Pike-automation

pike-automation@lists.lysator.liu.se

1 participants
59 discussions

Start a nNew thread

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 11 Jan '26

11 Jan '26

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 13 Dec '25

13 Dec '25

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1676053: (ARRAY_VS_SINGLETON) _____________________________________________________________________________________________ *** CID 1676053: (ARRAY_VS_SINGLETON) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/HTTPLoop/requestobject.c: 590 in actually_send() 584 } 585 586 DWERROR("cork... \n"); 587 oldbulkmode = bulkmode_start(a->to->fd); 588 589 fail = -1; >>> CID 1676053: (ARRAY_VS_SINGLETON) >>> Passing "data_ptr" to function "pike_sendfile" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 590 sent = pike_sendfile(a->to->fd, data_ptr, !!data_ptr, 591 a->len ? a->from_fd: -1, NULL, a->len, 592 NULL, 0); 593 594 if (sent >= 0) { 595 a->sent += sent; /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/HTTPLoop/requestobject.c: 590 in actually_send() 584 } 585 586 DWERROR("cork... \n"); 587 oldbulkmode = bulkmode_start(a->to->fd); 588 589 fail = -1; >>> CID 1676053: (ARRAY_VS_SINGLETON) >>> Passing "data_ptr" to function "pike_sendfile" which uses it as an array. This might corrupt or misinterpret adjacent memory locations. 590 sent = pike_sendfile(a->to->fd, data_ptr, !!data_ptr, 591 a->len ? a->from_fd: -1, NULL, a->len, 592 NULL, 0); 593 594 if (sent >= 0) { 595 a->sent += sent; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/pike-master?tab=overview

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 02 Nov '25

02 Nov '25

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1668304: Memory - illegal accesses (USE_AFTER_FREE) _____________________________________________________________________________________________ *** CID 1668304: Memory - illegal accesses (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.1-snapshot/src/post_modules/GI/gi.cmod: 976 in cb_destroy_list() 970 g_free(cbc); 971 } 972 973 static void cb_destroy_list(struct gi_callback_context **list) 974 { 975 while (*list) >>> CID 1668304: Memory - illegal accesses (USE_AFTER_FREE) >>> Calling "cb_destroy_now" dereferences freed pointer "*list". 976 cb_destroy_now(*list); 977 } 978 979 static void process_deferred_cb_destroys(void) 980 { 981 cb_destroy_list(&deferred_destroy_cbs); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/pike-master?tab=overview

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 29 May '25

29 May '25

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 28 Mar '25

28 Mar '25

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1645526: (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_GIF/image_gif.c: 1105 in _image_gif_encode() /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_GIF/image_gif.c: 1105 in _image_gif_encode() /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_GIF/image_gif.c: 1081 in _image_gif_encode() /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_GIF/image_gif.c: 1081 in _image_gif_encode() ________________________________________________________________________________________________________ *** CID 1645526: (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_GIF/image_gif.c: 1105 in _image_gif_encode() 1099 { 1100 if (arg==2 && 1101 TYPEOF(sp[arg-args]) == T_INT) 1102 tridx=sp[arg-args].u.integer; 1103 else { 1104 free_object(imgobj); >>> CID 1645526: (FORWARD_NULL) >>> Dereferencing null pointer "o_". 1105 free_object(nctobj); 1106 Pike_error("Image.GIF.encode(): Illegal argument %d or %d..%d\n", 1107 arg+1,arg+1,arg+3); 1108 } 1109 trans=1; 1110 } /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_GIF/image_gif.c: 1105 in _image_gif_encode() 1099 { 1100 if (arg==2 && 1101 TYPEOF(sp[arg-args]) == T_INT) 1102 tridx=sp[arg-args].u.integer; 1103 else { 1104 free_object(imgobj); >>> CID 1645526: (FORWARD_NULL) >>> Dereferencing null pointer "o_". 1105 free_object(nctobj); 1106 Pike_error("Image.GIF.encode(): Illegal argument %d or %d..%d\n", 1107 arg+1,arg+1,arg+3); 1108 } 1109 trans=1; 1110 } /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_GIF/image_gif.c: 1081 in _image_gif_encode() 1075 if (args-arg>1) { 1076 if (args-arg<4 || 1077 TYPEOF(sp[1+arg-args]) != T_INT || 1078 TYPEOF(sp[2+arg-args]) != T_INT || 1079 TYPEOF(sp[3+arg-args]) != T_INT) { 1080 free_object(imgobj); >>> CID 1645526: (FORWARD_NULL) >>> Dereferencing null pointer "o_". 1081 free_object(nctobj); 1082 Pike_error("Image.GIF.encode: Illegal arguments %d..%d (expected int)\n",arg+2,arg+4); 1083 } else 1084 { 1085 ac.r=sp[1+arg-args].u.integer; 1086 ac.g=sp[2+arg-args].u.integer; /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_GIF/image_gif.c: 1081 in _image_gif_encode() 1075 if (args-arg>1) { 1076 if (args-arg<4 || 1077 TYPEOF(sp[1+arg-args]) != T_INT || 1078 TYPEOF(sp[2+arg-args]) != T_INT || 1079 TYPEOF(sp[3+arg-args]) != T_INT) { 1080 free_object(imgobj); >>> CID 1645526: (FORWARD_NULL) >>> Dereferencing null pointer "o_". 1081 free_object(nctobj); 1082 Pike_error("Image.GIF.encode: Illegal arguments %d..%d (expected int)\n",arg+2,arg+4); 1083 } else 1084 { 1085 ac.r=sp[1+arg-args].u.integer; 1086 ac.g=sp[2+arg-args].u.integer; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/pike-master?tab=overview

