Hi,
Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan.
37 new defect(s) introduced to Pike-master found with Coverity Scan. 10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 20 of 37 defect(s)
** CID 1641414: Insecure data handling (INTEGER_OVERFLOW)
________________________________________________________________________________________________________ *** CID 1641414: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/stralloc.c: 1011 in end_shared_string() 1005 free_string(s); 1006 s=s2; 1007 } 1008 if (s->flags & STRING_CONVERT_SURROGATES) { 1009 ptrdiff_t cnt = count_surrogate_pairs(STR1(s), s->len); 1010 if (cnt > 0) {
CID 1641414: Insecure data handling (INTEGER_OVERFLOW) "s->len - cnt", which might be negative, is passed to "debug_begin_wide_shared_string(s->len - cnt, thirtytwobit)".
1011 s2 = begin_wide_shared_string(s->len - cnt, thirtytwobit); 1012 convert_surrogate_pairs(STR2(s2), STR1(s), s->len); 1013 free_string(s); 1014 s = s2; 1015 } else { 1016 s->flags &= ~STRING_CONVERT_SURROGATES;
** CID 1641413: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 2432 in check_multiset_for_destruct() /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 2432 in check_multiset_for_destruct()
________________________________________________________________________________________________________ *** CID 1641413: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 2432 in check_multiset_for_destruct() 2426 else { \ 2427 ind_types |= 1 << TYPEOF(ind); \ 2428 LOW_RB_TRACK_NEXT (rbstack, node); \ 2429 } \ 2430 } while (node); 2431
CID 1641413: (INTEGER_OVERFLOW) "rbstack.ssp++", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp++]".
2432 DO_WITH_NODES (msd); 2433 2434 #undef WITH_NODES_BLOCK 2435 2436 #ifdef PIKE_DEBUG 2437 if (ind_types & ~msd->ind_types) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 2432 in check_multiset_for_destruct() 2426 else { \ 2427 ind_types |= 1 << TYPEOF(ind); \ 2428 LOW_RB_TRACK_NEXT (rbstack, node); \ 2429 } \ 2430 } while (node); 2431
CID 1641413: (INTEGER_OVERFLOW) "rbstack.ssp", which might have underflowed, is passed to "midflight_remove_node_fast(l, &rbstack, 1)".
2432 DO_WITH_NODES (msd); 2433 2434 #undef WITH_NODES_BLOCK 2435 2436 #ifdef PIKE_DEBUG 2437 if (ind_types & ~msd->ind_types) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 2432 in check_multiset_for_destruct() 2426 else { \ 2427 ind_types |= 1 << TYPEOF(ind); \ 2428 LOW_RB_TRACK_NEXT (rbstack, node); \ 2429 } \ 2430 } while (node); 2431
CID 1641413: (INTEGER_OVERFLOW) "rbstack.ssp - 1UL", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp - 1UL]".
2432 DO_WITH_NODES (msd); 2433 2434 #undef WITH_NODES_BLOCK 2435 2436 #ifdef PIKE_DEBUG 2437 if (ind_types & ~msd->ind_types)
** CID 1641412: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/rbtree.c: 105 in rbstack_insert() /home/covbuilder/pike/Pike-v9.1-snapshot/src/rbtree.c: 105 in rbstack_insert()
________________________________________________________________________________________________________ *** CID 1641412: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/rbtree.c: 105 in rbstack_insert() 99 { 100 struct rbstack_ptr rbp1 = *top, rbp2 = *top, rbpos = *pos; 101 RBSTACK_PUSH (rbp2, NULL); 102 *top = rbp2; 103 104 while (rbp1.ssp != rbpos.ssp || rbp1.slice != rbpos.slice) {
CID 1641412: (INTEGER_OVERFLOW) "--rbp2.ssp", which might have underflowed, is passed to "rbp2.slice->stack[--rbp2.ssp]".
