New Defects reported by Coverity Scan for RTEMS
scan-admin at coverity.com
scan-admin at coverity.com
Tue Nov 11 04:12:34 UTC 2025
Hi,
Please find the latest report on new defect(s) introduced to RTEMS found with Coverity Scan.
10 new defect(s) introduced to RTEMS found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 1668653: (UNINIT)
_____________________________________________________________________________________________
*** CID 1668653: (UNINIT)
/cpukit/libfs/src/fatfs/ff.c: 4384 in f_getcwd()
4378
4379 /* Follow parent directories and create the path */
4380 i = len; /* Bottom of buffer (directory stack base) */
4381 if (!FF_FS_EXFAT || fs->fs_type != FS_EXFAT) { /* (Cannot do getcwd on exFAT and returns root path) */
4382 dj.obj.sclust = fs->cdir; /* Start to follow upper directory from current directory */
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.n_frag" when calling "dir_sdi".
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
4389 res = dir_sdi(&dj, 0);
/cpukit/libfs/src/fatfs/ff.c: 4389 in f_getcwd()
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.n_frag" when calling "dir_sdi".
4389 res = dir_sdi(&dj, 0);
4390 if (res != FR_OK) break;
4391 do { /* Find the entry links to the child directory */
4392 res = DIR_READ_FILE(&dj);
4393 if (res != FR_OK) break;
4394 if (ccl == ld_clust(fs, dj.dir)) break; /* Found the entry */
/cpukit/libfs/src/fatfs/ff.c: 4389 in f_getcwd()
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.objsize" when calling "dir_sdi".
4389 res = dir_sdi(&dj, 0);
4390 if (res != FR_OK) break;
4391 do { /* Find the entry links to the child directory */
4392 res = DIR_READ_FILE(&dj);
4393 if (res != FR_OK) break;
4394 if (ccl == ld_clust(fs, dj.dir)) break; /* Found the entry */
/cpukit/libfs/src/fatfs/ff.c: 4392 in f_getcwd()
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
4389 res = dir_sdi(&dj, 0);
4390 if (res != FR_OK) break;
4391 do { /* Find the entry links to the child directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.n_frag" when calling "dir_read".
4392 res = DIR_READ_FILE(&dj);
4393 if (res != FR_OK) break;
4394 if (ccl == ld_clust(fs, dj.dir)) break; /* Found the entry */
4395 res = dir_next(&dj, 0);
4396 } while (res == FR_OK);
4397 if (res == FR_NO_FILE) res = FR_INT_ERR;/* It cannot be 'not found'. */
/cpukit/libfs/src/fatfs/ff.c: 4384 in f_getcwd()
4378
4379 /* Follow parent directories and create the path */
4380 i = len; /* Bottom of buffer (directory stack base) */
4381 if (!FF_FS_EXFAT || fs->fs_type != FS_EXFAT) { /* (Cannot do getcwd on exFAT and returns root path) */
4382 dj.obj.sclust = fs->cdir; /* Start to follow upper directory from current directory */
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.objsize" when calling "dir_sdi".
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
4389 res = dir_sdi(&dj, 0);
/cpukit/libfs/src/fatfs/ff.c: 4389 in f_getcwd()
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.objsize" when calling "dir_sdi".
4389 res = dir_sdi(&dj, 0);
4390 if (res != FR_OK) break;
4391 do { /* Find the entry links to the child directory */
4392 res = DIR_READ_FILE(&dj);
4393 if (res != FR_OK) break;
4394 if (ccl == ld_clust(fs, dj.dir)) break; /* Found the entry */
/cpukit/libfs/src/fatfs/ff.c: 4384 in f_getcwd()
4378
4379 /* Follow parent directories and create the path */
4380 i = len; /* Bottom of buffer (directory stack base) */
4381 if (!FF_FS_EXFAT || fs->fs_type != FS_EXFAT) { /* (Cannot do getcwd on exFAT and returns root path) */
4382 dj.obj.sclust = fs->cdir; /* Start to follow upper directory from current directory */
4383 while ((ccl = dj.obj.sclust) != 0) { /* Repeat while current directory is a sub-directory */
>>> CID 1668653: (UNINIT)
>>> Using uninitialized value "dj.obj.objsize" when calling "dir_sdi".
