Fwd: New Defects reported by Coverity Scan for RTEMS
Joel Sherrill
joel at rtems.org
Wed Nov 23 14:17:44 UTC 2022
Chris,
I don't think Coverity was pleased with your recent changes to edit.c :)
--joel
---------- Forwarded message ---------
From: <scan-admin at coverity.com>
Date: Wed, Nov 23, 2022 at 1:15 AM
Subject: New Defects reported by Coverity Scan for RTEMS
To: <build at rtems.org>
Hi,
Please find the latest report on new defect(s) introduced to RTEMS found
with Coverity Scan.
3 new defect(s) introduced to RTEMS found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1517031: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1517031: Insecure data handling (TAINTED_SCALAR)
/cpukit/libmisc/shell/main_edit.c: 1992 in redraw_screen()
1986
1987 ed->refresh = 1;
1988 }
1989
1990 static void redraw_screen(struct editor *ed) {
1991 get_console_size(ed->env);
>>> CID 1517031: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "ed->env" to "draw_screen", which uses
it as a loop boundary.
1992 draw_screen(ed);
1993 }
1994
1995 static int quit(struct env *env) {
1996 struct editor *ed = env->current;
1997 struct editor *start = ed;
** CID 1517030: Incorrect expression (UNUSED_VALUE)
/cpukit/libmisc/shell/main_edit.c: 759 in get_console_size()
________________________________________________________________________________________________________
*** CID 1517030: Incorrect expression (UNUSED_VALUE)
/cpukit/libmisc/shell/main_edit.c: 759 in get_console_size()
753 struct winsize ws;
754 ioctl(0, TIOCGWINSZ, &ws);
755 env->cols = ws.ws_col;
756 env->lines = ws.ws_row - 1;
757 #elif defined(__rtems__)
758 char* e;
>>> CID 1517030: Incorrect expression (UNUSED_VALUE)
>>> Assigning value "25" to "env->lines" here, but that stored value is
overwritten before it can be used.
759 env->lines = 25;
760 env->lines = 80;
761 e = getenv("LINES");
762 if (e != NULL) {
763 int lines = strtol(e, 0, 10);
764 if (lines > 0) {
** CID 1517029: Insecure data handling (TAINTED_SCALAR)
/cpukit/libmisc/shell/main_edit.c: 780 in get_console_size()
________________________________________________________________________________________________________
*** CID 1517029: Insecure data handling (TAINTED_SCALAR)
/cpukit/libmisc/shell/main_edit.c: 780 in get_console_size()
774 }
775 #else
776 struct term *term = gettib()->proc->term;
777 env->cols = term->cols;
778 env->lines = term->lines - 1;
779 #endif
>>> CID 1517029: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "env->cols + 32" to "realloc", which
uses it as an allocation size. [Note: The source code implementation of the
function has been overridden by a builtin model.]
780 env->linebuf = realloc(env->linebuf, env->cols + LINEBUF_EXTRA);
781 }
782
783 static void outch(char c) {
784 putchar(c);
785 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQ4-2B8hpujh0hTgQljRGId4Dg-3D-3DGr-Y_EU3W9teASMK00lBXX9WT4lsogDrkCcNZLvg-2FVxwAXMqwq-2FLY5UKW-2FhhinR3e3vpWzrDiUmhAIYAWGY8CAwDNQLbxoOK7jx4uEYuEA18jT8PboURbCG5RbwkKdUWqCHW6bgBCVvWsy6OOEx44VsgSb0-2BOSrEegH8zssvN9oWz11vOH8c4avf3tCzVLe01l2-2FFOCkw36P3laWsmnE2eaZUoA-3D-3D
_______________________________________________
build mailing list
build at rtems.org
http://lists.rtems.org/mailman/listinfo/build
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20221123/a9131580/attachment.htm>
More information about the devel
mailing list