RTEMS | cpukit/posix: Fix uninitialized read in sem_open (CID 1667263) (!952)
Joel Sherrill (@joel)
gitlab at rtems.org
Fri Jan 30 20:33:07 UTC 2026
Joel Sherrill started a new discussion on cpukit/posix/src/semopen.c: https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/952#note_140493
> }
>
> _Objects_Allocator_lock();
> the_semaphore = _POSIX_Semaphore_Get_by_name( name, &name_len, &error );
\_POSIX_Semaphore_Get_by_name() is a wrapper for \_Objects_Get_by_name() which sets name_len as output. There are error output paths in \_Objects_Get_by_name() which may be why Coverity thinks it isn't set. \_Objects_Get_by_name() calls strnlen() so adding a call to strlen() level is duplicative work.
It is likely the check for name_len_p == NULL in \_Objects_Get_by_name() should be an \_Assert() since it is an internal method. If all callers pass a pointer, that check isn't needed except as an RTEMS debug aid.
I lean to this being a mostly false positive and just initializing name_len = 0 is likely sufficient.
--
View it on GitLab: https://gitlab.rtems.org/rtems/rtos/rtems/-/merge_requests/952#note_140493
You're receiving this email because of your account on gitlab.rtems.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/bugs/attachments/20260130/95ce9731/attachment-0001.htm>
More information about the bugs
mailing list