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 10 Mar '25

10 Mar '25

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1644285: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1644285: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.1-snapshot/src/post_modules/Cairo/cairo.cmod: 4136 in f_Cairo_RecordingSurface_create() 4130 *! unbounded operations. 4131 */ 4132 PIKEFUN void create(int content, Rectangle|void extents) 4133 get_all_args; 4134 { 4135 cairo_rectangle_t extents_rect; >>> CID 1644285: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "extents" to "rectangle_from_object", which dereferences it. 4136 if (!rectangle_from_object(extents, &extents_rect)) 4137 SIMPLE_ARG_TYPE_ERROR("create", 2, "Cairo.Rectangle"); 4138 4139 if (THIS->surface) 4140 Pike_error("Surface already initialized\n"); 4141 ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/pike-master?tab=overview

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 22 Jan '25

22 Jan '25

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1641415: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/fdlib.c: 3472 in pike_writev() /home/covbuilder/pike/Pike-v9.1-snapshot/src/fdlib.c: 3497 in pike_writev() /home/covbuilder/pike/Pike-v9.1-snapshot/src/fdlib.c: 3479 in pike_writev() ________________________________________________________________________________________________________ *** CID 1641415: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/fdlib.c: 3472 in pike_writev() 3466 #endif 3467 3468 #ifdef MAX_IOVEC 3469 if (cnt > MAX_IOVEC) cnt = MAX_IOVEC; 3470 #endif 3471 >>> CID 1641415: (INTEGER_OVERFLOW) >>> "iov->iov_len", which might have underflowed, is passed to "writev(fd, iov, cnt)". 3472 bytes = fd_writev(fd, iov, cnt); 3473 3474 if (bytes < 0) { 3475 /* Error or file closed at other end. */ 3476 FDWERR("pike_writev(): writev() failed with errno:%d.\n" 3477 "Sent %ld bytes so far.\n", /home/covbuilder/pike/Pike-v9.1-snapshot/src/fdlib.c: 3497 in pike_writev() 3491 break; 3492 } 3493 } 3494 } 3495 } 3496 FDWERR("pike_writev(): Sent %d bytes\n", sent); >>> CID 1641415: (INTEGER_OVERFLOW) >>> "sent", which might have underflowed, is returned from the function. 3497 return sent; /home/covbuilder/pike/Pike-v9.1-snapshot/src/fdlib.c: 3479 in pike_writev() 3473 3474 if (bytes < 0) { 3475 /* Error or file closed at other end. */ 3476 FDWERR("pike_writev(): writev() failed with errno:%d.\n" 3477 "Sent %ld bytes so far.\n", 3478 errno, (long)sent); >>> CID 1641415: (INTEGER_OVERFLOW) >>> "sent ? sent : bytes", which might have overflowed, is returned from the function. 3479 return sent ? sent : bytes; 3480 } else { 3481 sent += bytes; 3482 3483 while (bytes) { 3484 if ((size_t)bytes >= (size_t)iov->iov_len) { ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/pike-master?tab=overview

