New Defects reported by Coverity Scan for RTEMS
Joel Sherrill
joel at rtems.org
Thu Jul 15 15:10:39 UTC 2021
On Thu, Jul 15, 2021, 9:09 AM Gedare Bloom <gedare at rtems.org> wrote:
> I think we have been excluding testsuites. The setting appears to
> still be there:
> Tests */testsuites/* Ignored=Yes
>
> I think maybe the pattern needs to be updated to put a dot before each
> asterisk: .*/testsuites/.*
>
No idea why this broke after years though.
>
> However, these could probably be fixed mostly without trouble.
>
That's what I thought. At.keast one looked like a real bug.
--joel
> On Thu, Jul 15, 2021 at 7:24 AM Joel Sherrill <joel at rtems.org> wrote:
> >
> > I am not sure why these popped up now but some indicate logic errors
> > in the code cited.
> >
> > --joel
> >
> > ---------- Forwarded message ---------
> > From: <scan-admin at coverity.com>
> > Date: Thu, Jul 15, 2021 at 12:26 AM
> > Subject: New Defects reported by Coverity Scan for RTEMS
> > To: <build at rtems.org>
> >
> >
> > Hi,
> >
> > Please find the latest report on new defect(s) introduced to RTEMS
> > found with Coverity Scan.
> >
> > 9 new defect(s) introduced to RTEMS found with Coverity Scan.
> >
> >
> > New defect(s) Reported-by: Coverity Scan
> > Showing 9 of 9 defect(s)
> >
> >
> > ** CID 1468693: Insecure data handling (TAINTED_SCALAR)
> >
> >
> >
> ________________________________________________________________________________________________________
> > *** CID 1468693: Insecure data handling (TAINTED_SCALAR)
> > /testsuites/samples/fileio/init.c: 992 in fileio_read_file()
> > 986 */
> > 987 if (!failed) {
> > 988 printf("use suffix K for Kbytes, M for Mbytes or no suffix
> > for bytes:\n"
> > 989 "Enter block size to use for read calls ==>");
> > 990 fflush(stdout);
> > 991 fgets(tmp_str,sizeof(tmp_str)-1,stdin);
> > >>> CID 1468693: Insecure data handling (TAINTED_SCALAR)
> > >>> Passing tainted expression "tmp_str" to "fileio_str2size", which
> uses it as an offset.
> > 992 failed = fileio_str2size(tmp_str,&buf_size);
> > 993 if (failed) {
> > 994 printf("*** illegal block size, aborted\n");
> > 995 }
> > 996 }
> > 997
> >
> > ** CID 1468692: Integer handling issues (DIVIDE_BY_ZERO)
> > /testsuites/samples/fileio/init.c: 401 in create_ramdisk()
> >
> >
> >
> ________________________________________________________________________________________________________
> > *** CID 1468692: Integer handling issues (DIVIDE_BY_ZERO)
> > /testsuites/samples/fileio/init.c: 401 in create_ramdisk()
> > 395 printf ("error: invalid option: %s\n", argv[arg]);
> > 396 return 1;
> > 397 }
> > 398 }
> > 399 }
> > 400
> > >>> CID 1468692: Integer handling issues (DIVIDE_BY_ZERO)
> > >>> In expression "size / block_size", division by expression
> "block_size" which may be zero has undefined behavior.
> > 401 block_count = size / block_size;
> > 402
> > 403 /*
> > 404 * Register the RAM Disk driver.
> > 405 */
> > 406 printf ("Register RAM Disk Driver [blocks=%" PRIu32 \
> >
> > ** CID 1468691: Resource leaks (RESOURCE_LEAK)
> > /testsuites/samples/fileio/init.c: 209 in shell_nvdisk_erase()
> >
> >
> >
> ________________________________________________________________________________________________________
> > *** CID 1468691: Resource leaks (RESOURCE_LEAK)
> > /testsuites/samples/fileio/init.c: 209 in shell_nvdisk_erase()
> > 203 return 1;
> > 204 }
> > 205
> > 206 if (ioctl (fd, RTEMS_NVDISK_IOCTL_ERASE_DISK) < 0)
> > 207 {
> > 208 printf ("error: nvdisk driver erase failed: %s\n",
> > strerror (errno));
> > >>> CID 1468691: Resource leaks (RESOURCE_LEAK)
> > >>> Handle variable "fd" going out of scope leaks the handle.