105 rbp2.slice->stack[--rbp2.ssp] = rbp1.slice->stack[--rbp1.ssp]; 106 if (!rbp2.ssp) rbp2.slice = rbp1.slice, rbp2.ssp = STACK_SLICE_SIZE; 107 if (!rbp1.ssp) { 108 if (rbp1.slice->up) rbstack_low_up (&rbp1); 109 #ifdef PIKE_DEBUG 110 else if (rbp1.ssp != rbpos.ssp || rbp1.slice != rbpos.slice) /home/covbuilder/pike/Pike-v9.1-snapshot/src/rbtree.c: 105 in rbstack_insert() 99 { 100 struct rbstack_ptr rbp1 = *top, rbp2 = *top, rbpos = *pos; 101 RBSTACK_PUSH (rbp2, NULL); 102 *top = rbp2; 103 104 while (rbp1.ssp != rbpos.ssp || rbp1.slice != rbpos.slice) {
CID 1641412: (INTEGER_OVERFLOW) "rbp2.ssp", which might have underflowed, is passed to "rbp2.slice->stack[--rbp2.ssp]".
105 rbp2.slice->stack[--rbp2.ssp] = rbp1.slice->stack[--rbp1.ssp]; 106 if (!rbp2.ssp) rbp2.slice = rbp1.slice, rbp2.ssp = STACK_SLICE_SIZE; 107 if (!rbp1.ssp) { 108 if (rbp1.slice->up) rbstack_low_up (&rbp1); 109 #ifdef PIKE_DEBUG 110 else if (rbp1.ssp != rbpos.ssp || rbp1.slice != rbpos.slice)
** CID 1641411: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/block_allocator.c: 506 in ba_sort_free_list()
________________________________________________________________________________________________________ *** CID 1641411: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/block_allocator.c: 506 in ba_sort_free_list() 500 /* 501 * Handle consecutive free blocks in the end, those 502 * we dont need anyway. 503 */ 504 if (v.length) { 505 i = v.length-1;
CID 1641411: Integer handling issues (INTEGER_OVERFLOW) Expression "j--", where "j" is known to be equal to 0, underflows the type of "j--", which is type "size_t".
506 while (i && bv_get(&v, i)) { i--; j--; } 507 v.length = i+1; 508 } 509 510 if (!j) goto last; 511
** CID 1641410: Insecure data handling (INTEGER_OVERFLOW)
________________________________________________________________________________________________________ *** CID 1641410: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/builtin_functions.c: 7993 in diff_build() 7987 ai=array_search(a,b->item+bi,ai+1)-1; 7988 7989 push_array(friendly_slice_array(b,lbi+1,bi)); 7990 bd=append_array(bd, Pike_sp-1); 7991 pop_stack(); 7992
CID 1641410: Insecure data handling (INTEGER_OVERFLOW) "ai + 1L", which might be negative, is passed to "friendly_slice_array(a, lai + 1L, ai + 1L)".
7993 push_array(friendly_slice_array(a,lai+1,ai+1)); 7994 ad=append_array(ad,Pike_sp-1); 7995 pop_stack(); 7996 7997 eqstart=bi; 7998 }
** CID 1641409: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/colors.c: 1491 in _image_make_rgbl_color()
________________________________________________________________________________________________________ *** CID 1641409: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/colors.c: 1491 in _image_make_rgbl_color() 1485 static void _image_make_rgbl_color(INT32 r,INT32 g,INT32 b) 1486 { 1487 struct color_struct *cs; 1488 1489 if (r<0) r=0; else if (r>COLORLMAX) r=COLORLMAX; /* >=2^31? no way... */ 1490 if (g<0) g=0; else if (g>COLORLMAX) g=COLORLMAX;
CID 1641409: Control flow issues (DEADCODE) Execution cannot reach this statement: "b = 2147483647;".
1491 if (b<0) b=0; else if (b>COLORLMAX) b=COLORLMAX; 1492 1493 push_object(clone_object(image_color_program,0)); 1494 1495 cs=get_storage(sp[-1].u.object,image_color_program); 1496
** CID 1641408: Insecure data handling (INTEGER_OVERFLOW)
________________________________________________________________________________________________________ *** CID 1641408: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/DVB/dvb.c: 1418 in f_stream_read() 1412 } 1413 #endif 1414 } 1415 1416 if(ret > 0) { 1417 bufptr = buf;
CID 1641408: Insecure data handling (INTEGER_OVERFLOW) "ret", which might have overflowed, is passed to "dvb_pes2es(bufptr, ret, &dvb_stream->pkt, 192)".