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 22 Jan '25

22 Jan '25

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 37 new defect(s) introduced to Pike-master found with Coverity Scan. 10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 37 defect(s) ** CID 1641414: Insecure data handling (INTEGER_OVERFLOW) ________________________________________________________________________________________________________ *** CID 1641414: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/stralloc.c: 1011 in end_shared_string() 1005 free_string(s); 1006 s=s2; 1007 } 1008 if (s->flags & STRING_CONVERT_SURROGATES) { 1009 ptrdiff_t cnt = count_surrogate_pairs(STR1(s), s->len); 1010 if (cnt > 0) { >>> CID 1641414: Insecure data handling (INTEGER_OVERFLOW) >>> "s->len - cnt", which might be negative, is passed to "debug_begin_wide_shared_string(s->len - cnt, thirtytwobit)". 1011 s2 = begin_wide_shared_string(s->len - cnt, thirtytwobit); 1012 convert_surrogate_pairs(STR2(s2), STR1(s), s->len); 1013 free_string(s); 1014 s = s2; 1015 } else { 1016 s->flags &= ~STRING_CONVERT_SURROGATES; ** CID 1641413: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 2432 in check_multiset_for_destruct() /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 2432 in check_multiset_for_destruct() ________________________________________________________________________________________________________ *** CID 1641413: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 2432 in check_multiset_for_destruct() 2426 else { \ 2427 ind_types |= 1 << TYPEOF(ind); \ 2428 LOW_RB_TRACK_NEXT (rbstack, node); \ 2429 } \ 2430 } while (node); 2431 >>> CID 1641413: (INTEGER_OVERFLOW) >>> "rbstack.ssp++", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp++]". 2432 DO_WITH_NODES (msd); 2433 2434 #undef WITH_NODES_BLOCK 2435 2436 #ifdef PIKE_DEBUG 2437 if (ind_types & ~msd->ind_types) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 2432 in check_multiset_for_destruct() 2426 else { \ 2427 ind_types |= 1 << TYPEOF(ind); \ 2428 LOW_RB_TRACK_NEXT (rbstack, node); \ 2429 } \ 2430 } while (node); 2431 >>> CID 1641413: (INTEGER_OVERFLOW) >>> "rbstack.ssp", which might have underflowed, is passed to "midflight_remove_node_fast(l, &rbstack, 1)". 2432 DO_WITH_NODES (msd); 2433 2434 #undef WITH_NODES_BLOCK 2435 2436 #ifdef PIKE_DEBUG 2437 if (ind_types & ~msd->ind_types) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 2432 in check_multiset_for_destruct() 2426 else { \ 2427 ind_types |= 1 << TYPEOF(ind); \ 2428 LOW_RB_TRACK_NEXT (rbstack, node); \ 2429 } \ 2430 } while (node); 2431 >>> CID 1641413: (INTEGER_OVERFLOW) >>> "rbstack.ssp - 1UL", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp - 1UL]". 2432 DO_WITH_NODES (msd); 2433 2434 #undef WITH_NODES_BLOCK 2435 2436 #ifdef PIKE_DEBUG 2437 if (ind_types & ~msd->ind_types) ** CID 1641412: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/rbtree.c: 105 in rbstack_insert() /home/covbuilder/pike/Pike-v9.1-snapshot/src/rbtree.c: 105 in rbstack_insert() ________________________________________________________________________________________________________ *** CID 1641412: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/rbtree.c: 105 in rbstack_insert() 99 { 100 struct rbstack_ptr rbp1 = *top, rbp2 = *top, rbpos = *pos; 101 RBSTACK_PUSH (rbp2, NULL); 102 *top = rbp2; 103 104 while (rbp1.ssp != rbpos.ssp || rbp1.slice != rbpos.slice) { >>> CID 1641412: (INTEGER_OVERFLOW) >>> "--rbp2.ssp", which might have underflowed, is passed to "rbp2.slice->stack[--rbp2.ssp]". 105 rbp2.slice->stack[--rbp2.ssp] = rbp1.slice->stack[--rbp1.ssp]; 106 if (!rbp2.ssp) rbp2.slice = rbp1.slice, rbp2.ssp = STACK_SLICE_SIZE; 107 if (!rbp1.ssp) { 108 if (rbp1.slice->up) rbstack_low_up (&rbp1); 109 #ifdef PIKE_DEBUG 110 else if (rbp1.ssp != rbpos.ssp || rbp1.slice != rbpos.slice) /home/covbuilder/pike/Pike-v9.1-snapshot/src/rbtree.c: 105 in rbstack_insert() 99 { 100 struct rbstack_ptr rbp1 = *top, rbp2 = *top, rbpos = *pos; 101 RBSTACK_PUSH (rbp2, NULL); 102 *top = rbp2; 103 104 while (rbp1.ssp != rbpos.ssp || rbp1.slice != rbpos.slice) { >>> CID 1641412: (INTEGER_OVERFLOW) >>> "rbp2.ssp", which might have underflowed, is passed to "rbp2.slice->stack[--rbp2.ssp]". 