New Defects reported by Coverity Scan for RTEMS

Joel Sherrill joel at rtems.org
Tue Aug 30 14:37:08 UTC 2022 

On Tue, Aug 30, 2022 at 8:44 AM Sebastian Huber <
sebastian.huber at embedded-brains.de> wrote:

> On 30/08/2022 15:40, Joel Sherrill wrote:
> >
> >
> > On Tue, Aug 30, 2022 at 12:05 AM Sebastian Huber
> > <sebastian.huber at embedded-brains.de
> > <mailto:sebastian.huber at embedded-brains.de>> wrote:
> >
> >     On 30/08/2022 00:56, scan-admin at coverity.com
> >     <mailto:scan-admin at coverity.com> wrote:
> >      > ** CID 1512552:  High impact quality  (Y2K38_SAFETY)
> >      > /cpukit/score/src/kern_tc.c: 1804 in _Timecounter_Windup()
> >      >
> >      >
> >      >
> >
>  ________________________________________________________________________________________________________
> >      > *** CID 1512552:  High impact quality  (Y2K38_SAFETY)
> >      > /cpukit/score/src/kern_tc.c: 1804 in _Timecounter_Windup()
> >      > 1798          /* Go live with the new struct timehands. */
> >      > 1799     #ifdef FFCLOCK
> >      > 1800          switch (sysclock_active) {
> >      > 1801          case SYSCLOCK_FBCK:
> >      > 1802     #endif
> >      > 1803                  time_second = th->th_microtime.tv_sec;
> >      >>>>      CID 1512552:  High impact quality  (Y2K38_SAFETY)
> >      >>>>      A "time_t" value is stored in an integer with too few
> >     bits to accommodate it.  The expression "th->th_offset.sec" is cast
> >     to "int32_t".
> >      > 1804                  time_uptime = th->th_offset.sec;
> >      > 1805     #ifdef FFCLOCK
> >      > 1806                  break;
> >      > 1807          case SYSCLOCK_FFWD:
> >      > 1808                  time_second =
> fftimehands->tick_time_lerp.sec;
> >      > 1809                  time_uptime =
> >     fftimehands->tick_time_lerp.sec - ffclock_boottime.sec;
> >      >
> >      > ** CID 1512551:    (Y2K38_SAFETY)
> >
> >     This seems to be a new Coverity feature. The Newlib time_t
> >     definition is:
> >
> >     #if defined(_USE_LONG_TIME_T) || __LONG_MAX__ > 0x7fffffffL
> >     #define _TIME_T_ long
> >     #else
> >     #define _TIME_T_ __int_least64_t
> >     #endif
> >     typedef _TIME_T_        __time_t;
> >
> >     Does Coverity use the Newlib header files? The _USE_LONG_TIME_T
> should
> >     be undefined for RTEMS.
> >
> >
> > Yes it should. It works by doing something like this:
> >
> > cov-build waf|make
> >
> > And looking at the newlib headers, I agree everything looks like it
> should
> > be defined to _int_least64_t. And preprocessing a simple file that
> includes
> > <sys/time.h> shows that it is typed to that.
> >
> > But.... something else is going on. time_uptime is defined to
> > _Timecounter_Time_uptime
> > which is an int32_t.
>
> Oh, sorry, I didn't notice this. Then this is a false positive. Using an
> int32_t for uptime seconds is enough.
>

The variable  time_uptime is still defined as two separate types. The
prototype and the declaration do not match.

Even if int32_t is wide enough for seconds of uptime, it is an assignment
that narrows types. Casting to make this narrowing intentional would at
least hint this was intentional.

But better would be to use the proper type and just make it time_t like
FreeBSD.

--joel

>
> --
> embedded brains GmbH
> Herr Sebastian HUBER
> Dornierstr. 4
> 82178 Puchheim
> Germany
> email: sebastian.huber at embedded-brains.de
> phone: +49-89-18 94 741 - 16
> fax:   +49-89-18 94 741 - 08
>
> Registergericht: Amtsgericht München
> Registernummer: HRB 157899
> Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler
> Unsere Datenschutzerklärung finden Sie hier:
> https://embedded-brains.de/datenschutzerklaerung/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20220830/6a61af03/attachment.htm>

More information about the devel mailing list