New Defects reported by Coverity Scan for RTEMS-Tools
scan-admin at coverity.com
scan-admin at coverity.com
Wed Aug 4 17:22:28 UTC 2021
Hi,
Please find the latest report on new defect(s) introduced to RTEMS-Tools found with Coverity Scan.
10 new defect(s) introduced to RTEMS-Tools found with Coverity Scan.
14 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 1506210: Uninitialized members (UNINIT_CTOR)
/tester/covoar/ObjdumpProcessor.cc: 131 in Coverage::ObjdumpProcessor::ObjdumpProcessor(Coverage::DesiredSymbols &, std::shared_ptr<Target::TargetBase> &)()
________________________________________________________________________________________________________
*** CID 1506210: Uninitialized members (UNINIT_CTOR)
/tester/covoar/ObjdumpProcessor.cc: 131 in Coverage::ObjdumpProcessor::ObjdumpProcessor(Coverage::DesiredSymbols &, std::shared_ptr<Target::TargetBase> &)()
125 ObjdumpProcessor::ObjdumpProcessor(
126 DesiredSymbols& symbolsToAnalyze,
127 std::shared_ptr<Target::TargetBase>& targetInfo
128 ): symbolsToAnalyze_m( symbolsToAnalyze ),
129 targetInfo_m( targetInfo )
130 {
>>> CID 1506210: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "inputBuffer_m" is not initialized in this constructor nor in any functions that it calls.
131 }
132
133 ObjdumpProcessor::~ObjdumpProcessor()
134 {
135 }
136
** CID 1506209: Memory - corruptions (OVERRUN)
/tester/covoar/GcovData.cc: 400 in Gcov::GcovData::readFilePreamble(Gcov::gcov_preamble *, std::basic_ifstream<char, std::char_traits<char>> &, unsigned int)()
________________________________________________________________________________________________________
*** CID 1506209: Memory - corruptions (OVERRUN)
/tester/covoar/GcovData.cc: 400 in Gcov::GcovData::readFilePreamble(Gcov::gcov_preamble *, std::basic_ifstream<char, std::char_traits<char>> &, unsigned int)()
394 uint32_t desiredMagic
395 )
396 {
397 int length;
398
399 length = sizeof( gcov_preamble );
>>> CID 1506209: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "(char *)&preamble" of 8 bytes by passing it to a function which accesses it at byte offset 47 using argument "48L".
400 gcovFile.read( (char *) &preamble, 4 * sizeof( gcov_preamble ) );
401 if ( gcovFile.gcount() != 4 * sizeof( gcov_preamble ) ) {
402 std::cerr << "Error while reading file preamble" << std::endl;
403 return -1;
404 }
405
** CID 1506208: Memory - corruptions (OVERRUN)
/tester/covoar/GcovData.cc: 132 in Gcov::GcovData::writeGcdaFile()()
________________________________________________________________________________________________________
*** CID 1506208: Memory - corruptions (OVERRUN)
/tester/covoar/GcovData.cc: 132 in Gcov::GcovData::writeGcdaFile()()
126 //Form preamble
127 preamble.magic = GCDA_MAGIC;
128 preamble.version = gcnoPreamble.version;
129 preamble.timestamp = gcnoPreamble.timestamp;
130
131 //Write preamble
>>> CID 1506208: Memory - corruptions (OVERRUN)
>>> Overrunning struct type _ZN4Gcov13gcov_preambleE of 12 bytes by passing it to a function which accesses it at byte offset 47 using argument "48L".
132 gcdaFile.write( (char *) &preamble , 4 * sizeof( preamble ) );
133 if ( gcdaFile.fail() ) {
134 std::cerr << "Error while writing gcda preamble to a file "
135 << gcdaFileName << std::endl;
136 }
137
** CID 1506207: Memory - illegal accesses (BUFFER_SIZE)
/tester/covoar/TraceWriterQEMU.cc: 109 in Trace::TraceWriterQEMU::writeFile(const char *, Trace::TraceReaderBase *, bool)()
________________________________________________________________________________________________________
*** CID 1506207: Memory - illegal accesses (BUFFER_SIZE)
/tester/covoar/TraceWriterQEMU.cc: 109 in Trace::TraceWriterQEMU::writeFile(const char *, Trace::TraceReaderBase *, bool)()
103 return false;
104 }
105
106 //
107 // Write the Header to the file
108 //
>>> CID 1506207: Memory - illegal accesses (BUFFER_SIZE)
>>> Calling "strncpy" with a source string whose length (12 chars) is greater than or equal to the size argument (12) will fail to null-terminate "header.magic".