4384 res = dir_sdi(&dj, 1 * SZDIRE); /* Get parent directory */
4385 if (res != FR_OK) break;
4386 res = move_window(fs, dj.sect);
4387 if (res != FR_OK) break;
4388 dj.obj.sclust = ld_clust(fs, dj.dir); /* Goto parent directory */
4389 res = dir_sdi(&dj, 0);
** CID 1668652: (UNINIT)
/cpukit/libfs/src/fatfs/ff.c: 5205 in f_rename()
/cpukit/libfs/src/fatfs/ff.c: 5227 in f_rename()
_____________________________________________________________________________________________
*** CID 1668652: (UNINIT)
/cpukit/libfs/src/fatfs/ff.c: 5205 in f_rename()
5199 #if FF_FS_EXFAT
5200 if (fs->fs_type == FS_EXFAT) { /* At exFAT volume */
5201 BYTE nf, nn;
5202 WORD nh;
5203
5204 memcpy(buf, fs->dirbuf, SZDIRE * 2); /* Save 85+C0 entry of old object */
>>> CID 1668652: (UNINIT)
>>> Using uninitialized value "djo". Field "djo.obj.id" is uninitialized when calling "memcpy".
5205 memcpy(&djn, &djo, sizeof djo);
5206 res = follow_path(&djn, path_new); /* Make sure if new object name is not in use */
5207 if (res == FR_OK) { /* Is new name already in use by any other object? */
5208 res = (djn.obj.sclust == djo.obj.sclust && djn.dptr == djo.dptr) ? FR_NO_FILE : FR_EXIST;
5209 }
5210 if (res == FR_NO_FILE) { /* It is a valid path and no name collision */
/cpukit/libfs/src/fatfs/ff.c: 5227 in f_rename()
5221 }
5222 }
5223 } else
5224 #endif
5225 { /* At FAT/FAT32 volume */
5226 memcpy(buf, djo.dir, SZDIRE); /* Save directory entry of the object */
>>> CID 1668652: (UNINIT)
>>> Using uninitialized value "djo". Field "djo.obj.id" is uninitialized when calling "memcpy".
5227 memcpy(&djn, &djo, sizeof (DIR)); /* Duplicate the directory object */
5228 res = follow_path(&djn, path_new); /* Make sure if new object name is not in use */
5229 if (res == FR_OK) { /* Is new name already in use by any other object? */
5230 res = (djn.obj.sclust == djo.obj.sclust && djn.dptr == djo.dptr) ? FR_NO_FILE : FR_EXIST;
5231 }
5232 if (res == FR_NO_FILE) { /* It is a valid path and no name collision */
** CID 1668651: Integer handling issues (SIGN_EXTENSION)
/cpukit/libfs/src/fatfs/rtems-fatfs.h: 184 in rtems_fatfs_filinfo_to_stat()
_____________________________________________________________________________________________
*** CID 1668651: Integer handling issues (SIGN_EXTENSION)
/cpukit/libfs/src/fatfs/rtems-fatfs.h: 184 in rtems_fatfs_filinfo_to_stat()
178 memset( st, 0, sizeof( *st ) );
179
180 while ( *name != '\0' ) {
181 inode_hash = ( inode_hash * 33 ) + (unsigned char) *name;
182 name++;
183 }
>>> CID 1668651: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "fno->fdate" with type "WORD" (16 bits, unsigned) is promoted in "fno->fdate << 16" to type "int" (32 bits, signed), then sign-extended to type "unsigned long long" (64 bits, unsigned). If "fno->fdate << 16" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
184 inode_hash ^= fno->fsize ^ ( fno->fdate << 16 ) ^ fno->ftime;
185
186 st->st_ino = ( inode_hash != 0 ) ? inode_hash : 1;
187 st->st_dev = 1;
188 st->st_size = (off_t) fno->fsize;
189 st->st_blksize = 512;
** CID 1668650: Control flow issues (DEADCODE)
/cpukit/libfs/src/fatfs/ff.c: 5901 in create_partition()
_____________________________________________________________________________________________
*** CID 1668650: Control flow issues (DEADCODE)
/cpukit/libfs/src/fatfs/ff.c: 5901 in create_partition()
5895 } else
5896 #endif
5897 { /* Create partitions in MBR format */
5898 sz_drv32 = (DWORD)sz_drv;
5899 n_sc = N_SEC_TRACK; /* Determine drive CHS without any consideration of the drive geometry */
5900 for (n_hd = 8; n_hd != 0 && sz_drv32 / n_hd / n_sc > 1024; n_hd *= 2) ;
>>> CID 1668650: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "n_hd = 255;".