1418 while((cnt = dvb_pes2es(bufptr,ret,&dvb_stream->pkt, 0xC0)) > 0) { 1419 #ifdef DVB_DEBUG 1420 /* printf("DEB: dvb: PID(%d): cnt=%d (ix: %d): pkt.len=%d (skipped: %d)\n", dvb_stream->pid, cnt, ix, dvb_stream->pkt.payload_len, dvb_stream->pkt.skipped); */ 1421 if(dvb_stream->pkt.skipped) 1422 printf("PID(%d): skipped: %d\n", dvb_stream->pid, dvb_stream->pkt.skipped); 1423 #endif
** CID 1641407: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3627 in gc_mark_multiset_as_referenced() /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3627 in gc_mark_multiset_as_referenced() /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3621 in gc_mark_multiset_as_referenced() /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3621 in gc_mark_multiset_as_referenced()
________________________________________________________________________________________________________ *** CID 1641407: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3627 in gc_mark_multiset_as_referenced() 3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES:
CID 1641407: (INTEGER_OVERFLOW) "rbstack.ssp++", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp++]".
3627 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3628 GC_REC_I_WEAK_IND, GC_REC_IV_WEAK_IND, 3629 gc_mark, ind_types, val_types); 3630 gc_assert_checked_as_weak (msd); 3631 break; 3632 #if MULTISET_WEAK_VALUES /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3627 in gc_mark_multiset_as_referenced() 3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES:
CID 1641407: (INTEGER_OVERFLOW) "rbstack.ssp", which might have underflowed, is passed to "gc_unlink_msnode_shared(msd, &rbstack, m->gc_flags & 0x400)".
3627 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3628 GC_REC_I_WEAK_IND, GC_REC_IV_WEAK_IND, 3629 gc_mark, ind_types, val_types); 3630 gc_assert_checked_as_weak (msd); 3631 break; 3632 #if MULTISET_WEAK_VALUES /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3627 in gc_mark_multiset_as_referenced() 3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES:
CID 1641407: (INTEGER_OVERFLOW) "rbstack.ssp - 1UL", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp - 1UL]".
3627 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3628 GC_REC_I_WEAK_IND, GC_REC_IV_WEAK_IND, 3629 gc_mark, ind_types, val_types); 3630 gc_assert_checked_as_weak (msd); 3631 break; 3632 #if MULTISET_WEAK_VALUES /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3621 in gc_mark_multiset_as_referenced() 3615 gc_assert_checked_as_nonweak (msd); 3616 } 3617 3618 else { 3619 switch (msd->flags & MULTISET_WEAK) { 3620 case 0:
CID 1641407: (INTEGER_OVERFLOW) "rbstack.ssp", which might have underflowed, is passed to "gc_unlink_msnode_shared(msd, &rbstack, m->gc_flags & 0x400)".
3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES: /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3621 in gc_mark_multiset_as_referenced() 3615 gc_assert_checked_as_nonweak (msd); 3616 } 3617 3618 else { 3619 switch (msd->flags & MULTISET_WEAK) { 3620 case 0:
CID 1641407: (INTEGER_OVERFLOW) "rbstack.ssp++", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp++]".
3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES: /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 3621 in gc_mark_multiset_as_referenced() 3615 gc_assert_checked_as_nonweak (msd); 3616 } 3617 3618 else { 3619 switch (msd->flags & MULTISET_WEAK) { 3620 case 0:
CID 1641407: (INTEGER_OVERFLOW) "rbstack.ssp - 1UL", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp - 1UL]".
