Recently, I ran Claude Code across several projects(like image-rs, lofty of symphonia) to look for potential issues.
In this projects, a significant portion of reported findings turned out to be incorrect or minor false positives, but a non-trivial subset was valid and included real issues ranging from incorrect comments to actual logic bugs. As a result, the findings generally require manual validation to separate noise from actionable problems.
Full Reports (findings-interactive.html - interactive report view for manual inspection, findings-short.md - compact list ready to copy into GitHub, findings-table.html - compact tabular report version):
findings-interactive.html
findings-short.md
findings-table.html
Example findings (this is only a subset of the findings, specifically those most likely to be actual bugs; for the full list, see the reports above):
=================================
API_1 CRITICAL
Description: gnome_bg_crossfade_finalize calls g_object_unref(fade->priv->end_surface) but end_surface is a cairo_surface_t*, not a GObject. Calling g_object_unref on a non-GObject is undefined behavior and will crash or corrupt memory at finalize.
Locations:
libcinnamon-desktop/gnome-bg-crossfade.c:135-145
135 | }
136 |
137 | if (fade->priv->end_surface != NULL) {
138 | g_object_unref (fade->priv->end_surface);
139 | fade->priv->end_surface = NULL;
140 | }
141 | }
142 |
143 | static void
144 | gnome_bg_crossfade_class_init (GnomeBGCrossfadeClass *fade_class)
145 | {
Fix: Replace g_object_unref(fade->priv->end_surface) with cairo_surface_destroy(fade->priv->end_surface).
CPY_1 HIGH
Description: gnome_get_country_from_locale passes translation to language_name_get_codeset_details, while the sibling gnome_get_language_from_locale passes locale. The codeset belongs to the described locale, not the UI translation locale, so the [codeset] suffix is wrong when translation != locale.
Locations:
libcinnamon-desktop/gnome-languages.c:1215-1225
1215 |
1216 | if (translated_language != NULL)
1217 | g_string_append_printf (full_name, ")");
1218 |
1219 | language_name_get_codeset_details (translation, &langinfo_codeset, &is_utf8);
1220 |
1221 | if (codeset_code == NULL && langinfo_codeset != NULL) {
1222 | codeset_code = g_strdup (langinfo_codeset);
1223 | }
1224 |
1225 | if (!is_utf8 && codeset_code) {
Fix: Change language_name_get_codeset_details(translation, ...) to language_name_get_codeset_details(locale, ...) to match the language variant.
CPY_2 MEDIUM
Description: rounded_rectangle clamps y_radius against width / 2.0 rather than height / 2.0. For tall narrow rectangles this rounds corners using the wrong dimension and also assigns double to int silently.
Locations:
libcinnamon-desktop/gnome-rr-labeler.c:240-250
240 | y2 = y1 + height;
241 |
242 | x_radius = MIN (x_radius, width / 2.0);
243 | y_radius = MIN (y_radius, width / 2.0);
244 |
245 | xr1 = x_radius;
246 | xr2 = x_radius / 2.0;
247 | yr1 = y_radius;
248 | yr2 = y_radius / 2.0;
249 |
250 | cairo_move_to (cr, x1 + xr1, y1);
Fix: Change y_radius = MIN(y_radius, width / 2.0); to y_radius = MIN(y_radius, height / 2);.
PANIC_9 MEDIUM
Description: gnome_normalize_locale dereferences locale[0] without checking locale != NULL. Sibling functions g_return_val_if_fail on NULL.
Locations:
libcinnamon-desktop/gnome-languages.c:230-245
230 | */
231 | char *
232 | gnome_normalize_locale (const char *locale)
233 | {
234 | char *normalized_name;
235 | gboolean valid;
236 | g_autofree char *language_code = NULL;
237 | g_autofree char *territory_code = NULL;
238 | g_autofree char *codeset = NULL;
239 | g_autofree char *modifier = NULL;
240 |
241 | if (locale[0] == '\0') {
242 | return NULL;
243 | }
244 |
245 | valid = gnome_parse_locale (locale,
Fix: Add g_return_val_if_fail(locale != NULL, NULL); at the top of the function.
Recently, I ran Claude Code across several projects(like image-rs, lofty of symphonia) to look for potential issues.
In this projects, a significant portion of reported findings turned out to be incorrect or minor false positives, but a non-trivial subset was valid and included real issues ranging from incorrect comments to actual logic bugs. As a result, the findings generally require manual validation to separate noise from actionable problems.
Full Reports (
findings-interactive.html- interactive report view for manual inspection,findings-short.md- compact list ready to copy into GitHub,findings-table.html- compact tabular report version):findings-interactive.html
findings-short.md
findings-table.html
Example findings (this is only a subset of the findings, specifically those most likely to be actual bugs; for the full list, see the reports above):
=================================
API_1
CRITICALDescription: gnome_bg_crossfade_finalize calls g_object_unref(fade->priv->end_surface) but end_surface is a cairo_surface_t*, not a GObject. Calling g_object_unref on a non-GObject is undefined behavior and will crash or corrupt memory at finalize.
Locations:
Fix: Replace g_object_unref(fade->priv->end_surface) with cairo_surface_destroy(fade->priv->end_surface).
CPY_1
HIGHDescription: gnome_get_country_from_locale passes
translationto language_name_get_codeset_details, while the sibling gnome_get_language_from_locale passeslocale. The codeset belongs to the described locale, not the UI translation locale, so the [codeset] suffix is wrong when translation != locale.Locations:
Fix: Change
language_name_get_codeset_details(translation, ...)tolanguage_name_get_codeset_details(locale, ...)to match the language variant.CPY_2
MEDIUMDescription: rounded_rectangle clamps y_radius against
width / 2.0rather thanheight / 2.0. For tall narrow rectangles this rounds corners using the wrong dimension and also assigns double to int silently.Locations:
Fix: Change
y_radius = MIN(y_radius, width / 2.0);toy_radius = MIN(y_radius, height / 2);.PANIC_9
MEDIUMDescription: gnome_normalize_locale dereferences locale[0] without checking locale != NULL. Sibling functions g_return_val_if_fail on NULL.
Locations:
Fix: Add
g_return_val_if_fail(locale != NULL, NULL);at the top of the function.