5901 if (n_hd == 0) n_hd = 255; /* Number of heads needs to be <256 */
5902
5903 memset(buf, 0, FF_MAX_SS); /* Clear MBR */
5904 pte = buf + MBR_Table; /* Partition table in the MBR */
5905 for (i = 0, nxt_alloc32 = n_sc; i < 4 && nxt_alloc32 != 0 && nxt_alloc32 < sz_drv32; i++, nxt_alloc32 += sz_part32) {
5906 sz_part32 = (DWORD)plst[i]; /* Get partition size */
** CID 1668649: Error handling issues (CHECKED_RETURN)
/cpukit/libfs/src/fatfs/ff.c: 5184 in f_rename()
_____________________________________________________________________________________________
*** CID 1668649: Error handling issues (CHECKED_RETURN)
/cpukit/libfs/src/fatfs/ff.c: 5184 in f_rename()
5178 BYTE buf[FF_FS_EXFAT ? SZDIRE * 2 : SZDIRE], *dir;
5179 LBA_t sect;
5180 DEF_NAMBUF
5181
5182
5183 /* Snip the drive number of new name off */
>>> CID 1668649: Error handling issues (CHECKED_RETURN)
>>> Calling "get_ldnumber" without checking return value (as is done elsewhere 4 out of 5 times).
5184 get_ldnumber(&path_new);
5185
5186 /* Get logical drive of the old object */
5187 res = mount_volume(&path_old, &fs, FA_WRITE);
5188 if (res == FR_OK) {
5189 djo.obj.fs = fs;
** CID 1668648: (UNINIT)
_____________________________________________________________________________________________
*** CID 1668648: (UNINIT)
/cpukit/libfs/src/fatfs/ff.c: 4867 in f_getfree()
4861 } else {
4862 /* Scan FAT to obtain the correct free cluster count */
4863 nfree = 0;
4864 if (fs->fs_type == FS_FAT12) { /* FAT12: Scan bit field FAT entries */
4865 clst = 2; obj.fs = fs;
4866 do {
>>> CID 1668648: (UNINIT)
>>> Using uninitialized value "obj.n_frag" when calling "get_fat".
4867 stat = get_fat(&obj, clst);
4868 if (stat == 0xFFFFFFFF) {
4869 res = FR_DISK_ERR; break;
4870 }
4871 if (stat == 1) {
4872 res = FR_INT_ERR; break;
/cpukit/libfs/src/fatfs/ff.c: 4867 in f_getfree()
4861 } else {
4862 /* Scan FAT to obtain the correct free cluster count */
4863 nfree = 0;
4864 if (fs->fs_type == FS_FAT12) { /* FAT12: Scan bit field FAT entries */
4865 clst = 2; obj.fs = fs;
4866 do {
>>> CID 1668648: (UNINIT)
>>> Using uninitialized value "obj.stat" when calling "get_fat".
