New Defects reported by Coverity Scan for RTEMS-Tools
scan-admin at coverity.com
scan-admin at coverity.com
Mon Aug 29 22:14:28 UTC 2022
Hi,
Please find the latest report on new defect(s) introduced to RTEMS-Tools found with Coverity Scan.
11 new defect(s) introduced to RTEMS-Tools found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1521908: Memory - illegal accesses (STRING_NULL)
________________________________________________________________________________________________________
*** CID 1521908: Memory - illegal accesses (STRING_NULL)
/rtemstoolkit/SimpleIni.h: 1377 in CSimpleIniTempl<char, SI_GenericCase<char>, SI_ConvertA<char>>::LoadFile(_IO_FILE *)()
1371 if (uRead != (size_t) lSize) {
1372 delete[] pData;
1373 return SI_FILE;
1374 }
1375
1376 // convert the raw data to unicode
>>> CID 1521908: Memory - illegal accesses (STRING_NULL)
>>> Calling "LoadData" with the input string "pData", which is greater than or equal to "uRead" in length, or not null-terminated.
1377 SI_Error rc = LoadData(pData, uRead);
1378 delete[] pData;
1379 return rc;
1380 }
1381
1382 template<class SI_CHAR, class SI_STRLESS, class SI_CONVERTER>
** CID 1521907: Memory - illegal accesses (STRING_NULL)
________________________________________________________________________________________________________
*** CID 1521907: Memory - illegal accesses (STRING_NULL)
/rtemstoolkit/libiberty/cplus-dem.c: 2962 in demangle_prefix()
2956 {
2957 /* No separator (I.E. "__not_mangled"), or empty signature
2958 (I.E. "__not_mangled_either__") */
2959 success = 0;
2960 }
2961 else
>>> CID 1521907: Memory - illegal accesses (STRING_NULL)
>>> Passing unterminated string "declp->b" to "iterate_demangle_function", which expects a null-terminated string.
2962 return iterate_demangle_function (work, mangled, declp, scan);
2963 }
2964 }
2965 else if (*(scan + 2) != '\0')
2966 {
2967 /* Mangled name does not start with "__" but does have one somewhere
** CID 1521906: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 418 in _dwarf_decode_sleb128()
________________________________________________________________________________________________________
*** CID 1521906: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 418 in _dwarf_decode_sleb128()
412 int shift = 0;
413
414 uint8_t *src = *dp;
415
416 do {
417 b = *src++;
>>> CID 1521906: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "int64_t" (64 bits, signed).
418 ret |= ((b & 0x7f) << shift);
419 shift += 7;
420 } while ((b & 0x80) != 0);
421
422 if (shift < 64 && (b & 0x40) != 0)
423 ret |= (-1 << shift);
** CID 1521905: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1521905: Insecure data handling (TAINTED_SCALAR)
/rtemstoolkit/rld-elf.cpp: 574 in rld::elf::file::begin(const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, int, bool, rld::elf::file*, long)()
568 writable = writable_;
569 elf_ = elf__;
570
571 if (!archive && !writable)
572 {
573 load_header ();
>>> CID 1521905: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "this->ehdr" to "load_sections", which uses it as a loop boundary.
574 load_sections ();
575 }
576 }
577
578 void
579 file::end ()
** CID 1521904: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 423 in _dwarf_decode_sleb128()
________________________________________________________________________________________________________
*** CID 1521904: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 423 in _dwarf_decode_sleb128()
417 b = *src++;
418 ret |= ((b & 0x7f) << shift);
419 shift += 7;
420 } while ((b & 0x80) != 0);
421
422 if (shift < 64 && (b & 0x40) != 0)
>>> CID 1521904: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "0xffffffffffffffff << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "int64_t" (64 bits, signed).
423 ret |= (-1 << shift);
424
425 *dp = src;
426
427 return (ret);
428 }
** CID 1521903: Performance inefficiencies (AUTO_CAUSES_COPY)
/tester/covoar/CoverageMapBase.cc: 217 in Coverage::CoverageMapBase::getRange(unsigned int, Coverage::AddressRange &) const()
________________________________________________________________________________________________________
*** CID 1521903: Performance inefficiencies (AUTO_CAUSES_COPY)
/tester/covoar/CoverageMapBase.cc: 217 in Coverage::CoverageMapBase::getRange(unsigned int, Coverage::AddressRange &) const()
211 {
212 return Ranges.at( index ).lowAddress;
213 }
214
215 bool CoverageMapBase::getRange( uint32_t address, AddressRange& range ) const
216 {
>>> CID 1521903: Performance inefficiencies (AUTO_CAUSES_COPY)
>>> Using the "auto" keyword without an "&" causes the copy of an object of type AddressRange.
