Here's my plan for getting started, to be adjusted based on experience.
I've requested membership in the Inkscape Bug Team. That seems like a more focused group for discussion about bugs found by Coverity analysis.
I agree with ~suv that "coverity" is a good tag for these bugs. I'm OK with any other tag the bug team prefers.
I'll just start filing bugs as soon I find out what tag to use. After filing a bunch, I'll come back and add comments with a suggested fix. I don't expect to fix them all, so anyone else is welcome to contribute their fix first. I'll alternate between adding bugs and adding fixes.
Bugs found by static analysis (SA) are significantly different from bugs found by functional testing or by using the product. One could say SA takes an inside out or bottom up view, where usage testing is more top down or outside inward. The techniques complement very nicely. Static analysis can find critical defects quickly that are extremely difficult to find by testing or code review.
I don't have the broad knowledge of Inkscape that's needed to verify and test my suggested fixes. Others with that knowledge should review my suggested source changes, apply or reject the changes, and test them. For example, if I find code that's never executed, the programmer probably intended a very different result. Instead of simply deleting the dead code, someone with broader knowledge might make a different change that would make the code serve its correct purpose.
Also, the Inkscape code base continues to evolve rapidly. The Google Summer of Code projects will make some bug reports moot, while adding new code that needs review. The Coverity tools are designed to keep track of the same bug when code around it changes, and to remove bugs that belong to code that was removed. So I'll just go ahead with what I've got, and others can decide whether or not to proceed with the bug fixes I suggest. I'll update and reanalyze the source occasionally.
That's my plan for now. As soon as I get a tag approved by the bug team, I'll start adding bugs.
Vaughn
-----Original Message-----
I'm delighted with the quick and enthusiastic response. This obviously is a great community to work with. Instead of responding to all the suggestions right now, I'm going to ponder this and come up with a specific plan later today. Meanwhile, more ideas are definitely helpful. The better I understand how this project and its people operate, the more effective my plan will be.
More soon, and thanks for the welcome! Vaughn