105 rbp2.slice->stack[--rbp2.ssp] = rbp1.slice->stack[--rbp1.ssp]; 106 if (!rbp2.ssp) rbp2.slice = rbp1.slice, rbp2.ssp = STACK_SLICE_SIZE; 107 if (!rbp1.ssp) { 108 if (rbp1.slice->up) rbstack_low_up (&rbp1); 109 #ifdef PIKE_DEBUG 110 else if (rbp1.ssp != rbpos.ssp || rbp1.slice != rbpos.slice) ** CID 1641411: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/block_allocator.c: 506 in ba_sort_free_list() ________________________________________________________________________________________________________ *** CID 1641411: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/block_allocator.c: 506 in ba_sort_free_list() 500 /* 501 * Handle consecutive free blocks in the end, those 502 * we dont need anyway. 503 */ 504 if (v.length) { 505 i = v.length-1; >>> CID 1641411: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "j--", where "j" is known to be equal to 0, underflows the type of "j--", which is type "size_t". 506 while (i && bv_get(&v, i)) { i--; j--; } 507 v.length = i+1; 508 } 509 510 if (!j) goto last; 511 ** CID 1641410: Insecure data handling (INTEGER_OVERFLOW) ________________________________________________________________________________________________________ *** CID 1641410: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/builtin_functions.c: 7993 in diff_build() 7987 ai=array_search(a,b->item+bi,ai+1)-1; 7988 7989 push_array(friendly_slice_array(b,lbi+1,bi)); 7990 bd=append_array(bd, Pike_sp-1); 7991 pop_stack(); 7992 >>> CID 1641410: Insecure data handling (INTEGER_OVERFLOW) >>> "ai + 1L", which might be negative, is passed to "friendly_slice_array(a, lai + 1L, ai + 1L)". 7993 push_array(friendly_slice_array(a,lai+1,ai+1)); 7994 ad=append_array(ad,Pike_sp-1); 7995 pop_stack(); 7996 7997 eqstart=bi; 7998 } ** CID 1641409: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/colors.c: 1491 in _image_make_rgbl_color() ________________________________________________________________________________________________________ *** CID 1641409: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/colors.c: 1491 in _image_make_rgbl_color() 1485 static void _image_make_rgbl_color(INT32 r,INT32 g,INT32 b) 1486 { 1487 struct color_struct *cs; 1488 1489 if (r<0) r=0; else if (r>COLORLMAX) r=COLORLMAX; /* >=2^31? no way... */ 1490 if (g<0) g=0; else if (g>COLORLMAX) g=COLORLMAX; >>> CID 1641409: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "b = 2147483647;". 1491 if (b<0) b=0; else if (b>COLORLMAX) b=COLORLMAX; 1492 1493 push_object(clone_object(image_color_program,0)); 1494 1495 cs=get_storage(sp[-1].u.object,image_color_program); 1496 ** CID 1641408: Insecure data handling (INTEGER_OVERFLOW) ________________________________________________________________________________________________________ *** CID 1641408: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/DVB/dvb.c: 1418 in f_stream_read() 1412 } 1413 #endif 1414 } 1415 1416 if(ret > 0) { 1417 bufptr = buf; >>> CID 1641408: Insecure data handling (INTEGER_OVERFLOW) >>> "ret", which might have overflowed, is passed to "dvb_pes2es(bufptr, ret, &dvb_stream->pkt, 192)". 1418 while((cnt = dvb_pes2es(bufptr,ret,&dvb_stream->pkt, 0xC0)) > 0) { 1419 #ifdef DVB_DEBUG 1420 /* printf("DEB: dvb: PID(%d): cnt=%d (ix: %d): pkt.len=%d (skipped: %d)\n", dvb_stream->pid, cnt, ix, dvb_stream->pkt.payload_len, dvb_stream->pkt.skipped); */ 1421 if(dvb_stream->pkt.skipped) 1422 printf("PID(%d): skipped: %d\n", dvb_stream->pid, dvb_stream->pkt.skipped); 1423 #endif ** CID 1641407: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3627 in gc_mark_multiset_as_referenced() /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3627 in gc_mark_multiset_as_referenced() /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3621 in gc_mark_multiset_as_referenced() /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3621 in gc_mark_multiset_as_referenced() ________________________________________________________________________________________________________ *** CID 1641407: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3627 in gc_mark_multiset_as_referenced() 3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES: >>> CID 1641407: (INTEGER_OVERFLOW) >>> "rbstack.ssp++", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp++]". 3627 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3628 GC_REC_I_WEAK_IND, GC_REC_IV_WEAK_IND, 3629 gc_mark, ind_types, val_types); 3630 gc_assert_checked_as_weak (msd); 3631 break; 3632 #if MULTISET_WEAK_VALUES /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3627 in gc_mark_multiset_as_referenced() 3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES: >>> CID 1641407: (INTEGER_OVERFLOW) >>> "rbstack.ssp", which might have underflowed, is passed to "gc_unlink_msnode_shared(msd, &rbstack, m->gc_flags & 0x400)". 