217 for ( auto r : Ranges ) {
218 if ( r.inside( address ) ) {
219 range.lowAddress = r.lowAddress;
220 range.highAddress = r.highAddress;
221 range.info = r.info;
222 return true;
** CID 1521902: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 287 in _dwarf_read_sleb128()
________________________________________________________________________________________________________
*** CID 1521902: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 287 in _dwarf_read_sleb128()
281 uint8_t *src;
282
283 src = data + *offsetp;
284
285 do {
286 b = *src++;
>>> CID 1521902: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "int64_t" (64 bits, signed).
287 ret |= ((b & 0x7f) << shift);
288 (*offsetp)++;
289 shift += 7;
290 } while ((b & 0x80) != 0);
291
292 if (shift < 64 && (b & 0x40) != 0)
** CID 1521901: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 293 in _dwarf_read_sleb128()
________________________________________________________________________________________________________
*** CID 1521901: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 293 in _dwarf_read_sleb128()
287 ret |= ((b & 0x7f) << shift);
288 (*offsetp)++;
289 shift += 7;
290 } while ((b & 0x80) != 0);
291
292 if (shift < 64 && (b & 0x40) != 0)
>>> CID 1521901: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "0xffffffffffffffff << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "int64_t" (64 bits, signed).
293 ret |= (-1 << shift);
294
295 return (ret);
296 }
297
298 int
** CID 1521900: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 356 in _dwarf_read_uleb128()
________________________________________________________________________________________________________
*** CID 1521900: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 356 in _dwarf_read_uleb128()
350 uint8_t *src;
351
352 src = data + *offsetp;
353
354 do {
355 b = *src++;
>>> CID 1521900: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
356 ret |= ((b & 0x7f) << shift);
357 (*offsetp)++;
358 shift += 7;
359 } while ((b & 0x80) != 0);
360
361 return (ret);
** CID 1521899: Memory - corruptions (OVERRUN)
/trace/record/record-main-lttng.cc: 455 in LTTNGClient::AddThreadName(PerCPUContext *, const ClientItem &)()
________________________________________________________________________________________________________
*** CID 1521899: Memory - corruptions (OVERRUN)
/trace/record/record-main-lttng.cc: 455 in LTTNGClient::AddThreadName(PerCPUContext *, const ClientItem &)()
449
450 uint32_t obj_index = GetObjIndexOfID(pcpu->thread_id);
451 uint64_t name = item.data;
452 size_t i;
453 for (i = pcpu->thread_name_index; i < pcpu->thread_name_index + data_size();
454 ++i) {
>>> CID 1521899: Memory - corruptions (OVERRUN)
>>> Overrunning array "this->thread_names_[api_index][obj_index]" of 3145728 bytes at byte offset 3145728 using index "i" (which evaluates to 16).
455 thread_names_[api_index][obj_index][i] = static_cast<uint8_t>(name);
456 name >>= BITS_PER_CHAR;
457 }
458
459 pcpu->thread_name_index = i;
460 }
** CID 1521898: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 441 in _dwarf_decode_uleb128()
________________________________________________________________________________________________________
*** CID 1521898: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 441 in _dwarf_decode_uleb128()
435 int shift = 0;
436
437 uint8_t *src = *dp;
438
439 do {
440 b = *src++;
>>> CID 1521898: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned).
441 ret |= ((b & 0x7f) << shift);
442 shift += 7;
443 } while ((b & 0x80) != 0);
444
445 *dp = src;
446
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQi8c7-2B1U0roIV5G3HXifs2odF2CS2aZ-2FK5CtfMSQ5p34-3Di40a_EU3W9teASMK00lBXX9WT4lsogDrkCcNZLvg-2FVxwAXMqYSr2H-2B3FWWHHHr8XYsC-2F-2BZgnxSb8S17Hi2abB2u1FO28CEj4PnPda6Zcr-2FzvW0cB5Kj0Z7426TbU5j1PiFTqUQtoJbhFTOBkPmKflzp5OcQIFVK6Ugo6v5clPrI3pel3sbhH3hloWzOMVb0MAgTLnoc23-2BjIozJJZ1-2FKJTxUc5w-3D-3D
More information about the build
mailing list