109 strncpy( header.magic, QEMU_TRACE_MAGIC, sizeof(header.magic) );
110 header.version = QEMU_TRACE_VERSION;
111 header.kind = QEMU_TRACE_KIND_RAW; // XXX ??
112 header.sizeof_target_pc = 32;
113 header.big_endian = false;
114 header.machine[0] = 0; // XXX ??
** CID 1506206: Uninitialized members (UNINIT_CTOR)
/tester/covoar/GcovData.cc: 26 in Gcov::GcovData::GcovData(Coverage::DesiredSymbols &)()
________________________________________________________________________________________________________
*** CID 1506206: Uninitialized members (UNINIT_CTOR)
/tester/covoar/GcovData.cc: 26 in Gcov::GcovData::GcovData(Coverage::DesiredSymbols &)()
20 namespace Gcov {
21
22 GcovData::GcovData( Coverage::DesiredSymbols& symbolsToAnalyze ):
23 numberOfFunctions( 0 ),
24 symbolsToAnalyze_m( symbolsToAnalyze )
25 {
>>> CID 1506206: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "gcnoPreamble.timestamp" is not initialized in this constructor nor in any functions that it calls.
26 }
27
28 GcovData::~GcovData()
29 {
30 }
31
** CID 1506205: API usage errors (STREAM_FORMAT_STATE)
/tester/covoar/GcovFunctionData.cc: 372 in Gcov::GcovFunctionData::printBlockInfo(std::basic_ofstream<char, std::char_traits<char>> &, std::_List_iterator<Gcov::gcov_block_info>)()
________________________________________________________________________________________________________
*** CID 1506205: API usage errors (STREAM_FORMAT_STATE)
/tester/covoar/GcovFunctionData.cc: 372 in Gcov::GcovFunctionData::printBlockInfo(std::basic_ofstream<char, std::char_traits<char>> &, std::_List_iterator<Gcov::gcov_block_info>)()
366 if ( !block->lines.empty() )
367 for ( line = block->lines.begin(); line != block->lines.end(); line++ ) {
368 textFile << *line << ", ";
369 }
370
371 textFile << std::endl;
>>> CID 1506205: API usage errors (STREAM_FORMAT_STATE)
>>> Changing format state of stream "textFile" for category basefield without later restoring it.
372 }
373
374 bool GcovFunctionData::processFunctionCounters( void ) {
375
376 uint32_t baseAddress = 0;
377 uint32_t currentAddress = 0;
** CID 1506204: Uninitialized variables (UNINIT)
/tester/covoar/TraceWriterQEMU.cc: 116 in Trace::TraceWriterQEMU::writeFile(const char *, Trace::TraceReaderBase *, bool)()
________________________________________________________________________________________________________
*** CID 1506204: Uninitialized variables (UNINIT)
/tester/covoar/TraceWriterQEMU.cc: 116 in Trace::TraceWriterQEMU::writeFile(const char *, Trace::TraceReaderBase *, bool)()
110 header.version = QEMU_TRACE_VERSION;
111 header.kind = QEMU_TRACE_KIND_RAW; // XXX ??
112 header.sizeof_target_pc = 32;
113 header.big_endian = false;
114 header.machine[0] = 0; // XXX ??
115 header.machine[1] = 0; // XXX ??
>>> CID 1506204: Uninitialized variables (UNINIT)
>>> Using uninitialized value "header". Field "header._pad" is uninitialized when calling "fwrite".
