<div dir="ltr">Chris,<div><br></div><div>I don't think Coverity was pleased with your recent changes to edit.c :)</div><div><br></div><div>--joel<br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Forwarded message ---------<br>From: <span dir="auto"><<a href="mailto:scan-admin@coverity.com">scan-admin@coverity.com</a>></span><br>Date: Wed, Nov 23, 2022 at 1:15 AM<br>Subject: New Defects reported by Coverity Scan for RTEMS<br>To: <<a href="mailto:build@rtems.org">build@rtems.org</a>><br></div><br><br>Hi,<br>
<br>
Please find the latest report on new defect(s) introduced to RTEMS found with Coverity Scan.<br>
<br>
3 new defect(s) introduced to RTEMS found with Coverity Scan.<br>
<br>
<br>
New defect(s) Reported-by: Coverity Scan<br>
Showing 3 of 3 defect(s)<br>
<br>
<br>
** CID 1517031: Insecure data handling (TAINTED_SCALAR)<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1517031: Insecure data handling (TAINTED_SCALAR)<br>
/cpukit/libmisc/shell/main_edit.c: 1992 in redraw_screen()<br>
1986 <br>
1987 ed->refresh = 1;<br>
1988 }<br>
1989 <br>
1990 static void redraw_screen(struct editor *ed) {<br>
1991 get_console_size(ed->env);<br>
>>> CID 1517031: Insecure data handling (TAINTED_SCALAR)<br>
>>> Passing tainted expression "ed->env" to "draw_screen", which uses it as a loop boundary.<br>
1992 draw_screen(ed);<br>
1993 }<br>
1994 <br>
1995 static int quit(struct env *env) {<br>
1996 struct editor *ed = env->current;<br>
1997 struct editor *start = ed;<br>
<br>
** CID 1517030: Incorrect expression (UNUSED_VALUE)<br>
/cpukit/libmisc/shell/main_edit.c: 759 in get_console_size()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1517030: Incorrect expression (UNUSED_VALUE)<br>
/cpukit/libmisc/shell/main_edit.c: 759 in get_console_size()<br>
753 struct winsize ws;<br>
754 ioctl(0, TIOCGWINSZ, &ws);<br>
755 env->cols = ws.ws_col;<br>
756 env->lines = ws.ws_row - 1;<br>
757 #elif defined(__rtems__)<br>
758 char* e;<br>
>>> CID 1517030: Incorrect expression (UNUSED_VALUE)<br>
>>> Assigning value "25" to "env->lines" here, but that stored value is overwritten before it can be used.<br>
759 env->lines = 25;<br>
760 env->lines = 80;<br>
761 e = getenv("LINES");<br>
762 if (e != NULL) {<br>
763 int lines = strtol(e, 0, 10);<br>
764 if (lines > 0) {<br>
<br>
** CID 1517029: Insecure data handling (TAINTED_SCALAR)<br>
/cpukit/libmisc/shell/main_edit.c: 780 in get_console_size()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 1517029: Insecure data handling (TAINTED_SCALAR)<br>
/cpukit/libmisc/shell/main_edit.c: 780 in get_console_size()<br>
774 }<br>
775 #else<br>
776 struct term *term = gettib()->proc->term;<br>
777 env->cols = term->cols;<br>
778 env->lines = term->lines - 1;<br>
779 #endif<br>
>>> CID 1517029: Insecure data handling (TAINTED_SCALAR)<br>
>>> Passing tainted expression "env->cols + 32" to "realloc", which uses it as an allocation size. [Note: The source code implementation of the function has been overridden by a builtin model.]<br>
780 env->linebuf = realloc(env->linebuf, env->cols + LINEBUF_EXTRA);<br>
781 }<br>
782 <br>
783 static void outch(char c) {<br>
784 putchar(c);<br>
785 }<br>
<br>
<br>
________________________________________________________________________________________________________<br>
To view the defects in Coverity Scan visit, <a href="https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQ4-2B8hpujh0hTgQljRGId4Dg-3D-3DGr-Y_EU3W9teASMK00lBXX9WT4lsogDrkCcNZLvg-2FVxwAXMqwq-2FLY5UKW-2FhhinR3e3vpWzrDiUmhAIYAWGY8CAwDNQLbxoOK7jx4uEYuEA18jT8PboURbCG5RbwkKdUWqCHW6bgBCVvWsy6OOEx44VsgSb0-2BOSrEegH8zssvN9oWz11vOH8c4avf3tCzVLe01l2-2FFOCkw36P3laWsmnE2eaZUoA-3D-3D" rel="noreferrer" target="_blank">https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQ4-2B8hpujh0hTgQljRGId4Dg-3D-3DGr-Y_EU3W9teASMK00lBXX9WT4lsogDrkCcNZLvg-2FVxwAXMqwq-2FLY5UKW-2FhhinR3e3vpWzrDiUmhAIYAWGY8CAwDNQLbxoOK7jx4uEYuEA18jT8PboURbCG5RbwkKdUWqCHW6bgBCVvWsy6OOEx44VsgSb0-2BOSrEegH8zssvN9oWz11vOH8c4avf3tCzVLe01l2-2FFOCkw36P3laWsmnE2eaZUoA-3D-3D</a><br>
<br>
_______________________________________________<br>
build mailing list<br>
<a href="mailto:build@rtems.org" target="_blank">build@rtems.org</a><br>
<a href="http://lists.rtems.org/mailman/listinfo/build" rel="noreferrer" target="_blank">http://lists.rtems.org/mailman/listinfo/build</a><br>
</div></div></div>