3627 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3628 GC_REC_I_WEAK_IND, GC_REC_IV_WEAK_IND, 3629 gc_mark, ind_types, val_types); 3630 gc_assert_checked_as_weak (msd); 3631 break; 3632 #if MULTISET_WEAK_VALUES /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3627 in gc_mark_multiset_as_referenced() 3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES: >>> CID 1641407: (INTEGER_OVERFLOW) >>> "rbstack.ssp - 1UL", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp - 1UL]". 3627 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3628 GC_REC_I_WEAK_IND, GC_REC_IV_WEAK_IND, 3629 gc_mark, ind_types, val_types); 3630 gc_assert_checked_as_weak (msd); 3631 break; 3632 #if MULTISET_WEAK_VALUES /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3621 in gc_mark_multiset_as_referenced() 3615 gc_assert_checked_as_nonweak (msd); 3616 } 3617 3618 else { 3619 switch (msd->flags & MULTISET_WEAK) { 3620 case 0: >>> CID 1641407: (INTEGER_OVERFLOW) >>> "rbstack.ssp", which might have underflowed, is passed to "gc_unlink_msnode_shared(msd, &rbstack, m->gc_flags & 0x400)". 3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES: /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3621 in gc_mark_multiset_as_referenced() 3615 gc_assert_checked_as_nonweak (msd); 3616 } 3617 3618 else { 3619 switch (msd->flags & MULTISET_WEAK) { 3620 case 0: >>> CID 1641407: (INTEGER_OVERFLOW) >>> "rbstack.ssp++", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp++]". 3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES: /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3621 in gc_mark_multiset_as_referenced() 3615 gc_assert_checked_as_nonweak (msd); 3616 } 3617 3618 else { 3619 switch (msd->flags & MULTISET_WEAK) { 3620 case 0: >>> CID 1641407: (INTEGER_OVERFLOW) >>> "rbstack.ssp - 1UL", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp - 1UL]". 3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES: ** CID 1641406: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 612 in low_do_sendfile() ________________________________________________________________________________________________________ *** CID 1641406: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 612 in low_do_sendfile() 606 len = (ptrdiff_t) this->len; 607 while ((buflen = fd_read(this->from_fd, this->buffer, len)) > 0) { 608 char *buf = this->buffer; 609 this->len -= buflen; 610 this->offset += buflen; 611 while (buflen) { >>> CID 1641406: Insecure data handling (INTEGER_OVERFLOW) >>> "buflen", which might be negative, is passed to "write(this->to_fd, buf, buflen)". 612 ptrdiff_t wrlen = fd_write(this->to_fd, buf, buflen); 613 if ((wrlen < 0) && (errno == EINTR)) { 614 continue; 615 } else if (wrlen < 0) { 616 goto send_trailers; 617 } ** CID 1641405: Memory - illegal accesses (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 1528 in low_multiset_track_eq() ________________________________________________________________________________________________________ *** CID 1641405: Memory - illegal accesses (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 1528 in low_multiset_track_eq() 1522 1523 if (TYPEOF(msd->cmp_less) == T_INT) { 1524 struct svalue tmp; 1525 if (!(msd->ind_types & (BIT_OBJECT | BIT_FUNCTION))) { 1526 /* Can assume an internal order which defines a total order for 1527 * all values. */ >>> CID 1641405: Memory - illegal accesses (INTEGER_OVERFLOW) >>> "rbstack.ssp - 1UL", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp - 1UL]". 1528 LOW_RB_TRACK ( 1529 rbstack, node, 1530 { 1531 low_use_multiset_index (RBNODE (node), tmp); 1532 assert (!IS_DESTRUCTED (&tmp)); 1533 /* TODO: Use special variant of set_svalue_cmpfun so we don't ** CID 1641404: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Pipe/pipe.c: 912 in pipe_output() ________________________________________________________________________________________________________ *** CID 1641404: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Pipe/pipe.c: 912 in pipe_output() 906 907 len = b->s->len; 908 data = b->s->str; 909 while (len > 0) { 910 ptrdiff_t bytes; 911 do { >>> CID 1641404: Insecure data handling (INTEGER_OVERFLOW) >>> "len", which might have overflowed, is passed to "write(((struct pipe *)Pike_interpreter_pointer->frame_pointer->current_storage)->fd, data, len)". 