Pike-automation March 2017

pike-automation@lists.lysator.liu.se

1 participants
1 discussions

New Defects reported by Coverity Scan for Pike-stable
by scan-admin＠coverity.com 14 Mar '17

14 Mar '17

Hi, Please find the latest report on new defect(s) introduced to Pike-stable found with Coverity Scan. 7 new defect(s) introduced to Pike-stable found with Coverity Scan. 13 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 7 of 7 defect(s) ** CID 1402583: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 841 in o_cast() ________________________________________________________________________________________________________ *** CID 1402583: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 841 in o_cast() 835 #ifdef PIKE_DEBUG 836 struct svalue *save_sp=sp+1; 837 #endif 838 839 ptrdiff_t nodepos; 840 if (multiset_indval (tmp)) >>> CID 1402583: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "Pike_error("FIXME: Casting ...". 841 Pike_error ("FIXME: Casting not implemented for multisets with values.\n"); 842 push_multiset (m = allocate_multiset (multiset_sizeof (tmp), 843 multiset_get_flags (tmp), 844 multiset_get_cmp_less (tmp))); 845 846 SET_CYCLIC_RET(m); ** CID 1400859: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 744 in i_img_bmp__decode() /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 757 in i_img_bmp__decode() ________________________________________________________________________________________________________ *** CID 1400859: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 744 in i_img_bmp__decode() 738 push_string(make_shared_binary_string((char *)s,(4<<bpp))); 739 push_int(2); 740 push_object(o=clone_object(image_colortable_program,2)); 741 nct=get_storage(o,image_colortable_program); 742 743 s+=(4<<bpp); >>> CID 1400859: (UNUSED_VALUE) >>> Assigning value from "len - (4 << bpp)" to "len" here, but that stored value is overwritten before it can be used. 744 len-=(4<<bpp); 745 } 746 else 747 { 748 if ((3<<bpp)>len) 749 Pike_error("Image.BMP.decode: unexpected EOF in palette\n"); /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 757 in i_img_bmp__decode() 751 push_string(make_shared_binary_string((char *)s,(3<<bpp))); 752 push_int(1); 753 push_object(o=clone_object(image_colortable_program,2)); 754 nct=get_storage(o,image_colortable_program); 755 756 s+=(3<<bpp); >>> CID 1400859: (UNUSED_VALUE) >>> Assigning value from "len - (3 << bpp)" to "len" here, but that stored value is overwritten before it can be used. 757 len-=(3<<bpp); 758 } 759 760 n++; 761 } 762 ** CID 1400858: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 743 in i_img_bmp__decode() /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 756 in i_img_bmp__decode() ________________________________________________________________________________________________________ *** CID 1400858: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 743 in i_img_bmp__decode() 737 738 push_string(make_shared_binary_string((char *)s,(4<<bpp))); 739 push_int(2); 740 push_object(o=clone_object(image_colortable_program,2)); 741 nct=get_storage(o,image_colortable_program); 742 >>> CID 1400858: (UNUSED_VALUE) >>> Assigning value from "s + (4 << bpp)" to "s" here, but that stored value is overwritten before it can be used. 743 s+=(4<<bpp); 744 len-=(4<<bpp); 745 } 746 else 747 { 748 if ((3<<bpp)>len) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 756 in i_img_bmp__decode() 750 751 push_string(make_shared_binary_string((char *)s,(3<<bpp))); 752 push_int(1); 753 push_object(o=clone_object(image_colortable_program,2)); 754 nct=get_storage(o,image_colortable_program); 755 >>> CID 1400858: (UNUSED_VALUE) >>> Assigning value from "s + (3 << bpp)" to "s" here, but that stored value is overwritten before it can be used. 756 s+=(3<<bpp); 757 len-=(3<<bpp); 758 } 759 760 n++; 761 } ** CID 1400857: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 4113 in image_apply_curve() /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 4193 in image_apply_curve() ________________________________________________________________________________________________________ *** CID 1400857: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 4113 in image_apply_curve() 4107 pop_n_elems( args ); 4108 image_apply_curve_3( curve ); 4109 return; 4110 } 4111 case 2: 4112 { >>> CID 1400857: (UNINIT) >>> Declaring variable "curve" without initializer. 4113 unsigned char curve[256]; 4114 int chan = 0, co = 0; 4115 struct object *o; 4116 4117 if( TYPEOF(sp[-args]) != T_STRING ) 4118 SIMPLE_BAD_ARG_ERROR("apply_curve", 1, "string"); /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 4193 in image_apply_curve() 4187 pop_stack(); 4188 } 4189 return; 4190 } 4191 case 1: 4192 { >>> CID 1400857: (UNINIT) >>> Declaring variable "curve" without initializer. 4193 unsigned char curve[256]; 4194 if( TYPEOF(sp[-args]) != T_ARRAY || 4195 sp[-args].u.array->size != 256 ) 4196 bad_arg_error("apply_curve", 4197 sp-args, args, 0, "", sp-args, 4198 "Bad arguments to apply_curve.\n" ); ** CID 1400856: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 966 in low_zlibmod_unpack() ________________________________________________________________________________________________________ *** CID 1400856: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 966 in low_zlibmod_unpack() 960 else 961 Pike_error("Failed to initialize Gz.uncompress (%d).\n", ret); 962 } 963 964 mt_init(&z.lock); 965 ret = do_inflate(buf, &z, Z_SYNC_FLUSH); >>> CID 1400856: API usage errors (LOCK) >>> "pthread_mutex_destroy" destroys "z.lock" while it is locked. 966 mt_destroy(&z.lock); 967 inflateEnd( &z.gz ); 968 969 if(ret==Z_OK) 970 Pike_error("Compressed data is truncated.\n"); 971 if(ret!=Z_STREAM_END) ** CID 1400855: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 448 in low_zlibmod_pack() ________________________________________________________________________________________________________ *** CID 1400855: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 448 in low_zlibmod_pack() 442 443 mt_init(&z.lock); 444 445 ret = do_deflate(buf, &z, Z_FINISH); 446 447 deflateEnd(&z.gz); >>> CID 1400855: API usage errors (LOCK) >>> "pthread_mutex_destroy" destroys "z.lock" while it is locked. 448 mt_destroy(&z.lock); 449 450 if(ret != Z_STREAM_END) 451 Pike_error("Error while deflating data (%d).\n",ret); 452 } 453 ** CID 1400854: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v8.0-snapshot/src/array.c: 95 in real_allocate_array() ________________________________________________________________________________________________________ *** CID 1400854: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v8.0-snapshot/src/array.c: 95 in real_allocate_array() 89 /* Limits size to (1<<29)-4 */ 90 if( (size_t)(size+extra_space-1) > 91 (LONG_MAX-sizeof(struct array))/sizeof(struct svalue) ) 92 Pike_error("Too large array (size %ld exceeds %ld).\n", 93 (long)(size+extra_space-1), 94 (long)((LONG_MAX-sizeof(struct array))/sizeof(struct svalue)) ); >>> CID 1400854: Insecure data handling (INTEGER_OVERFLOW) >>> Overflowed or truncated value (or a value computed from an overflowed or truncated value) "64UL + (size + extra_space - 1L) * 16UL" used as critical argument to function. 95 v=malloc(sizeof(struct array)+ 96 (size+extra_space-1)*sizeof(struct svalue)); 97 if(!v) 98 Pike_error(msg_out_of_mem_2, sizeof(struct array)+ 99 (size+extra_space-1)*sizeof(struct svalue)); 100 ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V0… To manage Coverity Scan email notifications for "pike-automation(a)lists.lysator.liu.se", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V0…

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

Pike-automation March 2017