New Defects reported by Coverity Scan for RTEMS

Wed Nov 23 07:15:13 UTC 2022

Hi,

Please find the latest report on new defect(s) introduced to RTEMS found with Coverity Scan.

3 new defect(s) introduced to RTEMS found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 1517031:  Insecure data handling  (TAINTED_SCALAR)

________________________________________________________________________________________________________
*** CID 1517031:  Insecure data handling  (TAINTED_SCALAR)
/cpukit/libmisc/shell/main_edit.c: 1992 in redraw_screen()
1986     
1987       ed->refresh = 1;
1988     }
1989     
1990     static void redraw_screen(struct editor *ed) {
1991       get_console_size(ed->env);
>>>     CID 1517031:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "ed->env" to "draw_screen", which uses it as a loop boundary.
1992       draw_screen(ed);
1993     }
1994     
1995     static int quit(struct env *env) {
1996       struct editor *ed = env->current;
1997       struct editor *start = ed;

** CID 1517030:  Incorrect expression  (UNUSED_VALUE)
/cpukit/libmisc/shell/main_edit.c: 759 in get_console_size()

________________________________________________________________________________________________________
*** CID 1517030:  Incorrect expression  (UNUSED_VALUE)
/cpukit/libmisc/shell/main_edit.c: 759 in get_console_size()
753       struct winsize ws;
754       ioctl(0, TIOCGWINSZ, &ws);
755       env->cols = ws.ws_col;
756       env->lines = ws.ws_row - 1;
757     #elif defined(__rtems__)
758       char* e;
>>>     CID 1517030:  Incorrect expression  (UNUSED_VALUE)
>>>     Assigning value "25" to "env->lines" here, but that stored value is overwritten before it can be used.
759       env->lines = 25;
760       env->lines = 80;
761       e = getenv("LINES");
762       if (e != NULL) {
763         int lines = strtol(e, 0, 10);
764         if (lines > 0) {

** CID 1517029:  Insecure data handling  (TAINTED_SCALAR)
/cpukit/libmisc/shell/main_edit.c: 780 in get_console_size()

________________________________________________________________________________________________________
*** CID 1517029:  Insecure data handling  (TAINTED_SCALAR)
/cpukit/libmisc/shell/main_edit.c: 780 in get_console_size()
774       }
775     #else
776       struct term *term = gettib()->proc->term;
777       env->cols = term->cols;
778       env->lines = term->lines - 1;
779     #endif
>>>     CID 1517029:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "env->cols + 32" to "realloc", which uses it as an allocation size. [Note: The source code implementation of the function has been overridden by a builtin model.]
780       env->linebuf = realloc(env->linebuf, env->cols + LINEBUF_EXTRA);
781     }
782     
783     static void outch(char c) {
784       putchar(c);
785     }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQ4-2B8hpujh0hTgQljRGId4Dg-3D-3DGr-Y_EU3W9teASMK00lBXX9WT4lsogDrkCcNZLvg-2FVxwAXMqwq-2FLY5UKW-2FhhinR3e3vpWzrDiUmhAIYAWGY8CAwDNQLbxoOK7jx4uEYuEA18jT8PboURbCG5RbwkKdUWqCHW6bgBCVvWsy6OOEx44VsgSb0-2BOSrEegH8zssvN9oWz11vOH8c4avf3tCzVLe01l2-2FFOCkw36P3laWsmnE2eaZUoA-3D-3D