912 bytes = fd_write(THIS->fd, data, len); 913 } while((bytes < 0) && (errno == EINTR)); 914 if (bytes < 0) break; 915 len -= bytes; 916 data += bytes; 917 } ** CID 1641403: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/pike_memory.c: 264 in low_hashmem_ia32_crc32() ________________________________________________________________________________________________________ *** CID 1641403: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/pike_memory.c: 264 in low_hashmem_ia32_crc32() 258 p++; 259 nbytes -= 4; 260 } 261 262 /* any remaining bytes. */ 263 c = (const unsigned char *)p; >>> CID 1641403: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "nbytes--", where "nbytes" is known to be equal to 0, underflows the type of "nbytes--", which is type "size_t". 264 while (nbytes--) { 265 CRC32SQ( h, c++ ); 266 } 267 268 if (trailer_bytes) { 269 /* include 8 bytes from the end. Note that this might be a ** CID 1641402: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_JPEG/image_jpeg.c: 165 in jpeg_getc() ________________________________________________________________________________________________________ *** CID 1641402: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_JPEG/image_jpeg.c: 165 in jpeg_getc() 159 struct jpeg_source_mgr * datasrc = cinfo->src; 160 161 if (datasrc->bytes_in_buffer == 0) 162 if (! (*datasrc->fill_input_buffer) (cinfo)) 163 return 0; /* ignore the problem */ 164 >>> CID 1641402: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "datasrc->bytes_in_buffer--", where "datasrc->bytes_in_buffer" is known to be equal to 0, underflows the type of "datasrc->bytes_in_buffer--", which is type "size_t". 165 datasrc->bytes_in_buffer--; 166 return GETJOCTET(*datasrc->next_input_byte++); 167 } 168 169 /* examine_app14 from jpeg6b/jdmarker.c */ 170 static void examine_app14 (j_decompress_ptr cinfo, JOCTET FAR * data, ** CID 1641401: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/encode.c: 2648 in decode_number() ________________________________________________________________________________________________________ *** CID 1641401: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/encode.c: 2648 in decode_number() 2642 static INT64 decode_number(struct decode_data *data, const char *comment) 2643 { 2644 INT32 what, e; 2645 INT64 num; 2646 2647 DECODE("decode_number"); >>> CID 1641401: Integer handling issues (INTEGER_OVERFLOW) >>> Expression "(unsigned long)num << 4", where "(unsigned long)num" is known to be equal to -4, overflows the type of "(unsigned long)num << 4", which is type "unsigned long". 2648 num = (what & TAG_MASK) | ((UINT64)num<<4); 2649 EDB(5, fprintf(stderr, "%*s ==>%"PRINTINT64"d\n", 2650 data->depth, "", num)); 2651 if (comment) { 2652 ETRACE({ 2653 DECODE_WERR_COMMENT(comment, ".number " ** CID 1641400: Insecure data handling (INTEGER_OVERFLOW) ________________________________________________________________________________________________________ *** CID 1641400: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/program.c: 10710 in get_sub_storage() 10704 10705 if (!o->prog) return NULL; 10706 10707 sub_inh = program_find_inherit(o->prog->inherits[inh].prog, p); 10708 if (sub_inh < 0) return NULL; 10709 >>> CID 1641400: Insecure data handling (INTEGER_OVERFLOW) >>> "inh + sub_inh", which might have overflowed, is passed to "get_inherit_storage(o, inh + sub_inh)". 10710 return get_inherit_storage(o, inh + sub_inh); 10711 } 10712 10713 PMOD_EXPORT struct program *low_program_from_function(struct object *o, INT32 i) 10714 { 10715 struct svalue *f; ** CID 1641399: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/stralloc.c: 220 in check_string_range() /home/covbuilder/pike/Pike-v9.1-snapshot/src/stralloc.c: 219 in check_string_range() ________________________________________________________________________________________________________ *** CID 1641399: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/stralloc.c: 220 in check_string_range() 214 if( *p > s_max ) s_max = *p; 215 if( *p < s_min ) s_min = *p; 216 } 217 } 218 str->string_is_utf8 = 0; 219 str->min = s_min / 256; >>> CID 1641399: (INTEGER_OVERFLOW) >>> Expression "str->max", where "s_max / 256" is known to be equal to -8388608, overflows the type of "str->max", which is type "unsigned char". 