Fwd: New Defects reported by Coverity Scan for RTEMS

Joel Sherrill joel at rtems.org
Wed Nov 23 14:17:44 UTC 2022


Chris,

I don't think Coverity was pleased with your recent changes to edit.c :)

--joel

---------- Forwarded message ---------
From: <scan-admin at coverity.com>
Date: Wed, Nov 23, 2022 at 1:15 AM
Subject: New Defects reported by Coverity Scan for RTEMS
To: <build at rtems.org>


Hi,

Please find the latest report on new defect(s) introduced to RTEMS found
with Coverity Scan.

3 new defect(s) introduced to RTEMS found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1517031:  Insecure data handling  (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1517031:  Insecure data handling  (TAINTED_SCALAR)
/cpukit/libmisc/shell/main_edit.c: 1992 in redraw_screen()
1986
1987       ed->refresh = 1;
1988     }
1989
1990     static void redraw_screen(struct editor *ed) {
1991       get_console_size(ed->env);
>>>     CID 1517031:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "ed->env" to "draw_screen", which uses
it as a loop boundary.
1992       draw_screen(ed);
1993     }
1994
1995     static int quit(struct env *env) {
1996       struct editor *ed = env->current;
1997       struct editor *start = ed;

** CID 1517030:  Incorrect expression  (UNUSED_VALUE)
/cpukit/libmisc/shell/main_edit.c: 759 in get_console_size()


________________________________________________________________________________________________________
*** CID 1517030:  Incorrect expression  (UNUSED_VALUE)
/cpukit/libmisc/shell/main_edit.c: 759 in get_console_size()
753       struct winsize ws;
754       ioctl(0, TIOCGWINSZ, &ws);
755       env->cols = ws.ws_col;
756       env->lines = ws.ws_row - 1;
757     #elif defined(__rtems__)
758       char* e;
>>>     CID 1517030:  Incorrect expression  (UNUSED_VALUE)
>>>     Assigning value "25" to "env->lines" here, but that stored value is
overwritten before it can be used.
759       env->lines = 25;
760       env->lines = 80;
761       e = getenv("LINES");
762       if (e != NULL) {
763         int lines = strtol(e, 0, 10);
764         if (lines > 0) {

** CID 1517029:  Insecure data handling  (TAINTED_SCALAR)
/cpukit/libmisc/shell/main_edit.c: 780 in get_console_size()


________________________________________________________________________________________________________
*** CID 1517029:  Insecure data handling  (TAINTED_SCALAR)
/cpukit/libmisc/shell/main_edit.c: 780 in get_console_size()
774       }
775     #else
776       struct term *term = gettib()->proc->term;
777       env->cols = term->cols;
778       env->lines = term->lines - 1;
779     #endif
>>>     CID 1517029:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "env->cols + 32" to "realloc", which
uses it as an allocation size. [Note: The source code implementation of the
function has been overridden by a builtin model.]
780       env->linebuf = realloc(env->linebuf, env->cols + LINEBUF_EXTRA);
781     }
782
783     static void outch(char c) {
784       putchar(c);
785     }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQ4-2B8hpujh0hTgQljRGId4Dg-3D-3DGr-Y_EU3W9teASMK00lBXX9WT4lsogDrkCcNZLvg-2FVxwAXMqwq-2FLY5UKW-2FhhinR3e3vpWzrDiUmhAIYAWGY8CAwDNQLbxoOK7jx4uEYuEA18jT8PboURbCG5RbwkKdUWqCHW6bgBCVvWsy6OOEx44VsgSb0-2BOSrEegH8zssvN9oWz11vOH8c4avf3tCzVLe01l2-2FFOCkw36P3laWsmnE2eaZUoA-3D-3D

_______________________________________________
build mailing list
build at rtems.org
http://lists.rtems.org/mailman/listinfo/build
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20221123/a9131580/attachment.htm>


More information about the devel mailing list