Coverity untar Issue 1255358
Joel Sherrill
joel.sherrill at oarcorp.com
Tue Nov 25 19:51:59 UTC 2014
Hi
There are two Coverity Issues with untar.c but this one seems
especially odd to me.
My reading of the following code is that if the creat() of the
filename in the tar image fails, then the code reads the contents
of the tar image and throws it away to skip it.
What would be wrong with replacing the throw away read loop
with "lseek(fd, SEEK_CUR, 512 * nblocks)"?
339 /******************************************************************
340 * Read out the data. There are nblocks of data where nblocks
341 * is the size rounded to the nearest 512-byte boundary.
342 *****************************************************************/
343 nblocks = (((size) + 511) & ~511) / 512;
344
CID 26151: Use of untrusted string value (TAINTED_STRING) [select issue
<https://scan5.coverity.com:8443/defectInstanceId=19808182&fileInstanceId=64729753&mergedDefectId=26151>]
345 if ((out_fd = creat(fname, 0644)) == -1)
346 {
347 for (i=0; i<nblocks; i++)
348 {
CID 1255358 (#1 of 1): Unused value (UNUSED_VALUE)returned_value: Value
from read(fd, bufr, 512U) is assigned to n here, but that stored value
is not used before it is overwritten.
349 n = read(fd, bufr, 512);
350 }
351 }
352 else
353 {
354 for (i=0; i<nblocks; i++)
355 {
value_overwrite: Value from read(fd, bufr, 512U) is overwritten with
value from read(fd, bufr, 512U).
--
Joel Sherrill, Ph.D. Director of Research & Development
joel.sherrill at OARcorp.com On-Line Applications Research
Ask me about RTEMS: a free RTOS Huntsville AL 35805
Support Available (256) 722-9985
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20141125/87c16eea/attachment-0001.html>
More information about the devel
mailing list