220 str->max = s_max / 256; 221 break; 222 223 case thirtytwobit: 224 { 225 p_wchar2 *p = (p_wchar2*)str->str; /home/covbuilder/pike/Pike-v9.1-snapshot/src/stralloc.c: 219 in check_string_range() 213 { 214 if( *p > s_max ) s_max = *p; 215 if( *p < s_min ) s_min = *p; 216 } 217 } 218 str->string_is_utf8 = 0; >>> CID 1641399: (INTEGER_OVERFLOW) >>> Expression "str->min", where "s_min / 256" is known to be equal to 8388607, overflows the type of "str->min", which is type "unsigned char". 219 str->min = s_min / 256; 220 str->max = s_max / 256; 221 break; 222 223 case thirtytwobit: 224 { ** CID 1641398: Incorrect expression (COPY_PASTE_ERROR) /home/covbuilder/pike/Pike-v9.1-snapshot/src/treeopt.h: 1555 in optimize() ________________________________________________________________________________________________________ *** CID 1641398: Incorrect expression (COPY_PASTE_ERROR) /home/covbuilder/pike/Pike-v9.1-snapshot/src/treeopt.h: 1555 in optimize() 1549 goto use_cdr; 1550 } 1551 } else if (CAR(n)->token == F_INITIALIZE) { 1552 DBG("Match: ""F_COMMA_EXPR{392}(F_INITIALIZE{393}(0 = *{394}, 1 = *{395}), 2 = *{396})""\n"); 1553 DBG("=> ""F_COMMA_EXPR{397}""\n"); 1554 { >>> CID 1641398: Incorrect expression (COPY_PASTE_ERROR) >>> "F_COMMA_EXPR" looks like a copy-paste error. 1555 ADD_NODE_REF2(CAAR(n), 1556 ADD_NODE_REF2(CDAR(n), 1557 ADD_NODE_REF2(CDR(n), 1558 tmp1 = mknode(F_COMMA_EXPR, mknode(F_ASSIGN, CAAR(n), CDAR(n)), CDR(n)); 1559 ))); 1560 goto use_tmp1; ** CID 1641397: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/HTTPLoop/accept_and_parse.c: 327 in aap_handle_connection() ________________________________________________________________________________________________________ *** CID 1641397: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/HTTPLoop/accept_and_parse.c: 327 in aap_handle_connection() 321 timeout = aap_add_timeout_thr(th_self(), arg->timeout); 322 while( !timeout || !(*timeout) ) 323 #else 324 while(1) 325 #endif /* HAVE_TIMEOUTS */ 326 { >>> CID 1641397: Insecure data handling (INTEGER_OVERFLOW) >>> "buffer_len - pos", which might have underflowed, is passed to "read(arg->fd, p, buffer_len - pos)". 327 ptrdiff_t data_read = fd_read(arg->fd, p, buffer_len-pos); 328 if(data_read <= 0) 329 { 330 DWERROR("AAP: Read error/eof.\n"); 331 arg->res.data = buffer; 332 free_args( arg ); ** CID 1641396: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/colors.c: 1490 in _image_make_rgbl_color() ________________________________________________________________________________________________________ *** CID 1641396: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/colors.c: 1490 in _image_make_rgbl_color() 1484 1485 static void _image_make_rgbl_color(INT32 r,INT32 g,INT32 b) 1486 { 1487 struct color_struct *cs; 1488 1489 if (r<0) r=0; else if (r>COLORLMAX) r=COLORLMAX; /* >=2^31? no way... */ >>> CID 1641396: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "g = 2147483647;". 1490 if (g<0) g=0; else if (g>COLORLMAX) g=COLORLMAX; 1491 if (b<0) b=0; else if (b>COLORLMAX) b=COLORLMAX; 1492 1493 push_object(clone_object(image_color_program,0)); 1494 1495 cs=get_storage(sp[-1].u.object,image_color_program); ** CID 1641395: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 304 in send_iov() /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 295 in send_iov() ________________________________________________________________________________________________________ *** CID 1641395: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 304 in send_iov() 298 continue; 299 } else if (bytes < 0) { 300 /* Error or file closed at other end. */ 301 SF_DFPRINTF((stderr, "sendfile: send_iov(): writev() failed with errno:%d.\n" 302 "sendfile: Sent %ld bytes so far.\n", 303 errno, (long)sent)); >>> CID 1641395: (INTEGER_OVERFLOW) >>> "sent", which might have overflowed, is returned from the function. 304 return sent; 305 } else { 306 sent += bytes; 307 308 while (bytes) { 309 if ((size_t)bytes >= (size_t)iov->iov_len) { /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 295 in send_iov() 289 #endif 290 291 #ifdef MAX_IOVEC 292 if (cnt > MAX_IOVEC) cnt = MAX_IOVEC; 293 #endif 294 >>> CID 1641395: (INTEGER_OVERFLOW) >>> "iov->iov_len", which might have underflowed, is passed to "writev(fd, iov, cnt)". 295 bytes = writev(fd, iov, cnt); 296 297 if ((bytes < 0) && (errno == EINTR)) { 298 continue; 299 } else if (bytes < 0) { 300 /* Error or file closed at other end. */ ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/pike-master?tab=overview

