<div dir="ltr"><br>I don't think this is due to a recent addition. I just upgraded to a new version of the Coverity analysis tool.<div><br></div><div>Does anyone see a fix for this?</div><div><br></div><div>--joel<br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <span dir="auto"><<a href="mailto:scan-admin@coverity.com">scan-admin@coverity.com</a>></span><br>Date: Mon, Aug 29, 2022 at 5:14 PM<br>Subject: New Defects reported by Coverity Scan for RTEMS-Tools<br>To: <<a href="mailto:joel.sherrill@gmail.com">joel.sherrill@gmail.com</a>><br></div><br><br>Hi,<br>
<br>
Please find the latest report on new defect(s) introduced to RTEMS-Tools found with Coverity Scan.<br>
<br>
11 new defect(s) introduced to RTEMS-Tools found with Coverity Scan.<br>
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.<br>
<br>
New defect(s) Reported-by: Coverity Scan<br>
Showing 11 of 11 defect(s)<br>
<br>
<br>
** CID 1521908: Memory - illegal accesses (STRING_NULL)<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1521908: Memory - illegal accesses (STRING_NULL)<br>
/rtemstoolkit/SimpleIni.h: 1377 in CSimpleIniTempl<char, SI_GenericCase<char>, SI_ConvertA<char>>::LoadFile(_IO_FILE *)()<br>
1371 if (uRead != (size_t) lSize) {<br>
1372 delete[] pData;<br>
1373 return SI_FILE;<br>
1374 }<br>
1375 <br>
1376 // convert the raw data to unicode<br>
>>> CID 1521908: Memory - illegal accesses (STRING_NULL)<br>
>>> Calling "LoadData" with the input string "pData", which is greater than or equal to "uRead" in length, or not null-terminated.<br>
1377 SI_Error rc = LoadData(pData, uRead);<br>
1378 delete[] pData;<br>
1379 return rc;<br>
1380 }<br>
1381 <br>
1382 template<class SI_CHAR, class SI_STRLESS, class SI_CONVERTER><br>
<br>
** CID 1521907: Memory - illegal accesses (STRING_NULL)<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1521907: Memory - illegal accesses (STRING_NULL)<br>
/rtemstoolkit/libiberty/cplus-dem.c: 2962 in demangle_prefix()<br>
2956 {<br>
2957 /* No separator (I.E. "__not_mangled"), or empty signature<br>
2958 (I.E. "__not_mangled_either__") */<br>
2959 success = 0;<br>
2960 }<br>
2961 else<br>
>>> CID 1521907: Memory - illegal accesses (STRING_NULL)<br>
>>> Passing unterminated string "declp->b" to "iterate_demangle_function", which expects a null-terminated string.<br>
2962 return iterate_demangle_function (work, mangled, declp, scan);<br>
2963 }<br>
2964 }<br>
2965 else if (*(scan + 2) != '\0')<br>
2966 {<br>
2967 /* Mangled name does not start with "__" but does have one somewhere<br>
<br>
** CID 1521906: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 418 in _dwarf_decode_sleb128()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1521906: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 418 in _dwarf_decode_sleb128()<br>
412 int shift = 0;<br>
413 <br>
414 uint8_t *src = *dp;<br>
415 <br>
416 do {<br>
417 b = *src++;<br>
>>> CID 1521906: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "int64_t" (64 bits, signed).<br>
418 ret |= ((b & 0x7f) << shift);<br>
419 shift += 7;<br>
420 } while ((b & 0x80) != 0);<br>
421 <br>
422 if (shift < 64 && (b & 0x40) != 0)<br>
423 ret |= (-1 << shift);<br>
<br>
** CID 1521905: Insecure data handling (TAINTED_SCALAR)<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1521905: Insecure data handling (TAINTED_SCALAR)<br>
/rtemstoolkit/rld-elf.cpp: 574 in rld::elf::file::begin(const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, int, bool, rld::elf::file*, long)()<br>
568 writable = writable_;<br>
569 elf_ = elf__;<br>
570 <br>
571 if (!archive && !writable)<br>
572 {<br>
573 load_header ();<br>
>>> CID 1521905: Insecure data handling (TAINTED_SCALAR)<br>
