New Defects reported by Coverity Scan for RTEMS
scan-admin at coverity.com
scan-admin at coverity.com
Mon Oct 20 11:32:38 UTC 2025
Hi,
Please find the latest report on new defect(s) introduced to RTEMS found with Coverity Scan.
38 new defect(s) introduced to RTEMS found with Coverity Scan.
92 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 38 defect(s)
** CID 1667296: Memory - illegal accesses (UNINIT)
/cpukit/libfs/src/dosfs/msdos_format.c: 110 in msdos_format_printf()
_____________________________________________________________________________________________
*** CID 1667296: Memory - illegal accesses (UNINIT)
/cpukit/libfs/src/dosfs/msdos_format.c: 110 in msdos_format_printf()
104 static void
105 msdos_format_printf (const msdos_format_request_param_t *rqdata,
106 int info_level,
107 const char *format, ...)
108 {
109 va_list args;
>>> CID 1667296: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "args" when calling "__builtin_c23_va_start".
110 va_start (args, format);
111 if (rqdata != NULL && rqdata->info_level >= info_level)
112 {
113 vfprintf (stdout, format, args);
114 fflush (stdout);
115 }
** CID 1667295: Memory - illegal accesses (UNINIT)
/cpukit/sapi/src/panic.c: 31 in rtems_panic()
_____________________________________________________________________________________________
*** CID 1667295: Memory - illegal accesses (UNINIT)
/cpukit/sapi/src/panic.c: 31 in rtems_panic()
25 #include <stdarg.h>
26
27 void rtems_panic( const char *fmt, ... )
28 {
29 va_list ap;
30
>>> CID 1667295: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ap" when calling "__builtin_c23_va_start".
31 va_start( ap, fmt );
32 vprintk( fmt, ap );
33 va_end( ap);
34
35 _Terminate( RTEMS_FATAL_SOURCE_PANIC, (Internal_errors_t) fmt );
** CID 1667294: Memory - illegal accesses (UNINIT)
/cpukit/libfs/src/ftpfs/ftpfs.c: 201 in rtems_ftpfs_do_ioctl()
_____________________________________________________________________________________________
*** CID 1667294: Memory - illegal accesses (UNINIT)
/cpukit/libfs/src/ftpfs/ftpfs.c: 201 in rtems_ftpfs_do_ioctl()
195
196 fd = open(mount_point, O_RDWR);
197 if (fd < 0) {
198 return RTEMS_INVALID_NAME;
199 }
200
>>> CID 1667294: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ap" when calling "__builtin_c23_va_start".
201 va_start(ap, req);
202 rv = ioctl(fd, req, va_arg(ap, void *));
203 va_end(ap);
204 if (rv != 0) {
205 sc = RTEMS_INVALID_NUMBER;
206 }
** CID 1667293: Concurrent data access violations (MISSING_LOCK)
/cpukit/posix/src/aio_suspend.c: 60 in aio_suspend()
_____________________________________________________________________________________________
*** CID 1667293: Concurrent data access violations (MISSING_LOCK)
/cpukit/posix/src/aio_suspend.c: 60 in aio_suspend()
54 const struct aiocb * const list[],
55 int nent,
56 const struct timespec *timeout
57 )
58 {
59 rtems_chain_control *idle_req_chain = &aio_request_queue.idle_req;
>>> CID 1667293: Concurrent data access violations (MISSING_LOCK)
>>> Accessing "aio_request_queue.work_req" without holding lock "rtems_aio_queue.mutex". Elsewhere, "rtems_aio_queue.work_req" is written to with "rtems_aio_queue.mutex" held 1 out of 1 times.