1 0

aaaaaaaa
by sophiakalvin909＠gmail.com 07 Dec '24

07 Dec '24

<a href="https://thesiswritinghelp.com.pk/e-book-writing-service">book writing services</a> [url=https://thesiswritinghelp.com.pk/e-book-writing-service]ebook writers[/url] [help with my dissertation](https://dissertationwritinghelp.uk/write-my-dissertation-services/) [https://dissertationwritinghelp.uk/write-my-dissertation-services/ write my dissertation for me UK]

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 23 Nov '24

23 Nov '24

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1034081: (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1034081: (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/encodings/tga.c: 185 in load_image() 179 180 if(buffer.len < 3) 181 Pike_error("Not enough data in buffer to decode a TGA image\n"); 182 if (buffer.len > str->len - sizeof(struct tga_header)) 183 Pike_error("Malformed TGA header.\n"); 184 >>> CID 1034081: (TAINTED_SCALAR) >>> Passing tainted expression "hdr.colorMapLengthHi" to "ReadImage", which uses it as an allocation size. 185 return ReadImage (&buffer, &hdr); 186 } 187 188 static ptrdiff_t std_fread (unsigned char *buf, 189 size_t datasize, size_t nelems, struct buffer *fp) 190 { /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/encodings/tga.c: 185 in load_image() 179 180 if(buffer.len < 3) 181 Pike_error("Not enough data in buffer to decode a TGA image\n"); 182 if (buffer.len > str->len - sizeof(struct tga_header)) 183 Pike_error("Malformed TGA header.\n"); 184 >>> CID 1034081: (TAINTED_SCALAR) >>> Passing tainted expression "hdr.heightHi" to "ReadImage", which uses it as a loop boundary. 185 return ReadImage (&buffer, &hdr); 186 } 187 188 static ptrdiff_t std_fread (unsigned char *buf, 189 size_t datasize, size_t nelems, struct buffer *fp) 190 { /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/encodings/tga.c: 185 in load_image() 179 180 if(buffer.len < 3) 181 Pike_error("Not enough data in buffer to decode a TGA image\n"); 182 if (buffer.len > str->len - sizeof(struct tga_header)) 183 Pike_error("Malformed TGA header.\n"); 184 >>> CID 1034081: (TAINTED_SCALAR) >>> Passing tainted expression "*buffer.str" to "ReadImage", which uses it as an offset. 185 return ReadImage (&buffer, &hdr); 186 } 187 188 static ptrdiff_t std_fread (unsigned char *buf, 189 size_t datasize, size_t nelems, struct buffer *fp) 190 { /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/encodings/tga.c: 185 in load_image() 179 180 if(buffer.len < 3) 181 Pike_error("Not enough data in buffer to decode a TGA image\n"); 182 if (buffer.len > str->len - sizeof(struct tga_header)) 183 Pike_error("Malformed TGA header.\n"); 184 >>> CID 1034081: (TAINTED_SCALAR) >>> Passing tainted expression "hdr.widthHi" to "ReadImage", which uses it as an offset. 185 return ReadImage (&buffer, &hdr); 186 } 187 188 static ptrdiff_t std_fread (unsigned char *buf, 189 size_t datasize, size_t nelems, struct buffer *fp) 190 { ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…

1 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

Pike-automation