116 status = ::fwrite( &header, sizeof(trace_header), 1, traceFile );
117 if (status != 1) {
118 std::cerr << "Unable to write header to " << file << std::endl;
119 ::fclose( traceFile );
120 return false;
121 }
** CID 1506203: Memory - illegal accesses (STRING_NULL)
/tester/covoar/TraceWriterQEMU.cc: 124 in Trace::TraceWriterQEMU::writeFile(const char *, Trace::TraceReaderBase *, bool)()
________________________________________________________________________________________________________
*** CID 1506203: Memory - illegal accesses (STRING_NULL)
/tester/covoar/TraceWriterQEMU.cc: 124 in Trace::TraceWriterQEMU::writeFile(const char *, Trace::TraceReaderBase *, bool)()
118 std::cerr << "Unable to write header to " << file << std::endl;
119 ::fclose( traceFile );
120 return false;
121 }
122
123 if (verbose)
>>> CID 1506203: Memory - illegal accesses (STRING_NULL)
>>> Passing unterminated string "header.magic" to "operator <<", which expects a null-terminated string. [Note: The source code implementation of the function has been overridden by a builtin model.]
124 std::cerr << "magic = " << header.magic << std::endl
125 << "version = " << header.version << std::endl
126 << "kind = " << header.kind << std::endl
127 << "sizeof_target_pc = " << header.sizeof_target_pc << std::endl
128 << "big_endian = " << header.big_endian << std::endl
129 << std::hex << std::setfill('0')
** CID 1506202: API usage errors (STREAM_FORMAT_STATE)
/tester/covoar/GcovData.cc: 410 in Gcov::GcovData::readFilePreamble(Gcov::gcov_preamble *, std::basic_ifstream<char, std::char_traits<char>> &, unsigned int)()
________________________________________________________________________________________________________
*** CID 1506202: API usage errors (STREAM_FORMAT_STATE)
/tester/covoar/GcovData.cc: 410 in Gcov::GcovData::readFilePreamble(Gcov::gcov_preamble *, std::basic_ifstream<char, std::char_traits<char>> &, unsigned int)()
404 }
405
406 if ( preamble->magic != GCNO_MAGIC ) {
407 std::cerr << "File is not a valid *.gcno output (magic: 0x"
408 << std::hex << std::setw( 4 ) << preamble->magic
409 << ")" << std::endl;
>>> CID 1506202: API usage errors (STREAM_FORMAT_STATE)
>>> Changing format state of stream "std::cerr" for category basefield without later restoring it.
410 return -1;
411 }
412
413 return length / 4;
414 }
415
** CID 1506201: Security best practices violations (TOCTOU)
/tester/covoar/TraceReaderLogQEMU.cc: 109 in Trace::TraceReaderLogQEMU::processFile(const char *, Coverage::ObjdumpProcessor &)()
________________________________________________________________________________________________________
*** CID 1506201: Security best practices violations (TOCTOU)
/tester/covoar/TraceReaderLogQEMU.cc: 109 in Trace::TraceReaderLogQEMU::processFile(const char *, Coverage::ObjdumpProcessor &)()
103 char inputBuffer[MAX_LINE_LENGTH];
104
105 //
106 // Verify that the log file has a non-zero size.
107 //
108 // NOTE: We prefer stat64 because some of the coverage files are HUGE!
>>> CID 1506201: Security best practices violations (TOCTOU)
>>> Calling function "stat" to perform check on "file".
109 status = STAT( file, &statbuf );
110 if (status == -1) {
111 fprintf( stderr, "Unable to stat %s\n", file );
112 return false;
113 }
114
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQi8c7-2B1U0roIV5G3HXifs2odF2CS2aZ-2FK5CtfMSQ5p34-3DSJO7_EU3W9teASMK00lBXX9WT4lsogDrkCcNZLvg-2FVxwAXMrfLSVh7XTO2wDB7bLcSBmaf0x2WqX7xBsNbn25nKmdtkp1a4ddb6pVZkYTsp2IeuN9Q9q6fEkKnH0rHZF3NELOM5MNi7oCQamA6rIC-2B3YKyC6KSfH4FxzEVC4-2FteKZ8pfsSh2qw196fHH57Y8G16lmrItMXlh-2FFJVa2UY-2Bko2W4g-3D-3D
More information about the build
mailing list