>>> Passing tainted expression "this->ehdr" to "load_sections", which uses it as a loop boundary.<br>
574 load_sections ();<br>
575 }<br>
576 }<br>
577 <br>
578 void<br>
579 file::end ()<br>
<br>
** CID 1521904: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 423 in _dwarf_decode_sleb128()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1521904: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 423 in _dwarf_decode_sleb128()<br>
417 b = *src++;<br>
418 ret |= ((b & 0x7f) << shift);<br>
419 shift += 7;<br>
420 } while ((b & 0x80) != 0);<br>
421 <br>
422 if (shift < 64 && (b & 0x40) != 0)<br>
>>> CID 1521904: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
>>> Potentially overflowing expression "0xffffffffffffffff << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "int64_t" (64 bits, signed).<br>
423 ret |= (-1 << shift);<br>
424 <br>
425 *dp = src;<br>
426 <br>
427 return (ret);<br>
428 }<br>
<br>
** CID 1521903: Performance inefficiencies (AUTO_CAUSES_COPY)<br>
/tester/covoar/CoverageMapBase.cc: 217 in Coverage::CoverageMapBase::getRange(unsigned int, Coverage::AddressRange &) const()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1521903: Performance inefficiencies (AUTO_CAUSES_COPY)<br>
/tester/covoar/CoverageMapBase.cc: 217 in Coverage::CoverageMapBase::getRange(unsigned int, Coverage::AddressRange &) const()<br>
211 {<br>
212 return Ranges.at( index ).lowAddress;<br>
213 }<br>
214 <br>
215 bool CoverageMapBase::getRange( uint32_t address, AddressRange& range ) const<br>
216 {<br>
>>> CID 1521903: Performance inefficiencies (AUTO_CAUSES_COPY)<br>
>>> Using the "auto" keyword without an "&" causes the copy of an object of type AddressRange.<br>
217 for ( auto r : Ranges ) {<br>
218 if ( r.inside( address ) ) {<br>
219 range.lowAddress = r.lowAddress;<br>
220 range.highAddress = r.highAddress;<br>
221 <a href="http://range.info" rel="noreferrer" target="_blank">range.info</a> = <a href="http://r.info" rel="noreferrer" target="_blank">r.info</a>;<br>
222 return true;<br>
<br>
** CID 1521902: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 287 in _dwarf_read_sleb128()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1521902: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 287 in _dwarf_read_sleb128()<br>
281 uint8_t *src;<br>
282 <br>
283 src = data + *offsetp;<br>
284 <br>
285 do {<br>
286 b = *src++;<br>
>>> CID 1521902: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "int64_t" (64 bits, signed).<br>
287 ret |= ((b & 0x7f) << shift);<br>
288 (*offsetp)++;<br>
289 shift += 7;<br>
290 } while ((b & 0x80) != 0);<br>
291 <br>
292 if (shift < 64 && (b & 0x40) != 0)<br>
<br>
** CID 1521901: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 293 in _dwarf_read_sleb128()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1521901: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 293 in _dwarf_read_sleb128()<br>
287 ret |= ((b & 0x7f) << shift);<br>
288 (*offsetp)++;<br>
289 shift += 7;<br>
290 } while ((b & 0x80) != 0);<br>
291 <br>
292 if (shift < 64 && (b & 0x40) != 0)<br>
>>> CID 1521901: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
>>> Potentially overflowing expression "0xffffffffffffffff << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "int64_t" (64 bits, signed).<br>
293 ret |= (-1 << shift);<br>
294 <br>
295 return (ret);<br>
296 }<br>
297 <br>
298 int<br>
<br>
** CID 1521900: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 356 in _dwarf_read_uleb128()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1521900: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 356 in _dwarf_read_uleb128()<br>
350 uint8_t *src;<br>
351 <br>
352 src = data + *offsetp;<br>
353 <br>
354 do {<br>
355 b = *src++;<br>
