<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - RTEMS</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>
<p>
Please find the latest report on new defect(s) introduced to <strong>RTEMS</strong>
found with Coverity Scan.
</p>
<ul>
<li><strong>New Defects Found:</strong> 10</li>
<li><strong>Defects Shown:</strong> Showing 10 of 10 defect(s)</li>
</ul>
<h3>Defect Details</h3>
<pre>
** CID 1668653: (UNINIT)
_____________________________________________________________________________________________
*** CID 1668653: (UNINIT)
/cpukit/libfs/src/fatfs/ff.c: 4384 in f_getcwd()
4378
4379 /* Follow parent directories and create the path */
4380 i = len; /* Bottom of buffer (directory stack base) */
4381 if (!FF_FS_EXFAT || fs->fs_type != FS_EXFAT) { /* (Cannot do getcwd on exFAT and returns root path) */
4382 dj.obj.sclust = fs->cdir; /* Start to follow upper directory from current directory */
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.n_frag" when calling "dir_sdi".
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
4389 res = dir_sdi(&dj, 0);
/cpukit/libfs/src/fatfs/ff.c: 4389 in f_getcwd()
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.n_frag" when calling "dir_sdi".
4389 res = dir_sdi(&dj, 0);
4390 if (res != FR_OK) break;
4391 do { /* Find the entry links to the child directory */
4392 res = DIR_READ_FILE(&dj);
4393 if (res != FR_OK) break;
4394 if (ccl == ld_clust(fs, dj.dir)) break; /* Found the entry */
/cpukit/libfs/src/fatfs/ff.c: 4389 in f_getcwd()
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.objsize" when calling "dir_sdi".
4389 res = dir_sdi(&dj, 0);
4390 if (res != FR_OK) break;
4391 do { /* Find the entry links to the child directory */
4392 res = DIR_READ_FILE(&dj);
4393 if (res != FR_OK) break;
4394 if (ccl == ld_clust(fs, dj.dir)) break; /* Found the entry */
/cpukit/libfs/src/fatfs/ff.c: 4392 in f_getcwd()
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
4389 res = dir_sdi(&dj, 0);
4390 if (res != FR_OK) break;
4391 do { /* Find the entry links to the child directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.n_frag" when calling "dir_read".
4392 res = DIR_READ_FILE(&dj);
4393 if (res != FR_OK) break;
4394 if (ccl == ld_clust(fs, dj.dir)) break; /* Found the entry */
4395 res = dir_next(&dj, 0);
4396 } while (res == FR_OK);
4397 if (res == FR_NO_FILE) res = FR_INT_ERR;/* It cannot be 'not found'. */
/cpukit/libfs/src/fatfs/ff.c: 4384 in f_getcwd()
4378
4379 /* Follow parent directories and create the path */
4380 i = len; /* Bottom of buffer (directory stack base) */
4381 if (!FF_FS_EXFAT || fs->fs_type != FS_EXFAT) { /* (Cannot do getcwd on exFAT and returns root path) */
4382 dj.obj.sclust = fs->cdir; /* Start to follow upper directory from current directory */
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.objsize" when calling "dir_sdi".
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
4389 res = dir_sdi(&dj, 0);
/cpukit/libfs/src/fatfs/ff.c: 4389 in f_getcwd()
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.objsize" when calling "dir_sdi".
4389 res = dir_sdi(&dj, 0);
4390 if (res != FR_OK) break;
4391 do { /* Find the entry links to the child directory */
4392 res = DIR_READ_FILE(&dj);
4393 if (res != FR_OK) break;
4394 if (ccl == ld_clust(fs, dj.dir)) break; /* Found the entry */
/cpukit/libfs/src/fatfs/ff.c: 4384 in f_getcwd()
4378
4379 /* Follow parent directories and create the path */
4380 i = len; /* Bottom of buffer (directory stack base) */
4381 if (!FF_FS_EXFAT || fs->fs_type != FS_EXFAT) { /* (Cannot do getcwd on exFAT and returns root path) */
4382 dj.obj.sclust = fs->cdir; /* Start to follow upper directory from current directory */
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.objsize" when calling "dir_sdi".
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
4389 res = dir_sdi(&dj, 0);
** CID 1668652: (UNINIT)
/cpukit/libfs/src/fatfs/ff.c: 5205 in f_rename()
/cpukit/libfs/src/fatfs/ff.c: 5227 in f_rename()
_____________________________________________________________________________________________
*** CID 1668652: (UNINIT)
/cpukit/libfs/src/fatfs/ff.c: 5205 in f_rename()
5199 #if FF_FS_EXFAT
5200 if (fs->fs_type == FS_EXFAT) { /* At exFAT volume */
5201 BYTE nf, nn;
5202 WORD nh;
5203
5204 memcpy(buf, fs->dirbuf, SZDIRE * 2); /* Save 85+C0 entry of old object */
>>> CID 1668652: (UNINIT)
>>> Using uninitialized value "djo". Field "djo.obj.id" is uninitialized when calling "memcpy".