60 rtems_chain_control *work_req_chain = &aio_request_queue.work_req;
61 rtems_aio_suspendcb *suspendcbp;
62 rtems_aio_request_chain *r_chain;
63 rtems_aio_request *request;
64 rtems_event_set event_out;
65 int result, op_num, i;
** CID 1667292: Memory - illegal accesses (UNINIT)
/cpukit/libfs/src/dosfs/fat_file.c: 903 in fat_file_ioctl()
_____________________________________________________________________________________________
*** CID 1667292: Memory - illegal accesses (UNINIT)
/cpukit/libfs/src/dosfs/fat_file.c: 903 in fat_file_ioctl()
897 uint32_t cur_cln = 0;
898 uint32_t cl_start = 0;
899 uint32_t pos = 0;
900 uint32_t *ret;
901 va_list ap;
902
>>> CID 1667292: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ap" when calling "__builtin_c23_va_start".
903 va_start(ap, cmd);
904
905 switch (cmd)
906 {
907 case F_CLU_NUM:
908 pos = va_arg(ap, uint32_t);
** CID 1667291: Memory - illegal accesses (UNINIT)
/cpukit/libtest/testwrappers.c: 45 in __wrap_printf()
_____________________________________________________________________________________________
*** CID 1667291: Memory - illegal accesses (UNINIT)
/cpukit/libtest/testwrappers.c: 45 in __wrap_printf()
39 const char* format,
40 ...
41 )
42 {
43 va_list ap;
44 int len;
>>> CID 1667291: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ap" when calling "__builtin_c23_va_start".
45 va_start(ap, format);
46 len = rtems_vprintf(
47 &rtems_test_printer,
48 format,
49 ap
50 );
** CID 1667290: Memory - illegal accesses (UNINIT)
/cpukit/libcsupport/src/fcntl.c: 250 in fcntl()
_____________________________________________________________________________________________
*** CID 1667290: Memory - illegal accesses (UNINIT)
/cpukit/libcsupport/src/fcntl.c: 250 in fcntl()
244 int cmd,
245 ...
246 )
247 {
248 int ret;
249 va_list ap;
>>> CID 1667290: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ap" when calling "__builtin_c23_va_start".
250 va_start( ap, cmd );
251 ret = vfcntl(fd,cmd,ap);
252 va_end(ap);
253 return ret;
254 }
255
** CID 1667289: Memory - illegal accesses (UNINIT)
/cpukit/libfs/src/jffs2/include/linux/kernel-rtems.h: 52 in jffs2_printk()
_____________________________________________________________________________________________
*** CID 1667289: Memory - illegal accesses (UNINIT)
/cpukit/libfs/src/jffs2/include/linux/kernel-rtems.h: 52 in jffs2_printk()
46 * Provide a private printk to avoid all the formatting warnings in the JFFS2 code.
47 */
48 static inline int jffs2_printk(const char* fmt, ...)
49 {
50 va_list ap;
51 int r;
>>> CID 1667289: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ap" when calling "__builtin_c23_va_start".
52 va_start(ap, fmt);
53 r = vprintk(fmt, ap);
54 va_end(ap);
55 return r;
56 }
57
58 #undef printk
59 #define printk jffs2_printk
60
** CID 1667288: Memory - illegal accesses (UNINIT)
/cpukit/libmisc/shell/err.c: 61 in rtems_shell_err()
_____________________________________________________________________________________________
*** CID 1667288: Memory - illegal accesses (UNINIT)
/cpukit/libmisc/shell/err.c: 61 in rtems_shell_err()
55
56 __dead void
57 err(jmp_buf* exit_jmp, int eval, const char *fmt, ...)
58 {
59 va_list ap;
60
>>> CID 1667288: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ap" when calling "__builtin_c23_va_start".
61 va_start(ap, fmt);
62 verr(exit_jmp, eval, fmt, ap);
63 va_end(ap);
** CID 1667287: Memory - illegal accesses (UNINIT)
/cpukit/libblock/src/flashdisk.c: 346 in rtems_fdisk_warning()
_____________________________________________________________________________________________
*** CID 1667287: Memory - illegal accesses (UNINIT)
/cpukit/libblock/src/flashdisk.c: 346 in rtems_fdisk_warning()
340 rtems_fdisk_warning (const rtems_flashdisk* fd, const char *format, ...)
341 {
342 int ret = 0;
343 if (fd->info_level >= 1)
344 {
345 va_list args;
>>> CID 1667287: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "args" when calling "__builtin_c23_va_start".