3621 GC_RECURSE (msd, m->gc_flags & GC_MSD_GOT_NODE_REFS, 3622 GC_REC_I_WEAK_NONE, GC_REC_IV_WEAK_NONE, 3623 gc_mark, ind_types, val_types); 3624 gc_assert_checked_as_nonweak (msd); 3625 break; 3626 case MULTISET_WEAK_INDICES:
** CID 1641406: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 612 in low_do_sendfile()
________________________________________________________________________________________________________ *** CID 1641406: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 612 in low_do_sendfile() 606 len = (ptrdiff_t) this->len; 607 while ((buflen = fd_read(this->from_fd, this->buffer, len)) > 0) { 608 char *buf = this->buffer; 609 this->len -= buflen; 610 this->offset += buflen; 611 while (buflen) {
CID 1641406: Insecure data handling (INTEGER_OVERFLOW) "buflen", which might be negative, is passed to "write(this->to_fd, buf, buflen)".
612 ptrdiff_t wrlen = fd_write(this->to_fd, buf, buflen); 613 if ((wrlen < 0) && (errno == EINTR)) { 614 continue; 615 } else if (wrlen < 0) { 616 goto send_trailers; 617 }
** CID 1641405: Memory - illegal accesses (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 1528 in low_multiset_track_eq()
________________________________________________________________________________________________________ *** CID 1641405: Memory - illegal accesses (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/multiset.c: 1528 in low_multiset_track_eq() 1522 1523 if (TYPEOF(msd->cmp_less) == T_INT) { 1524 struct svalue tmp; 1525 if (!(msd->ind_types & (BIT_OBJECT | BIT_FUNCTION))) { 1526 /* Can assume an internal order which defines a total order for 1527 * all values. */
CID 1641405: Memory - illegal accesses (INTEGER_OVERFLOW) "rbstack.ssp - 1UL", which might have underflowed, is passed to "rbstack.slice->stack[rbstack.ssp - 1UL]".
1528 LOW_RB_TRACK ( 1529 rbstack, node, 1530 { 1531 low_use_multiset_index (RBNODE (node), tmp); 1532 assert (!IS_DESTRUCTED (&tmp)); 1533 /* TODO: Use special variant of set_svalue_cmpfun so we don't
** CID 1641404: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Pipe/pipe.c: 912 in pipe_output()
________________________________________________________________________________________________________ *** CID 1641404: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Pipe/pipe.c: 912 in pipe_output() 906 907 len = b->s->len; 908 data = b->s->str; 909 while (len > 0) { 910 ptrdiff_t bytes; 911 do {
CID 1641404: Insecure data handling (INTEGER_OVERFLOW) "len", which might have overflowed, is passed to "write(((struct pipe *)Pike_interpreter_pointer->frame_pointer->current_storage)->fd, data, len)".
912 bytes = fd_write(THIS->fd, data, len); 913 } while((bytes < 0) && (errno == EINTR)); 914 if (bytes < 0) break; 915 len -= bytes; 916 data += bytes; 917 }
** CID 1641403: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/pike_memory.c: 264 in low_hashmem_ia32_crc32()
________________________________________________________________________________________________________ *** CID 1641403: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/pike_memory.c: 264 in low_hashmem_ia32_crc32() 258 p++; 259 nbytes -= 4; 260 } 261 262 /* any remaining bytes. */ 263 c = (const unsigned char *)p;
CID 1641403: Integer handling issues (INTEGER_OVERFLOW) Expression "nbytes--", where "nbytes" is known to be equal to 0, underflows the type of "nbytes--", which is type "size_t".
264 while (nbytes--) { 265 CRC32SQ( h, c++ ); 266 } 267 268 if (trailer_bytes) { 269 /* include 8 bytes from the end. Note that this might be a
** CID 1641402: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_JPEG/image_jpeg.c: 165 in jpeg_getc()
________________________________________________________________________________________________________ *** CID 1641402: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Image_JPEG/image_jpeg.c: 165 in jpeg_getc() 159 struct jpeg_source_mgr * datasrc = cinfo->src; 160 161 if (datasrc->bytes_in_buffer == 0) 162 if (! (*datasrc->fill_input_buffer) (cinfo)) 163 return 0; /* ignore the problem */ 164
CID 1641402: Integer handling issues (INTEGER_OVERFLOW) Expression "datasrc->bytes_in_buffer--", where "datasrc->bytes_in_buffer" is known to be equal to 0, underflows the type of "datasrc->bytes_in_buffer--", which is type "size_t".
