Fwd: New Defects reported by Coverity Scan for RTEMS-Tools
Joel Sherrill
joel at rtems.org
Mon Aug 29 22:18:07 UTC 2022
I don't think this is due to a recent addition. I just upgraded to a new
version of the Coverity analysis tool.
Does anyone see a fix for this?
--joel
---------- Forwarded message ---------
From: <scan-admin at coverity.com>
Date: Mon, Aug 29, 2022 at 5:14 PM
Subject: New Defects reported by Coverity Scan for RTEMS-Tools
To: <joel.sherrill at gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to RTEMS-Tools
found with Coverity Scan.
11 new defect(s) introduced to RTEMS-Tools found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1521908: Memory - illegal accesses (STRING_NULL)
________________________________________________________________________________________________________
*** CID 1521908: Memory - illegal accesses (STRING_NULL)
/rtemstoolkit/SimpleIni.h: 1377 in CSimpleIniTempl<char,
SI_GenericCase<char>, SI_ConvertA<char>>::LoadFile(_IO_FILE *)()
1371 if (uRead != (size_t) lSize) {
1372 delete[] pData;
1373 return SI_FILE;
1374 }
1375
1376 // convert the raw data to unicode
>>> CID 1521908: Memory - illegal accesses (STRING_NULL)
>>> Calling "LoadData" with the input string "pData", which is greater
than or equal to "uRead" in length, or not null-terminated.
1377 SI_Error rc = LoadData(pData, uRead);
1378 delete[] pData;
1379 return rc;
1380 }
1381
1382 template<class SI_CHAR, class SI_STRLESS, class SI_CONVERTER>
** CID 1521907: Memory - illegal accesses (STRING_NULL)
________________________________________________________________________________________________________
*** CID 1521907: Memory - illegal accesses (STRING_NULL)
/rtemstoolkit/libiberty/cplus-dem.c: 2962 in demangle_prefix()
2956 {
2957 /* No separator (I.E. "__not_mangled"), or empty
signature
2958 (I.E. "__not_mangled_either__") */
2959 success = 0;
2960 }
2961 else
>>> CID 1521907: Memory - illegal accesses (STRING_NULL)
>>> Passing unterminated string "declp->b" to
"iterate_demangle_function", which expects a null-terminated string.
2962 return iterate_demangle_function (work, mangled, declp,
scan);
2963 }
2964 }
2965 else if (*(scan + 2) != '\0')
2966 {
2967 /* Mangled name does not start with "__" but does have one
somewhere
** CID 1521906: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 418 in
_dwarf_decode_sleb128()
________________________________________________________________________________________________________
*** CID 1521906: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 418 in
_dwarf_decode_sleb128()
412 int shift = 0;
413
414 uint8_t *src = *dp;
415
416 do {
417 b = *src++;
>>> CID 1521906: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type
"int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used
in a context that expects an expression of type "int64_t" (64 bits, signed).
418 ret |= ((b & 0x7f) << shift);
419 shift += 7;
420 } while ((b & 0x80) != 0);
421
422 if (shift < 64 && (b & 0x40) != 0)
423 ret |= (-1 << shift);
** CID 1521905: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1521905: Insecure data handling (TAINTED_SCALAR)
/rtemstoolkit/rld-elf.cpp: 574 in rld::elf::file::begin(const
std::basic_string<char, std::char_traits<char>, std::allocator<char>>&,
int, bool, rld::elf::file*, long)()
568 writable = writable_;
569 elf_ = elf__;
570
571 if (!archive && !writable)
572 {
573 load_header ();
>>> CID 1521905: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "this->ehdr" to "load_sections", which
uses it as a loop boundary.
574 load_sections ();
575 }
576 }
577
578 void
579 file::end ()
** CID 1521904: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 423 in
_dwarf_decode_sleb128()
________________________________________________________________________________________________________
*** CID 1521904: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 423 in
_dwarf_decode_sleb128()
417 b = *src++;
418 ret |= ((b & 0x7f) << shift);
419 shift += 7;
420 } while ((b & 0x80) != 0);
421
422 if (shift < 64 && (b & 0x40) != 0)
>>> CID 1521904: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "0xffffffffffffffff << shift"
with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and
then used in a context that expects an expression of type "int64_t" (64
bits, signed).
423 ret |= (-1 << shift);
424
425 *dp = src;
426
427 return (ret);
428 }
** CID 1521903: Performance inefficiencies (AUTO_CAUSES_COPY)
/tester/covoar/CoverageMapBase.cc: 217 in
Coverage::CoverageMapBase::getRange(unsigned int, Coverage::AddressRange &)
const()
________________________________________________________________________________________________________
*** CID 1521903: Performance inefficiencies (AUTO_CAUSES_COPY)
/tester/covoar/CoverageMapBase.cc: 217 in
Coverage::CoverageMapBase::getRange(unsigned int, Coverage::AddressRange &)
const()
211 {
212 return Ranges.at( index ).lowAddress;
213 }
214
215 bool CoverageMapBase::getRange( uint32_t address, AddressRange&
range ) const
216 {
>>> CID 1521903: Performance inefficiencies (AUTO_CAUSES_COPY)
>>> Using the "auto" keyword without an "&" causes the copy of an
object of type AddressRange.