4867 stat = get_fat(&obj, clst);
4868 if (stat == 0xFFFFFFFF) {
4869 res = FR_DISK_ERR; break;
4870 }
4871 if (stat == 1) {
4872 res = FR_INT_ERR; break;
/cpukit/libfs/src/fatfs/ff.c: 4867 in f_getfree()
4861 } else {
4862 /* Scan FAT to obtain the correct free cluster count */
4863 nfree = 0;
4864 if (fs->fs_type == FS_FAT12) { /* FAT12: Scan bit field FAT entries */
4865 clst = 2; obj.fs = fs;
4866 do {
>>> CID 1668648: (UNINIT)
>>> Using uninitialized value "obj.stat" when calling "get_fat".
4867 stat = get_fat(&obj, clst);
4868 if (stat == 0xFFFFFFFF) {
4869 res = FR_DISK_ERR; break;
4870 }
4871 if (stat == 1) {
4872 res = FR_INT_ERR; break;
** CID 1668647: (UNINIT)
_____________________________________________________________________________________________
*** CID 1668647: (UNINIT)
/cpukit/libfs/src/fatfs/ff.c: 5048 in f_unlink()
5042 #if FF_FS_EXFAT
5043 if (fs->fs_type == FS_EXFAT) {
5044 sdj.obj.objsize = obj.objsize;
5045 sdj.obj.stat = obj.stat;
5046 }
5047 #endif
>>> CID 1668647: (UNINIT)
>>> Using uninitialized value "sdj.obj.n_frag" when calling "dir_sdi".
5048 res = dir_sdi(&sdj, 0);
5049 if (res == FR_OK) {
5050 res = DIR_READ_FILE(&sdj); /* Test if the directory is empty */
5051 if (res == FR_OK) res = FR_DENIED; /* Not empty? */
5052 if (res == FR_NO_FILE) res = FR_OK; /* Empty? */
5053 }
/cpukit/libfs/src/fatfs/ff.c: 5050 in f_unlink()
5044 sdj.obj.objsize = obj.objsize;
5045 sdj.obj.stat = obj.stat;
5046 }
5047 #endif
5048 res = dir_sdi(&sdj, 0);
5049 if (res == FR_OK) {
>>> CID 1668647: (UNINIT)
>>> Using uninitialized value "sdj.obj.n_frag" when calling "dir_read".
5050 res = DIR_READ_FILE(&sdj); /* Test if the directory is empty */
5051 if (res == FR_OK) res = FR_DENIED; /* Not empty? */
5052 if (res == FR_NO_FILE) res = FR_OK; /* Empty? */
5053 }
5054 }
5055 }
/cpukit/libfs/src/fatfs/ff.c: 5048 in f_unlink()
5042 #if FF_FS_EXFAT
5043 if (fs->fs_type == FS_EXFAT) {
5044 sdj.obj.objsize = obj.objsize;
5045 sdj.obj.stat = obj.stat;
5046 }
5047 #endif
>>> CID 1668647: (UNINIT)
>>> Using uninitialized value "sdj.obj.n_cont" when calling "dir_sdi".
5048 res = dir_sdi(&sdj, 0);
5049 if (res == FR_OK) {
5050 res = DIR_READ_FILE(&sdj); /* Test if the directory is empty */
5051 if (res == FR_OK) res = FR_DENIED; /* Not empty? */
5052 if (res == FR_NO_FILE) res = FR_OK; /* Empty? */
5053 }
/cpukit/libfs/src/fatfs/ff.c: 5048 in f_unlink()
5042 #if FF_FS_EXFAT
5043 if (fs->fs_type == FS_EXFAT) {
5044 sdj.obj.objsize = obj.objsize;
5045 sdj.obj.stat = obj.stat;
5046 }
5047 #endif
>>> CID 1668647: (UNINIT)
>>> Using uninitialized value "sdj.obj.objsize" when calling "dir_sdi".