346 va_start (args, format);
347 fprintf (stdout, "fdisk:warning:");
348 ret = vfprintf (stdout, format, args);
349 fprintf (stdout, "\n");
350 fflush (stdout);
351 va_end (args);
** CID 1667286: Memory - illegal accesses (UNINIT)
/cpukit/libcsupport/src/printk.c: 38 in printk()
_____________________________________________________________________________________________
*** CID 1667286: Memory - illegal accesses (UNINIT)
/cpukit/libcsupport/src/printk.c: 38 in printk()
32 * Kernel printf function requiring minimal infrastructure.
33 */
34 int printk(const char *fmt, ...)
35 {
36 va_list ap; /* points to each unnamed argument in turn */
37 int len;
>>> CID 1667286: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ap" when calling "__builtin_c23_va_start".
38 va_start(ap, fmt); /* make ap point to 1st unnamed arg */
39 len = vprintk(fmt, ap);
40 va_end(ap); /* clean up when done */
41 return len;
** CID 1667285: Program hangs (ORDER_REVERSAL)
_____________________________________________________________________________________________
*** CID 1667285: Program hangs (ORDER_REVERSAL)
/cpukit/posix/src/aio_suspend.c: 131 in aio_suspend()
125
126 } else {
127 pthread_mutex_lock( &request->suspendcbp->mutex );
128 if ( request->suspendcbp->notified == AIO_SIGNALED ) {
129 pthread_mutex_unlock( &request->suspendcbp->mutex );
130
>>> CID 1667285: Program hangs (ORDER_REVERSAL)
>>> Calling "rtems_aio_update_suspendcbp" acquires lock "rtems_aio_suspendcb.mutex" while holding lock "rtems_aio_queue.mutex" (count: 1 / 2).
131 rtems_aio_update_suspendcbp( request->suspendcbp );
132 request->suspendcbp = suspendcbp;
133 suspendcbp->requests_left++;
134
135 } else{
136 pthread_mutex_unlock( &request->suspendcbp->mutex );
** CID 1667284: Memory - illegal accesses (UNINIT)
/cpukit/libcsupport/src/error.c: 112 in rtems_error()
_____________________________________________________________________________________________
*** CID 1667284: Memory - illegal accesses (UNINIT)
/cpukit/libcsupport/src/error.c: 112 in rtems_error()
106 ...
107 )
108 {
109 va_list arglist;
110 int chars_written;
111
>>> CID 1667284: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "arglist" when calling "__builtin_c23_va_start".
112 va_start(arglist, printf_format);
113 chars_written = rtems_verror(error_flag, printf_format, arglist);
114 va_end(arglist);
115
116 if (error_flag & RTEMS_ERROR_PANIC) {
117 rtems_error(0, "fatal error, exiting");
** CID 1667283: Memory - illegal accesses (UNINIT)
/cpukit/libblock/src/nvdisk.c: 257 in rtems_nvdisk_error()
_____________________________________________________________________________________________
*** CID 1667283: Memory - illegal accesses (UNINIT)
/cpukit/libblock/src/nvdisk.c: 257 in rtems_nvdisk_error()
251 */
252 static int
253 rtems_nvdisk_error (const char *format, ...)
254 {
255 int ret;
256 va_list args;
>>> CID 1667283: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "args" when calling "__builtin_c23_va_start".
257 va_start (args, format);
258 fprintf (stderr, "nvdisk:error:");
259 ret = vfprintf (stderr, format, args);
260 fprintf (stderr, "\n");
261 fflush (stderr);
262 va_end (args);
** CID 1667282: API usage errors (VARARGS)
/cpukit/posix/src/mqueueopen.c: 186 in mq_open()
_____________________________________________________________________________________________
*** CID 1667282: API usage errors (VARARGS)
/cpukit/posix/src/mqueueopen.c: 186 in mq_open()
180 _POSIX_Get_by_name_error( error ),
181 MQ_OPEN_FAILED
182 );
183 }
184
185 va_start( ap, oflag );
>>> CID 1667282: API usage errors (VARARGS)
>>> Calling va_arg on va_list "ap", which has not been prepared with va_start().
