Warnings in xz

Joel Sherrill joel at rtems.org
Fri Mar 10 15:10:59 UTC 2017


And to pile on... Coverity thinks there is an out of bounds write in
xz_dec_lzma2.c:

https://scan5.coverity.com/reports.htm#v29808/p10069/fileInstanceId=108959059&defectInstanceId=30877313&mergedDefectId=711586

779         * All probabilities are initialized to the same value. This hack
 780         * makes the code smaller by avoiding a separate loop for each
 781         * probability array.
 782         *
 783         * This could be optimized so that only that part of literal
 784         * probabilities that are actually required. In the common case
 785         * we would write 12 KiB less.
 786         */
    1. alias: Assigning: probs = s->lzma.is_match[0]. probs now points to
element 0 of s->lzma.is_match (which consists of 192 2-byte elements).
 787        probs = s->lzma.is_match[0];
    2. Condition i < 14134U /* 1846 + (1 << 4) * 768 */, taking true branch.
    4. Condition i < 14134U /* 1846 + (1 << 4) * 768 */, taking true branch.
    5. cond_at_most: Checking i < 14134U implies that i may be up to 14133
on the true branch.
 788        for (i = 0; i < PROBS_TOTAL; ++i)
    3. Jumping back to the beginning of the loop.

CID 711586 (#1 of 1): Out-of-bounds write (OVERRUN)
6. overrun-local: Overrunning array of 192 2-byte elements at element index
14133 (byte offset 28266) by dereferencing pointer probs + i.
 789                probs[i] = RC_BIT_MODEL_TOTAL / 2;
 790


On Fri, Mar 10, 2017 at 3:41 AM, Sebastian Huber <
sebastian.huber at embedded-brains.de> wrote:

> Just for reference:
>
> https://devel.rtems.org/ticket/2909
>
> --
> Sebastian Huber, embedded brains GmbH
>
> Address : Dornierstr. 4, D-82178 Puchheim, Germany
> Phone   : +49 89 189 47 41-16
> Fax     : +49 89 189 47 41-09
> E-Mail  : sebastian.huber at embedded-brains.de
> PGP     : Public key available on request.
>
> Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20170310/4fff4252/attachment-0002.html>


More information about the devel mailing list