217 for ( auto r : Ranges ) {
218 if ( r.inside( address ) ) {
219 range.lowAddress = r.lowAddress;
220 range.highAddress = r.highAddress;
221 range.info = r.info;
222 return true;
** CID 1521902: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 287 in
_dwarf_read_sleb128()
________________________________________________________________________________________________________
*** CID 1521902: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 287 in
_dwarf_read_sleb128()
281 uint8_t *src;
282
283 src = data + *offsetp;
284
285 do {
286 b = *src++;
>>> CID 1521902: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type
"int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used
in a context that expects an expression of type "int64_t" (64 bits, signed).
287 ret |= ((b & 0x7f) << shift);
288 (*offsetp)++;
289 shift += 7;
290 } while ((b & 0x80) != 0);
291
292 if (shift < 64 && (b & 0x40) != 0)
** CID 1521901: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 293 in
_dwarf_read_sleb128()
________________________________________________________________________________________________________
*** CID 1521901: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 293 in
_dwarf_read_sleb128()
287 ret |= ((b & 0x7f) << shift);
288 (*offsetp)++;
289 shift += 7;
290 } while ((b & 0x80) != 0);
291
292 if (shift < 64 && (b & 0x40) != 0)
>>> CID 1521901: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "0xffffffffffffffff << shift"
with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and
then used in a context that expects an expression of type "int64_t" (64
bits, signed).
293 ret |= (-1 << shift);
294
295 return (ret);
296 }
297
298 int
** CID 1521900: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 356 in
_dwarf_read_uleb128()
________________________________________________________________________________________________________
*** CID 1521900: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 356 in
_dwarf_read_uleb128()
350 uint8_t *src;
351
352 src = data + *offsetp;
353
354 do {
355 b = *src++;
>>> CID 1521900: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type
"int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used
in a context that expects an expression of type "uint64_t" (64 bits,
unsigned).
356 ret |= ((b & 0x7f) << shift);
357 (*offsetp)++;
358 shift += 7;
359 } while ((b & 0x80) != 0);
360
361 return (ret);
** CID 1521899: Memory - corruptions (OVERRUN)
/trace/record/record-main-lttng.cc: 455 in
LTTNGClient::AddThreadName(PerCPUContext *, const ClientItem &)()
________________________________________________________________________________________________________
*** CID 1521899: Memory - corruptions (OVERRUN)
/trace/record/record-main-lttng.cc: 455 in
LTTNGClient::AddThreadName(PerCPUContext *, const ClientItem &)()
449
450 uint32_t obj_index = GetObjIndexOfID(pcpu->thread_id);
451 uint64_t name = item.data;
452 size_t i;
453 for (i = pcpu->thread_name_index; i < pcpu->thread_name_index +
data_size();
454 ++i) {
>>> CID 1521899: Memory - corruptions (OVERRUN)
>>> Overrunning array "this->thread_names_[api_index][obj_index]" of
3145728 bytes at byte offset 3145728 using index "i" (which evaluates to
16).
455 thread_names_[api_index][obj_index][i] =
static_cast<uint8_t>(name);
456 name >>= BITS_PER_CHAR;
457 }
458
459 pcpu->thread_name_index = i;
460 }
** CID 1521898: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 441 in
_dwarf_decode_uleb128()
________________________________________________________________________________________________________
*** CID 1521898: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/rtemstoolkit/elftoolchain/libdwarf/libdwarf_rw.c: 441 in
_dwarf_decode_uleb128()
435 int shift = 0;
436
437 uint8_t *src = *dp;
438
439 do {
440 b = *src++;
>>> CID 1521898: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(b & 0x7f) << shift" with type
"int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used
in a context that expects an expression of type "uint64_t" (64 bits,
unsigned).
441 ret |= ((b & 0x7f) << shift);
442 shift += 7;
443 } while ((b & 0x80) != 0);
444
445 *dp = src;
446
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQi8c7-2B1U0roIV5G3HXifs2odF2CS2aZ-2FK5CtfMSQ5p34-3DUmMl_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXpChcmq82e05YwUiaNQNEVv6HO3ZwwCsSEdZKrCHSBO8RSsuTljXOlvRo2aKBu-2Fqh1cHu3h3O0ALJdixBaCfrANMTDVs4zRJuydhhpmnbpm4sDLN0PzHrJl6YTBotmpp3lW9DkRknOK-2F-2FYeNgnhinh4Rf2FT3MaTGop6EOwrKxs2OqwJ28MLjIw-2FyWoYIYFV4w-3D
To manage Coverity Scan email notifications for "joel.sherrill at gmail.com",
click
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQfFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2FuqaA-3D5EGW_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXpChcmq82e05YwUiaNQNEVv6HO3ZwwCsSEdZKrCHSBO8aBSzomH8uegMEygftbwvLSoxeWo98AX48igSlWHQgHBnTfLZ7sVYrjQgT0H5XHzQT-2B6fEo78oq4Z14msiiXqBbnFhWgoahlKbWGWYPPrHp-2BjaWbj1bF0qFpePRZEcmOuuTjJ8zKJKXOMhJ5gOUGC9s-3D
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20220829/65393056/attachment-0001.htm>
More information about the devel
mailing list