferencing null references? Bet you think: No, it's definitely not about me... ;) By the way, what a…

GUI frameworks are becoming increasingly popular: new ones appear, and old ones get a new life. At PVS-Studio, we are watching this trend very closely. Today we′ll examine suspicious code fragments...

Videos that analyze errors in software projects are an excellent opportunity to practice coding and learn from other people's mistakes. This time we'll analyze the .NET 6 source code.

00:00 Intro
00:36 A few words about the check
01:25 Missed interpolation…

Barotrauma is an indie game where you can steer a submarine, hide from monsters, and even play the accordion to save your ship from going down. The Barotrauma project is developed by Undert…

In this video, you'll learn how to install and set up the PVS-Studio plugin for JetBrains Rider and how to run the analysis.

00:00 Intro
00:32 Why do you need PVS-Studio if Rider provides static code analysis?
01:02 Installing the Rider plugin
01:31 Installing…

Toyota ITC Benchmark is a synthetic test set for C and C++. It consists of approximately 650 examples, and it's designed for testing code analyzers. This article is an answer to the questio…

Unity is one of the most popular game engines. It helps create many excellent cross-platform projects. It's been 4 years since the last time we checked Unity's source code. Time has come ag…

Researchers from the University of Cambridge described a technique that allows inserting invisible adversarial code in the reviewed source texts. The attack (CVE-2021-42574) is called Trojan Source...

Meet the latest PVS-Studio release — 7.18. This article will tell you about how we improved the analysis of modern C++, the search of security defects from the OWASP Top 10 list, and a new …

We present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye. This attack exploits subtleties in text-encoding…