165 datasrc->bytes_in_buffer--; 166 return GETJOCTET(*datasrc->next_input_byte++); 167 } 168 169 /* examine_app14 from jpeg6b/jdmarker.c */ 170 static void examine_app14 (j_decompress_ptr cinfo, JOCTET FAR * data,
** CID 1641401: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/encode.c: 2648 in decode_number()
________________________________________________________________________________________________________ *** CID 1641401: Integer handling issues (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/encode.c: 2648 in decode_number() 2642 static INT64 decode_number(struct decode_data *data, const char *comment) 2643 { 2644 INT32 what, e; 2645 INT64 num; 2646 2647 DECODE("decode_number");
CID 1641401: Integer handling issues (INTEGER_OVERFLOW) Expression "(unsigned long)num << 4", where "(unsigned long)num" is known to be equal to -4, overflows the type of "(unsigned long)num << 4", which is type "unsigned long".
2648 num = (what & TAG_MASK) | ((UINT64)num<<4); 2649 EDB(5, fprintf(stderr, "%*s ==>%"PRINTINT64"d\n", 2650 data->depth, "", num)); 2651 if (comment) { 2652 ETRACE({ 2653 DECODE_WERR_COMMENT(comment, ".number "
** CID 1641400: Insecure data handling (INTEGER_OVERFLOW)
________________________________________________________________________________________________________ *** CID 1641400: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/program.c: 10710 in get_sub_storage() 10704 10705 if (!o->prog) return NULL; 10706 10707 sub_inh = program_find_inherit(o->prog->inherits[inh].prog, p); 10708 if (sub_inh < 0) return NULL; 10709
CID 1641400: Insecure data handling (INTEGER_OVERFLOW) "inh + sub_inh", which might have overflowed, is passed to "get_inherit_storage(o, inh + sub_inh)".
10710 return get_inherit_storage(o, inh + sub_inh); 10711 } 10712 10713 PMOD_EXPORT struct program *low_program_from_function(struct object *o, INT32 i) 10714 { 10715 struct svalue *f;
** CID 1641399: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/stralloc.c: 220 in check_string_range() /home/covbuilder/pike/Pike-v9.1-snapshot/src/stralloc.c: 219 in check_string_range()
________________________________________________________________________________________________________ *** CID 1641399: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/stralloc.c: 220 in check_string_range() 214 if( *p > s_max ) s_max = *p; 215 if( *p < s_min ) s_min = *p; 216 } 217 } 218 str->string_is_utf8 = 0; 219 str->min = s_min / 256;
CID 1641399: (INTEGER_OVERFLOW) Expression "str->max", where "s_max / 256" is known to be equal to -8388608, overflows the type of "str->max", which is type "unsigned char".
220 str->max = s_max / 256; 221 break; 222 223 case thirtytwobit: 224 { 225 p_wchar2 *p = (p_wchar2*)str->str; /home/covbuilder/pike/Pike-v9.1-snapshot/src/stralloc.c: 219 in check_string_range() 213 { 214 if( *p > s_max ) s_max = *p; 215 if( *p < s_min ) s_min = *p; 216 } 217 } 218 str->string_is_utf8 = 0;
CID 1641399: (INTEGER_OVERFLOW) Expression "str->min", where "s_min / 256" is known to be equal to 8388607, overflows the type of "str->min", which is type "unsigned char".
219 str->min = s_min / 256; 220 str->max = s_max / 256; 221 break; 222 223 case thirtytwobit: 224 {
** CID 1641398: Incorrect expression (COPY_PASTE_ERROR) /home/covbuilder/pike/Pike-v9.1-snapshot/src/treeopt.h: 1555 in optimize()
________________________________________________________________________________________________________ *** CID 1641398: Incorrect expression (COPY_PASTE_ERROR) /home/covbuilder/pike/Pike-v9.1-snapshot/src/treeopt.h: 1555 in optimize() 1549 goto use_cdr; 1550 } 1551 } else if (CAR(n)->token == F_INITIALIZE) { 1552 DBG("Match: ""F_COMMA_EXPR{392}(F_INITIALIZE{393}(0 = *{394}, 1 = *{395}), 2 = *{396})""\n"); 1553 DBG("=> ""F_COMMA_EXPR{397}""\n"); 1554 {
CID 1641398: Incorrect expression (COPY_PASTE_ERROR) "F_COMMA_EXPR" looks like a copy-paste error.