5205 memcpy(&djn, &djo, sizeof djo);
5206 res = follow_path(&djn, path_new); /* Make sure if new object name is not in use */
5207 if (res == FR_OK) { /* Is new name already in use by any other object? */
5208 res = (djn.obj.sclust == djo.obj.sclust && djn.dptr == djo.dptr) ? FR_NO_FILE : FR_EXIST;
5209 }
5210 if (res == FR_NO_FILE) { /* It is a valid path and no name collision */
/cpukit/libfs/src/fatfs/ff.c: 5227 in f_rename()
5221 }
5222 }
5223 } else
5224 #endif
5225 { /* At FAT/FAT32 volume */
5226 memcpy(buf, djo.dir, SZDIRE); /* Save directory entry of the object */
>>> CID 1668652: (UNINIT)
>>> Using uninitialized value "djo". Field "djo.obj.id" is uninitialized when calling "memcpy".
5227 memcpy(&djn, &djo, sizeof (DIR)); /* Duplicate the directory object */
5228 res = follow_path(&djn, path_new); /* Make sure if new object name is not in use */
5229 if (res == FR_OK) { /* Is new name already in use by any other object? */
5230 res = (djn.obj.sclust == djo.obj.sclust && djn.dptr == djo.dptr) ? FR_NO_FILE : FR_EXIST;
5231 }
5232 if (res == FR_NO_FILE) { /* It is a valid path and no name collision */
** CID 1668651: Integer handling issues (SIGN_EXTENSION)
/cpukit/libfs/src/fatfs/rtems-fatfs.h: 184 in rtems_fatfs_filinfo_to_stat()
_____________________________________________________________________________________________
*** CID 1668651: Integer handling issues (SIGN_EXTENSION)
/cpukit/libfs/src/fatfs/rtems-fatfs.h: 184 in rtems_fatfs_filinfo_to_stat()
178 memset( st, 0, sizeof( *st ) );
179
180 while ( *name != '\0' ) {
181 inode_hash = ( inode_hash * 33 ) + (unsigned char) *name;
182 name++;
183 }
>>> CID 1668651: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "fno->fdate" with type "WORD" (16 bits, unsigned) is promoted in "fno->fdate << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned long long" (64 bits, unsigned). If "fno->fdate << 16" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
184 inode_hash ^= fno->fsize ^ ( fno->fdate << 16 ) ^ fno->ftime;
185
186 st->st_ino = ( inode_hash != 0 ) ? inode_hash : 1;
187 st->st_dev = 1;
188 st->st_size = (off_t) fno->fsize;
189 st->st_blksize = 512;
** CID 1668650: Control flow issues (DEADCODE)
/cpukit/libfs/src/fatfs/ff.c: 5901 in create_partition()
_____________________________________________________________________________________________
*** CID 1668650: Control flow issues (DEADCODE)
/cpukit/libfs/src/fatfs/ff.c: 5901 in create_partition()
5895 } else
5896 #endif
5897 { /* Create partitions in MBR format */
5898 sz_drv32 = (DWORD)sz_drv;
5899 n_sc = N_SEC_TRACK; /* Determine drive CHS without any consideration of the drive geometry */
5900 for (n_hd = 8; n_hd != 0 && sz_drv32 / n_hd / n_sc > 1024; n_hd *= 2) ;
>>> CID 1668650: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "n_hd = 255;".
5901 if (n_hd == 0) n_hd = 255; /* Number of heads needs to be <256 */
5902
5903 memset(buf, 0, FF_MAX_SS); /* Clear MBR */
5904 pte = buf + MBR_Table; /* Partition table in the MBR */
5905 for (i = 0, nxt_alloc32 = n_sc; i < 4 && nxt_alloc32 != 0 && nxt_alloc32 < sz_drv32; i++, nxt_alloc32 += sz_part32) {
5906 sz_part32 = (DWORD)plst[i]; /* Get partition size */
** CID 1668649: Error handling issues (CHECKED_RETURN)
/cpukit/libfs/src/fatfs/ff.c: 5184 in f_rename()
_____________________________________________________________________________________________
*** CID 1668649: Error handling issues (CHECKED_RETURN)
/cpukit/libfs/src/fatfs/ff.c: 5184 in f_rename()
5178 BYTE buf[FF_FS_EXFAT ? SZDIRE * 2 : SZDIRE], *dir;
5179 LBA_t sect;
5180 DEF_NAMBUF
5181
5182
5183 /* Snip the drive number of new name off */
>>> CID 1668649: Error handling issues (CHECKED_RETURN)
>>> Calling "get_ldnumber" without checking return value (as is done elsewhere 4 out of 5 times).
