Coverity has an *excellent* static analisys tool, and they do batch runs of it over open-source software for free.
Cyrus-sasl is already on their list, but it is on rung 0. This means nobody from the cyrus-sasl project has registered and accessed the bug reports from the coverity scan for SASL. CMU upstream, please rectify that ASAP, scan.coverity.com is quite good at pointing out the sort of nasty error that stays hidden in the code for a long time... Also, please request that cyrus-imapd be added to the coverity scan list, they are allowing an expansion of the number of covered projects, and cyrus imap is quite important enough to feature on that list. References: http://scan.coverity.com http://scan.coverity.com/faq.html http://scan.coverity.com/devfaq.html http://scan.coverity.com/ladder.html and the press release about it expanding for 250 projects: http://lwn.net/Articles/232489/ -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
