Hi,
Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan.
1 new defect(s) introduced to Pike-master found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s)
** CID 1034081: (TAINTED_SCALAR)
________________________________________________________________________________________________________ *** CID 1034081: (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/encodings/tga.c: 185 in load_image() 179 180 if(buffer.len < 3) 181 Pike_error("Not enough data in buffer to decode a TGA image\n"); 182 if (buffer.len > str->len - sizeof(struct tga_header)) 183 Pike_error("Malformed TGA header.\n"); 184
CID 1034081: (TAINTED_SCALAR) Passing tainted expression "hdr.colorMapLengthHi" to "ReadImage", which uses it as an allocation size.
185 return ReadImage (&buffer, &hdr); 186 } 187 188 static ptrdiff_t std_fread (unsigned char *buf, 189 size_t datasize, size_t nelems, struct buffer *fp) 190 { /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/encodings/tga.c: 185 in load_image() 179 180 if(buffer.len < 3) 181 Pike_error("Not enough data in buffer to decode a TGA image\n"); 182 if (buffer.len > str->len - sizeof(struct tga_header)) 183 Pike_error("Malformed TGA header.\n"); 184
CID 1034081: (TAINTED_SCALAR) Passing tainted expression "hdr.heightHi" to "ReadImage", which uses it as a loop boundary.
185 return ReadImage (&buffer, &hdr); 186 } 187 188 static ptrdiff_t std_fread (unsigned char *buf, 189 size_t datasize, size_t nelems, struct buffer *fp) 190 { /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/encodings/tga.c: 185 in load_image() 179 180 if(buffer.len < 3) 181 Pike_error("Not enough data in buffer to decode a TGA image\n"); 182 if (buffer.len > str->len - sizeof(struct tga_header)) 183 Pike_error("Malformed TGA header.\n"); 184
CID 1034081: (TAINTED_SCALAR) Passing tainted expression "*buffer.str" to "ReadImage", which uses it as an offset.
185 return ReadImage (&buffer, &hdr); 186 } 187 188 static ptrdiff_t std_fread (unsigned char *buf, 189 size_t datasize, size_t nelems, struct buffer *fp) 190 { /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/encodings/tga.c: 185 in load_image() 179 180 if(buffer.len < 3) 181 Pike_error("Not enough data in buffer to decode a TGA image\n"); 182 if (buffer.len > str->len - sizeof(struct tga_header)) 183 Pike_error("Malformed TGA header.\n"); 184
CID 1034081: (TAINTED_SCALAR) Passing tainted expression "hdr.widthHi" to "ReadImage", which uses it as an offset.
185 return ReadImage (&buffer, &hdr); 186 } 187 188 static ptrdiff_t std_fread (unsigned char *buf, 189 size_t datasize, size_t nelems, struct buffer *fp) 190 {
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2B...
pike-automation@lists.lysator.liu.se
-
scan-admin@coverity.com