5048 res = dir_sdi(&sdj, 0);
5049 if (res == FR_OK) {
5050 res = DIR_READ_FILE(&sdj); /* Test if the directory is empty */
5051 if (res == FR_OK) res = FR_DENIED; /* Not empty? */
5052 if (res == FR_NO_FILE) res = FR_OK; /* Empty? */
5053 }
** CID 1668646: Memory - corruptions (OVERRUN)
/cpukit/libfs/src/fatfs/ff.c: 2737 in get_fileinfo()
_____________________________________________________________________________________________
*** CID 1668646: Memory - corruptions (OVERRUN)
/cpukit/libfs/src/fatfs/ff.c: 2737 in get_fileinfo()
2731 nw = put_utf(wc, &fno->altname[di], FF_SFN_BUF - di); /* Store it in API encoding */
2732 if (nw == 0) { /* Buffer overflow? */
2733 di = 0; break;
2734 }
2735 di += nw;
2736 #else /* ANSI/OEM output */
>>> CID 1668646: Memory - corruptions (OVERRUN)
>>> Overrunning array "fno->altname" of 13 bytes at byte offset 13 using index "di++" (which evaluates to 13).
2737 fno->altname[di++] = (TCHAR)wc; /* Store it without any conversion */
2738 #endif
2739 }
2740 fno->altname[di] = 0; /* Terminate the SFN (null string means SFN is invalid) */
2741
2742 if (fno->fname[0] == 0) { /* If LFN is invalid, altname[] needs to be copied to fname[] */
** CID 1668645: Error handling issues (CHECKED_RETURN)
/cpukit/libfs/src/fatfs/ff.c: 5154 in f_mkdir()
_____________________________________________________________________________________________
*** CID 1668645: Error handling issues (CHECKED_RETURN)
/cpukit/libfs/src/fatfs/ff.c: 5154 in f_mkdir()
5148 fs->wflag = 1;
5149 }
5150 if (res == FR_OK) {
5151 res = sync_fs(fs);
5152 }
5153 } else {
>>> CID 1668645: Error handling issues (CHECKED_RETURN)
>>> Calling "remove_chain" without checking return value (as is done elsewhere 5 out of 6 times).
5154 remove_chain(&sobj, dcl, 0); /* Could not register, remove the allocated cluster */
5155 }
5156 }
5157 FREE_NAMBUF();
5158 }
5159
** CID 1668644: Integer handling issues (INTEGER_OVERFLOW)
/cpukit/libfs/src/fatfs/ff.c: 1216 in get_fat()
_____________________________________________________________________________________________
*** CID 1668644: Integer handling issues (INTEGER_OVERFLOW)
/cpukit/libfs/src/fatfs/ff.c: 1216 in get_fat()
1210 val = ld_32(fs->win + clst * 4 % SS(fs)) & 0x0FFFFFFF; /* Simple DWORD array but mask out upper 4 bits */
1211 break;
1212 #if FF_FS_EXFAT
1213 case FS_EXFAT :
1214 if ((obj->objsize != 0 && obj->sclust != 0) || obj->stat == 0) { /* Object except root dir must have valid data length */
1215 DWORD cofs = clst - obj->sclust; /* Offset from start cluster */
>>> CID 1668644: Integer handling issues (INTEGER_OVERFLOW)
>>> Expression "obj->objsize - 1ULL", where "obj->objsize" is known to be equal to 0, underflows the type of "obj->objsize - 1ULL", which is type "unsigned long long".
1216 DWORD clen = (DWORD)((LBA_t)((obj->objsize - 1) / SS(fs)) / fs->csize); /* Number of clusters - 1 */
1217
1218 if (obj->stat == 2 && cofs <= clen) { /* Is it a contiguous chain? */
1219 val = (cofs == clen) ? 0x7FFFFFFF : clst + 1; /* No data on the FAT, generate the value */
1220 break;
1221 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/rtems?tab=overview
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/build/attachments/20251111/7ca4bfce/attachment-0001.htm>
More information about the build
mailing list