[RTEMS Project] #3597: Variable tmp_dirent not initialized CID 1440356
RTEMS trac
trac at rtems.org
Sat Nov 10 13:26:50 UTC 2018
#3597: Variable tmp_dirent not initialized CID 1440356
----------------------+-------------------------
Reporter: zehata | Owner: (none)
Type: defect | Status: new
Priority: normal | Milestone: Indefinite
Component: fs | Version: 6
Severity: normal | Resolution:
Keywords: coverity | Blocked By:
Blocking: |
----------------------+-------------------------
Description changed by Joel Sherrill:
Old description:
> From rtems root directory, cd cpukit/libfs/src/dosfs/msdos_dir.c
> tmp.dirent was used 18 times but isn't initialized anywhere in the file.
New description:
From rtems root directory, cd cpukit/libfs/src/dosfs/msdos_dir.c
tmp.dirent was used 18 times but isn't initialized anywhere in the file.
In line 325, memcpy was used, with the second parameter, a constant, being
tmp_dirent, however, before this, it was not initialized at all, leading
to the usage of an uninitialized variable (in memcpy)
{{{
64 msdos_dir_read(rtems_libio_t *iop, void *buffer, size_t count)
65 {
...
73 struct dirent tmp_dirent;
...
154 if ((*MSDOS_DIR_ATTR(entry) & MSDOS_ATTR_LFN_MASK) == MSDOS_ATTR_LFN)
155 {
...
324 if ( cmpltd >= 0 ) {
}}}
Uninitialized scalar variable (UNINIT)
uninit_use_in_call: Using uninitialized value tmp_dirent. Field
tmp_dirent.d_type is uninitialized when calling memcpy.
{{{
325 memcpy(buffer + cmpltd, &tmp_dirent, sizeof(struct dirent));
326
327 iop->offset = iop->offset + sizeof(struct dirent);
328 cmpltd += (sizeof(struct dirent));
329 count -= (sizeof(struct dirent));
330
331 /* inode number extracted, close fat-file */
332 rc = fat_file_close(&fs_info->fat, tmp_fat_fd);
333 if (rc != RC_OK)
334 {
335 msdos_fs_unlock(fs_info);
336 return rc;
337 }
338 }
339 }
...
349 }
}}}
--
--
Ticket URL: <http://devel.rtems.org/ticket/3597#comment:3>
RTEMS Project <http://www.rtems.org/>
RTEMS Project
More information about the bugs
mailing list