[RTEMS Project] #2926: Coverity Reports Multiple Out of Bounds Accesses in rtd-mdreloc-sparc.c (was: Out of Bounds Access in rtd-mdreloc-sparc.c)

RTEMS trac trac at rtems.org
Tue Mar 14 21:28:40 UTC 2017 

#2926: Coverity Reports Multiple Out of Bounds Accesses in rtd-mdreloc-sparc.c
---------------------------+-----------------------
 Reporter:  Joel Sherrill  |       Owner:  chrisj@…
     Type:  defect         |      Status:  assigned
 Priority:  normal         |   Milestone:  4.12
Component:  libdl          |     Version:  4.12
 Severity:  normal         |  Resolution:
 Keywords:                 |
---------------------------+-----------------------
Description changed by Joel Sherrill:

Old description:

> Coverity spots an out of bounds read in rtl-mdreloc-sparc.c. Given the
> comment at the top that it was "Taken from NetBSD and stripped of the
> relocations not needed on RTEMS", I am unsure how to correlate the code
> back to the original to see if the issue exists upstream. Also I do not
> know where in the NetBSD source this came from.
>
> https://scan5.coverity.com/reports.htm#v29808/p10069/fileInstanceId=109360252&defectInstanceId=30967451&mergedDefectId=1255330
>
> The long analysis ends with:
>
> 226
>
> CID 1255330 (#1 of 1): Out-of-bounds read (OVERRUN)
> 14. overrun-local: Overrunning array reloc_target_bitmask of 24 4-byte
> elements at element index 45 (byte offset 180) using index type (which
> evaluates to 45).
> 227  mask = RELOC_VALUE_BITMASK (type);
> 228  value >>= RELOC_VALUE_RIGHTSHIFT (type);
> 229  value &= mask;

New description:

 Coverity spots an out of bounds read in rtl-mdreloc-sparc.c. Given the
 comment at the top that it was "Taken from NetBSD and stripped of the
 relocations not needed on RTEMS", I am unsure how to correlate the code
 back to the original to see if the issue exists upstream. Also I do not
 know where in the NetBSD source this came from.

 The first issue is:
 https://scan5.coverity.com/reports.htm#v29808/p10069/fileInstanceId=109360252&defectInstanceId=30967451&mergedDefectId=1255330

 The long analysis ends with:

 226

 CID 1255330 (#1 of 1): Out-of-bounds read (OVERRUN)
 14. overrun-local: Overrunning array reloc_target_bitmask of 24 4-byte
 elements at element index 45 (byte offset 180) using index type (which
 evaluates to 45).
 227  mask = RELOC_VALUE_BITMASK (type);
 228  value >>= RELOC_VALUE_RIGHTSHIFT (type);
 229  value &= mask;

 The others are:

 https://scan5.coverity.com/reports.htm#v29808/p10069/fileInstanceId=109360252&defectInstanceId=30967452&mergedDefectId=1255332
 https://scan5.coverity.com/reports.htm#v29808/p10069/fileInstanceId=109360252&defectInstanceId=30967450&mergedDefectId=1255342

--

--
Ticket URL: <http://devel.rtems.org/ticket/2926#comment:1>
RTEMS Project <http://www.rtems.org/>
RTEMS Project

More information about the bugs mailing list