I recently got a chance to run the bitcoin source code through Synopsys's static analysis tool, Coverity. I thought it'd be good to report some of the potential issues detected upstream. I am not a C++ expert, nor do I have the depth of the source-code here, so some of these may-be non-issues. Regardless, I'm reporting some of the "high" severity issues marked through the tool. Hoping someone with a deeper understanding of the code-base can better assess them and patch as necessary :)
https://github.com/bitcoin/bitcoin/blob/master/src/crypto/hmac_sha256.cpp#L14 and https://github.com/bitcoin/bitcoin/blob/master/src/crypto/hmac_sha512.cpp#L14
<img width="1147" alt="image" src="https://user-images.githubusercontent.com/5788514/66272888-fd7cb100-e83c-11e9-8d46-321f25642ba0.png">
https://github.com/bitcoin/bitcoin/blob/master/src/leveldb/table/table_builder.cc#L56
<img width="1143" alt="image" src="https://user-images.githubusercontent.com/5788514/66272975-b511c300-e83d-11e9-87b7-528447e1b104.png">
https://github.com/bitcoin/bitcoin/blob/master/src/leveldb/db/c.cc#L160
<img width="1150" alt="image" src="https://user-images.githubusercontent.com/5788514/66273002-e7bbbb80-e83d-11e9-910a-c64461417ce3.png">
https://github.com/bitcoin/bitcoin/blob/master/src/key_io.cpp#L166 and https://github.com/bitcoin/bitcoin/blob/master/src/key_io.cpp#L189
<img width="1145" alt="image" src="https://user-images.githubusercontent.com/5788514/66273019-20f42b80-e83e-11e9-9acb-a35874f5cac6.png">
There is also other "medium" and "low" severity issues that may or may not be patch worthy. If someone is interested, please email me or ping me on this issue.
<img width="1492" alt="image" src="https://user-images.githubusercontent.com/5788514/66273110-fe164700-e83e-11e9-9cc9-8eab7e8f3b58.png">