>>> CID 1521900: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).<br>
356 ret |= ((b & 0x7f) << shift);<br>
357 (*offsetp)++;<br>
358 shift += 7;<br>
359 } while ((b & 0x80) != 0);<br>
360 <br>
361 return (ret);<br>
<br>
** CID 1521899: Memory - corruptions (OVERRUN)<br>
/trace/record/record-main-lttng.cc: 455 in LTTNGClient::AddThreadName(PerCPUContext *, const ClientItem &)()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1521899: Memory - corruptions (OVERRUN)<br>
/trace/record/record-main-lttng.cc: 455 in LTTNGClient::AddThreadName(PerCPUContext *, const ClientItem &)()<br>
449 <br>
450 uint32_t obj_index = GetObjIndexOfID(pcpu->thread_id);<br>
451 uint64_t name = item.data;<br>
452 size_t i;<br>
453 for (i = pcpu->thread_name_index; i < pcpu->thread_name_index + data_size();<br>
454 ++i) {<br>
>>> CID 1521899: Memory - corruptions (OVERRUN)<br>
>>> Overrunning array "this->thread_names_[api_index][obj_index]" of 3145728 bytes at byte offset 3145728 using index "i" (which evaluates to 16).<br>
455 thread_names_[api_index][obj_index][i] = static_cast<uint8_t>(name);<br>
456 name >>= BITS_PER_CHAR;<br>
457 }<br>
458 <br>
459 pcpu->thread_name_index = i;<br>
460 }<br>
<br>
** CID 1521898: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 441 in _dwarf_decode_uleb128()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1521898: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 441 in _dwarf_decode_uleb128()<br>
435 int shift = 0;<br>
436 <br>
437 uint8_t *src = *dp;<br>
438 <br>
439 do {<br>
440 b = *src++;<br>
>>> CID 1521898: Integer handling issues (OVERFLOW_BEFORE_WIDEN)<br>
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).<br>
441 ret |= ((b & 0x7f) << shift);<br>
442 shift += 7;<br>
443 } while ((b & 0x80) != 0);<br>
444 <br>
445 *dp = src;<br>
446 <br>
<br>
<br>
________________________________________________________________________________________________________<br>
To view the defects in Coverity Scan visit, <a href="https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQi8c7-2B1U0roIV5G3HXifs2odF2CS2aZ-2FK5CtfMSQ5p34-3DUmMl_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXpChcmq82e05YwUiaNQNEVv6HO3ZwwCsSEdZKrCHSBO8RSsuTljXOlvRo2aKBu-2Fqh1cHu3h3O0ALJdixBaCfrANMTDVs4zRJuydhhpmnbpm4sDLN0PzHrJl6YTBotmpp3lW9DkRknOK-2F-2FYeNgnhinh4Rf2FT3MaTGop6EOwrKxs2OqwJ28MLjIw-2FyWoYIYFV4w-3D" rel="noreferrer" target="_blank">https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQi8c7-2B1U0roIV5G3HXifs2odF2CS2aZ-2FK5CtfMSQ5p34-3DUmMl_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXpChcmq82e05YwUiaNQNEVv6HO3ZwwCsSEdZKrCHSBO8RSsuTljXOlvRo2aKBu-2Fqh1cHu3h3O0ALJdixBaCfrANMTDVs4zRJuydhhpmnbpm4sDLN0PzHrJl6YTBotmpp3lW9DkRknOK-2F-2FYeNgnhinh4Rf2FT3MaTGop6EOwrKxs2OqwJ28MLjIw-2FyWoYIYFV4w-3D</a><br>
<br>
To manage Coverity Scan email notifications for "<a href="mailto:joel.sherrill@gmail.com" target="_blank">joel.sherrill@gmail.com</a>", click <a href="https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQfFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2FuqaA-3D5EGW_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXpChcmq82e05YwUiaNQNEVv6HO3ZwwCsSEdZKrCHSBO8aBSzomH8uegMEygftbwvLSoxeWo98AX48igSlWHQgHBnTfLZ7sVYrjQgT0H5XHzQT-2B6fEo78oq4Z14msiiXqBbnFhWgoahlKbWGWYPPrHp-2BjaWbj1bF0qFpePRZEcmOuuTjJ8zKJKXOMhJ5gOUGC9s-3D" rel="noreferrer" target="_blank">https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQfFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2FuqaA-3D5EGW_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXpChcmq82e05YwUiaNQNEVv6HO3ZwwCsSEdZKrCHSBO8aBSzomH8uegMEygftbwvLSoxeWo98AX48igSlWHQgHBnTfLZ7sVYrjQgT0H5XHzQT-2B6fEo78oq4Z14msiiXqBbnFhWgoahlKbWGWYPPrHp-2BjaWbj1bF0qFpePRZEcmOuuTjJ8zKJKXOMhJ5gOUGC9s-3D</a><br>
<br>
</div></div></div>