> > 209 return 1;
> > 210 }
> > 211
> > 212 close (fd);
> > 213
> > 214 printf ("nvdisk erased successful\n");
> >
> > ** CID 1468689: (TAINTED_SCALAR)
> >
> >
> >
> ________________________________________________________________________________________________________
> > *** CID 1468689: (TAINTED_SCALAR)
> > /testsuites/samples/fileio/init.c: 846 in fileio_write_file()
> > 840 */
> > 841 if (!failed) {
> > 842 printf("use suffix K for Kbytes, M for Mbytes or no suffix
> > for bytes:\n"
> > 843 "Enter block size to use for write calls ==>");
> > 844 fflush(stdout);
> > 845 fgets(tmp_str,sizeof(tmp_str)-1,stdin);
> > >>> CID 1468689: (TAINTED_SCALAR)
> > >>> Passing tainted expression "tmp_str" to "fileio_str2size", which
> uses it as an offset.
> > 846 failed = fileio_str2size(tmp_str,&buf_size);
> > 847 if (failed) {
> > 848 printf("*** illegal block size, aborted\n");
> > 849 }
> > 850 }
> > 851
> > /testsuites/samples/fileio/init.c: 833 in fileio_write_file()
> > 827 */
> > 828 if (!failed) {
> > 829 printf("use suffix K for Kbytes, M for Mbytes or no suffix
> > for bytes:\n"
> > 830 "Enter filesize to write ==>");
> > 831 fflush(stdout);
> > 832 fgets(tmp_str,sizeof(tmp_str)-1,stdin);
> > >>> CID 1468689: (TAINTED_SCALAR)
> > >>> Passing tainted expression "tmp_str" to "fileio_str2size", which
> uses it as an offset.
> > 833 failed = fileio_str2size(tmp_str,&file_size);
> > 834 if (failed) {
> > 835 printf("*** illegal file size, aborted\n");
> > 836 }
> > 837 }
> > 838 /*
> >
> > ** CID 1468687: Incorrect expression (COPY_PASTE_ERROR)
> > /testsuites/samples/paranoia/paranoia.c: 584 in paranoia()
> >
> >
> >
> ________________________________________________________________________________________________________
> > *** CID 1468687: Incorrect expression (COPY_PASTE_ERROR)
> > /testsuites/samples/paranoia/paranoia.c: 584 in paranoia()
> > 578 Precision = Y;
> > 579 }
> > 580 if ((Precision != FLOOR (Precision)) || (Radix == One)) {
> > 581 printf ("Precision cannot be characterized by an
> > Integer number\n");
> > 582 printf ("of significant digits but, by itself, this is
> > a minor flaw.\n");
> > 583 }
> > >>> CID 1468687: Incorrect expression (COPY_PASTE_ERROR)
> > >>> "Radix" in "Radix == One" looks like a copy-paste error.
> > 584 if (Radix == One)
> > 585 printf ("logarithmic encoding has precision
> > characterized solely by U1.\n");
> > 586 else
> > 587 printf ("The number of significant digits of the Radix
> > is %f .\n",
> > 588 Precision);
> > 589 TstCond (Serious, U2 * Nine * Nine * TwoForty < One,
> >
> > ** CID 1468686: Control flow issues (DEADCODE)
> > /testsuites/samples/fileio/init.c: 392 in create_ramdisk()
> >
> >
> >
> ________________________________________________________________________________________________________
> > *** CID 1468686: Control flow issues (DEADCODE)
> > /testsuites/samples/fileio/init.c: 392 in create_ramdisk()
> > 386 {
> > 387 printf ("error: -b needs a size\n");
> > 388 return 1;
> > 389 }
> > 390 block_size = parse_size_arg (argv[arg]);
> > 391 if (size == 0)
> > >>> CID 1468686: Control flow issues (DEADCODE)
> > >>> Execution cannot reach this statement: "return 1;".