186 va_arg( ap, mode_t );
187 attr = va_arg( ap, const struct mq_attr * );
188 va_end( ap );
189
190 if ( attr == NULL ) {
191 attr = &_POSIX_Message_queue_Default_attributes;
** CID 1667281: API usage errors (VARARGS)
/cpukit/libcsupport/src/open.c: 186 in open()
_____________________________________________________________________________________________
*** CID 1667281: API usage errors (VARARGS)
/cpukit/libcsupport/src/open.c: 186 in open()
180 va_list ap;
181 mode_t mode = 0;
182 rtems_libio_t *iop = NULL;
183
184 va_start( ap, oflag );
185
>>> CID 1667281: API usage errors (VARARGS)
>>> Calling va_arg on va_list "ap", which has not been prepared with va_start().
186 mode = va_arg( ap, mode_t );
187
188 iop = rtems_libio_allocate();
189 if ( iop != NULL ) {
190 rv = do_open( iop, path, oflag, mode );
191 if ( rv < 0 ) {
** CID 1667280: Memory - illegal accesses (UNINIT)
/cpukit/libmisc/shell/warnx.c: 61 in rtems_shell_warnx()
_____________________________________________________________________________________________
*** CID 1667280: Memory - illegal accesses (UNINIT)
/cpukit/libmisc/shell/warnx.c: 61 in rtems_shell_warnx()
55
56 void
57 warnx(const char *fmt, ...)
58 {
59 va_list ap;
60
>>> CID 1667280: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ap" when calling "__builtin_c23_va_start".
61 va_start(ap, fmt);
62 vwarnx(fmt, ap);
63 va_end(ap);
** CID 1667279: Memory - illegal accesses (UNINIT)
/cpukit/libmisc/shell/errx.c: 61 in rtems_shell_errx()
_____________________________________________________________________________________________
*** CID 1667279: Memory - illegal accesses (UNINIT)
/cpukit/libmisc/shell/errx.c: 61 in rtems_shell_errx()
55
56 __dead void
57 errx(jmp_buf* exit_jmp, int eval, const char *fmt, ...)
58 {
59 va_list ap;
60
>>> CID 1667279: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ap" when calling "__builtin_c23_va_start".
61 va_start(ap, fmt);
62 verrx(exit_jmp, eval, fmt, ap);
63 va_end(ap);
** CID 1667278: Memory - illegal accesses (UNINIT)
/cpukit/libtest/testprinter.c: 55 in rtems_test_printf()
_____________________________________________________________________________________________
*** CID 1667278: Memory - illegal accesses (UNINIT)
/cpukit/libtest/testprinter.c: 55 in rtems_test_printf()
49 const char* format,
50 ...
51 )
52 {
53 va_list ap;
54 int len;
>>> CID 1667278: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "ap" when calling "__builtin_c23_va_start".
55 va_start(ap, format);
56 len = rtems_vprintf(
57 &rtems_test_printer,
58 format,
59 ap
60 );
61 va_end(ap);
62 return len;
** CID 1667276: Memory - illegal accesses (UNINIT)
/cpukit/libblock/src/flashdisk.c: 285 in rtems_fdisk_printf()
_____________________________________________________________________________________________
*** CID 1667276: Memory - illegal accesses (UNINIT)
/cpukit/libblock/src/flashdisk.c: 285 in rtems_fdisk_printf()
279 rtems_fdisk_printf (const rtems_flashdisk* fd, const char *format, ...)
280 {
281 int ret = 0;
282 if (fd->info_level >= 3)
283 {
284 va_list args;
>>> CID 1667276: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "args" when calling "__builtin_c23_va_start".
285 va_start (args, format);
286 fprintf (stdout, "fdisk:");
287 ret = vfprintf (stdout, format, args);
288 fprintf (stdout, "\n");
289 fflush (stdout);
290 va_end (args);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/rtems?tab=overview
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/build/attachments/20251020/7c2e944a/attachment-0001.htm>
More information about the build
mailing list