5184 get_ldnumber(&path_new);
5185
5186 /* Get logical drive of the old object */
5187 res = mount_volume(&path_old, &fs, FA_WRITE);
5188 if (res == FR_OK) {
5189 djo.obj.fs = fs;
** CID 1668648: (UNINIT)
_____________________________________________________________________________________________
*** CID 1668648: (UNINIT)
/cpukit/libfs/src/fatfs/ff.c: 4867 in f_getfree()
4861 } else {
4862 /* Scan FAT to obtain the correct free cluster count */
4863 nfree = 0;
4864 if (fs->fs_type == FS_FAT12) { /* FAT12: Scan bit field FAT entries */
4865 clst = 2; obj.fs = fs;
4866 do {
>>> CID 1668648: (UNINIT)
>>> Using uninitialized value "obj.n_frag" when calling "get_fat".
4867 stat = get_fat(&obj, clst);
4868 if (stat == 0xFFFFFFFF) {
4869 res = FR_DISK_ERR; break;
4870 }
4871 if (stat == 1) {
4872 res = FR_INT_ERR; break;
/cpukit/libfs/src/fatfs/ff.c: 4867 in f_getfree()
4861 } else {
4862 /* Scan FAT to obtain the correct free cluster count */
4863 nfree = 0;
4864 if (fs->fs_type == FS_FAT12) { /* FAT12: Scan bit field FAT entries */
4865 clst = 2; obj.fs = fs;
4866 do {
>>> CID 1668648: (UNINIT)
>>> Using uninitialized value "obj.stat" when calling "get_fat".
4867 stat = get_fat(&obj, clst);
4868 if (stat == 0xFFFFFFFF) {
4869 res = FR_DISK_ERR; break;
4870 }
4871 if (stat == 1) {
4872 res = FR_INT_ERR; break;
/cpukit/libfs/src/fatfs/ff.c: 4867 in f_getfree()
4861 } else {
4862 /* Scan FAT to obtain the correct free cluster count */
4863 nfree = 0;
4864 if (fs->fs_type == FS_FAT12) { /* FAT12: Scan bit field FAT entries */
4865 clst = 2; obj.fs = fs;
4866 do {
>>> CID 1668648: (UNINIT)
>>> Using uninitialized value "obj.stat" when calling "get_fat".
4867 stat = get_fat(&obj, clst);
4868 if (stat == 0xFFFFFFFF) {
4869 res = FR_DISK_ERR; break;
4870 }
4871 if (stat == 1) {
4872 res = FR_INT_ERR; break;
** CID 1668647: (UNINIT)
_____________________________________________________________________________________________
*** CID 1668647: (UNINIT)
/cpukit/libfs/src/fatfs/ff.c: 5048 in f_unlink()
5042 #if FF_FS_EXFAT
5043 if (fs->fs_type == FS_EXFAT) {
5044 sdj.obj.objsize = obj.objsize;
5045 sdj.obj.stat = obj.stat;
5046 }
5047 #endif
>>> CID 1668647: (UNINIT)
>>> Using uninitialized value "sdj.obj.n_frag" when calling "dir_sdi".
5048 res = dir_sdi(&sdj, 0);
5049 if (res == FR_OK) {
5050 res = DIR_READ_FILE(&sdj); /* Test if the directory is empty */
5051 if (res == FR_OK) res = FR_DENIED; /* Not empty? */
5052 if (res == FR_NO_FILE) res = FR_OK; /* Empty? */
5053 }
/cpukit/libfs/src/fatfs/ff.c: 5050 in f_unlink()
5044 sdj.obj.objsize = obj.objsize;
5045 sdj.obj.stat = obj.stat;
5046 }
5047 #endif
5048 res = dir_sdi(&sdj, 0);
5049 if (res == FR_OK) {
>>> CID 1668647: (UNINIT)
>>> Using uninitialized value "sdj.obj.n_frag" when calling "dir_read".
5050 res = DIR_READ_FILE(&sdj); /* Test if the directory is empty */
5051 if (res == FR_OK) res = FR_DENIED; /* Not empty? */
5052 if (res == FR_NO_FILE) res = FR_OK; /* Empty? */
5053 }
5054 }
5055 }
/cpukit/libfs/src/fatfs/ff.c: 5048 in f_unlink()
5042 #if FF_FS_EXFAT
5043 if (fs->fs_type == FS_EXFAT) {
5044 sdj.obj.objsize = obj.objsize;
5045 sdj.obj.stat = obj.stat;
5046 }
5047 #endif
>>> CID 1668647: (UNINIT)
>>> Using uninitialized value "sdj.obj.n_cont" when calling "dir_sdi".