> > 392 return 1;
> > 393 break;
> > 394 default:
> > 395 printf ("error: invalid option: %s\n", argv[arg]);
> > 396 return 1;
> > 397 }
> >
> > ** CID 1468685: Resource leaks (RESOURCE_LEAK)
> > /testsuites/samples/fileio/init.c: 163 in shell_nvdisk_trace()
> >
> >
> >
> ________________________________________________________________________________________________________
> > *** CID 1468685: Resource leaks (RESOURCE_LEAK)
> > /testsuites/samples/fileio/init.c: 163 in shell_nvdisk_trace()
> > 157 return 1;
> > 158 }
> > 159
> > 160 if (ioctl (fd, RTEMS_NVDISK_IOCTL_INFO_LEVEL, level) < 0)
> > 161 {
> > 162 printf ("error: driver set level failed: %s\n", strerror
> (errno));
> > >>> CID 1468685: Resource leaks (RESOURCE_LEAK)
> > >>> Handle variable "fd" going out of scope leaks the handle.
> > 163 return 1;
> > 164 }
> > 165
> > 166 close (fd);
> > 167
> > 168 return 0;
> >
> > ** CID 1468679: Incorrect expression (NO_EFFECT)
> > /testsuites/samples/paranoia/paranoia.c: 1492 in paranoia()
> >
> >
> >
> ________________________________________________________________________________________________________
> > *** CID 1468679: Incorrect expression (NO_EFFECT)
> > /testsuites/samples/paranoia/paranoia.c: 1492 in paranoia()
> > 1486 printf ("print out as Q = %.17e, Y = %.17e .\n", Q, Y2);
> > 1487 printf ("|Q - Y| = %.17e .\n", FABS (Q - Y2));
> > 1488 UfThold = Q;
> > 1489 break;
> > 1490
> > 1491 case 3:
> > >>> CID 1468679: Incorrect expression (NO_EFFECT)
> > >>> Assigning "X" to itself has no effect.
> > 1492 X = X;
> > 1493 break;
> > 1494
> > 1495 case 4:
> > 1496 if ((Q == UfThold) && (E1 == E0)
> > 1497 && (FABS (UfThold - E1 / E9) <= E1)) {
> >
> > ** CID 1468677: Uninitialized variables (UNINIT)
> > /testsuites/samples/capture/test1.c: 78 in capture_CT1b()
> >
> >
> >
> ________________________________________________________________________________________________________
> > *** CID 1468677: Uninitialized variables (UNINIT)
> > /testsuites/samples/capture/test1.c: 78 in capture_CT1b()
> > 72 static void
> > 73 capture_CT1b (rtems_task_argument arg)
> > 74 {
> > 75 volatile int i;
> > 76
> > 77 while (!capture_CT1c_deleted)
> > >>> CID 1468677: Uninitialized variables (UNINIT)
> > >>> Using uninitialized value "i".
> > 78 i++;
> > 79
> > 80 capture_CT1b_deleted = 1;
> > 81
> > 82 rtems_task_exit();
> > 83 }
> >
> >
> >
> ________________________________________________________________________________________________________
> > To view the defects in Coverity Scan visit,
> >
> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQ4-2B8hpujh0hTgQljRGId4Dg-3D-3DhaSM_EU3W9teASMK00lBXX9WT4lsogDrkCcNZLvg-2FVxwAXMoyD0JEs4cQVPs7yModO9iS3KZmOTMtFerKpWJTESZ9XSy9bw2fNvjKFGKtVfArZIqrPcBx6KD5m2cYyPfuBRUlwl84oo0u5GaEKs-2FEiV5-2BOPirAYHmPdhb88irmeK9V0lU3GUWr0Z8zNQlCYoFZw1Rqng5dhEax-2FWHTiswmaiSJQ-3D-3D
> >
> > _______________________________________________
> > build mailing list
> > build at rtems.org
> > http://lists.rtems.org/mailman/listinfo/build
> > _______________________________________________
> > devel mailing list
> > devel at rtems.org
> > http://lists.rtems.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20210715/66bb3710/attachment-0001.html>
More information about the devel
mailing list