5048 res = dir_sdi(&sdj, 0);
5049 if (res == FR_OK) {
5050 res = DIR_READ_FILE(&sdj); /* Test if the directory is empty */
5051 if (res == FR_OK) res = FR_DENIED; /* Not empty? */
5052 if (res == FR_NO_FILE) res = FR_OK; /* Empty? */
5053 }
/cpukit/libfs/src/fatfs/ff.c: 5048 in f_unlink()
5042 #if FF_FS_EXFAT
5043 if (fs->fs_type == FS_EXFAT) {
5044 sdj.obj.objsize = obj.objsize;
5045 sdj.obj.stat = obj.stat;
5046 }
5047 #endif
>>> CID 1668647: (UNINIT)
>>> Using uninitialized value "sdj.obj.objsize" when calling "dir_sdi".
5048 res = dir_sdi(&sdj, 0);
5049 if (res == FR_OK) {
5050 res = DIR_READ_FILE(&sdj); /* Test if the directory is empty */
5051 if (res == FR_OK) res = FR_DENIED; /* Not empty? */
5052 if (res == FR_NO_FILE) res = FR_OK; /* Empty? */
5053 }
** CID 1668646: Memory - corruptions (OVERRUN)
/cpukit/libfs/src/fatfs/ff.c: 2737 in get_fileinfo()
_____________________________________________________________________________________________
*** CID 1668646: Memory - corruptions (OVERRUN)
/cpukit/libfs/src/fatfs/ff.c: 2737 in get_fileinfo()
2731 nw = put_utf(wc, &fno->altname[di], FF_SFN_BUF - di); /* Store it in API encoding */
2732 if (nw == 0) { /* Buffer overflow? */
2733 di = 0; break;
2734 }
2735 di += nw;
2736 #else /* ANSI/OEM output */
>>> CID 1668646: Memory - corruptions (OVERRUN)
>>> Overrunning array "fno->altname" of 13 bytes at byte offset 13 using index "di++" (which evaluates to 13).
2737 fno->altname[di++] = (TCHAR)wc; /* Store it without any conversion */
2738 #endif
2739 }
2740 fno->altname[di] = 0; /* Terminate the SFN (null string means SFN is invalid) */
2741
2742 if (fno->fname[0] == 0) { /* If LFN is invalid, altname[] needs to be copied to fname[] */
** CID 1668645: Error handling issues (CHECKED_RETURN)
/cpukit/libfs/src/fatfs/ff.c: 5154 in f_mkdir()
_____________________________________________________________________________________________
*** CID 1668645: Error handling issues (CHECKED_RETURN)
/cpukit/libfs/src/fatfs/ff.c: 5154 in f_mkdir()
5148 fs->wflag = 1;
5149 }
5150 if (res == FR_OK) {
5151 res = sync_fs(fs);
5152 }
5153 } else {
>>> CID 1668645: Error handling issues (CHECKED_RETURN)
>>> Calling "remove_chain" without checking return value (as is done elsewhere 5 out of 6 times).
5154 remove_chain(&sobj, dcl, 0); /* Could not register, remove the allocated cluster */
5155 }
5156 }
5157 FREE_NAMBUF();
5158 }
5159
** CID 1668644: Integer handling issues (INTEGER_OVERFLOW)
/cpukit/libfs/src/fatfs/ff.c: 1216 in get_fat()
_____________________________________________________________________________________________
*** CID 1668644: Integer handling issues (INTEGER_OVERFLOW)
/cpukit/libfs/src/fatfs/ff.c: 1216 in get_fat()
1210 val = ld_32(fs->win + clst * 4 % SS(fs)) & 0x0FFFFFFF; /* Simple DWORD array but mask out upper 4 bits */
1211 break;
1212 #if FF_FS_EXFAT
1213 case FS_EXFAT :
1214 if ((obj->objsize != 0 && obj->sclust != 0) || obj->stat == 0) { /* Object except root dir must have valid data length */
1215 DWORD cofs = clst - obj->sclust; /* Offset from start cluster */
>>> CID 1668644: Integer handling issues (INTEGER_OVERFLOW)
>>> Expression "obj->objsize - 1ULL", where "obj->objsize" is known to be equal to 0, underflows the type of "obj->objsize - 1ULL", which is type "unsigned long long".
1216 DWORD clen = (DWORD)((LBA_t)((obj->objsize - 1) / SS(fs)) / fs->csize); /* Number of clusters - 1 */
1217
1218 if (obj->stat == 2 && cofs <= clen) { /* Is it a contiguous chain? */
1219 val = (cofs == clen) ? 0x7FFFFFFF : clst + 1; /* No data on the FAT, generate the value */
1220 break;
1221 }
</pre>
<p>
<a href="https://scan.coverity.com/projects/rtems?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>
<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>