1555 ADD_NODE_REF2(CAAR(n), 1556 ADD_NODE_REF2(CDAR(n), 1557 ADD_NODE_REF2(CDR(n), 1558 tmp1 = mknode(F_COMMA_EXPR, mknode(F_ASSIGN, CAAR(n), CDAR(n)), CDR(n)); 1559 ))); 1560 goto use_tmp1;
** CID 1641397: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/HTTPLoop/accept_and_parse.c: 327 in aap_handle_connection()
________________________________________________________________________________________________________ *** CID 1641397: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/HTTPLoop/accept_and_parse.c: 327 in aap_handle_connection() 321 timeout = aap_add_timeout_thr(th_self(), arg->timeout); 322 while( !timeout || !(*timeout) ) 323 #else 324 while(1) 325 #endif /* HAVE_TIMEOUTS */ 326 {
CID 1641397: Insecure data handling (INTEGER_OVERFLOW) "buffer_len - pos", which might have underflowed, is passed to "read(arg->fd, p, buffer_len - pos)".
327 ptrdiff_t data_read = fd_read(arg->fd, p, buffer_len-pos); 328 if(data_read <= 0) 329 { 330 DWERROR("AAP: Read error/eof.\n"); 331 arg->res.data = buffer; 332 free_args( arg );
** CID 1641396: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/colors.c: 1490 in _image_make_rgbl_color()
________________________________________________________________________________________________________ *** CID 1641396: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/Image/colors.c: 1490 in _image_make_rgbl_color() 1484 1485 static void _image_make_rgbl_color(INT32 r,INT32 g,INT32 b) 1486 { 1487 struct color_struct *cs; 1488 1489 if (r<0) r=0; else if (r>COLORLMAX) r=COLORLMAX; /* >=2^31? no way... */
CID 1641396: Control flow issues (DEADCODE) Execution cannot reach this statement: "g = 2147483647;".
1490 if (g<0) g=0; else if (g>COLORLMAX) g=COLORLMAX; 1491 if (b<0) b=0; else if (b>COLORLMAX) b=COLORLMAX; 1492 1493 push_object(clone_object(image_color_program,0)); 1494 1495 cs=get_storage(sp[-1].u.object,image_color_program);
** CID 1641395: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 304 in send_iov() /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 295 in send_iov()
________________________________________________________________________________________________________ *** CID 1641395: (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 304 in send_iov() 298 continue; 299 } else if (bytes < 0) { 300 /* Error or file closed at other end. */ 301 SF_DFPRINTF((stderr, "sendfile: send_iov(): writev() failed with errno:%d.\n" 302 "sendfile: Sent %ld bytes so far.\n", 303 errno, (long)sent));
CID 1641395: (INTEGER_OVERFLOW) "sent", which might have overflowed, is returned from the function.
304 return sent; 305 } else { 306 sent += bytes; 307 308 while (bytes) { 309 if ((size_t)bytes >= (size_t)iov->iov_len) { /home/covbuilder/pike/Pike-v9.1-snapshot/src/modules/_Stdio/sendfile.c: 295 in send_iov() 289 #endif 290 291 #ifdef MAX_IOVEC 292 if (cnt > MAX_IOVEC) cnt = MAX_IOVEC; 293 #endif 294
CID 1641395: (INTEGER_OVERFLOW) "iov->iov_len", which might have underflowed, is passed to "writev(fd, iov, cnt)".
295 bytes = writev(fd, iov, cnt); 296 297 if ((bytes < 0) && (errno == EINTR)) { 298 continue; 299 } else if (bytes < 0) { 300 /* Error or file closed at other end. */
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/pike-master?tab=overview
pike-automation@lists.lysator.liu.se
-
scan-admin@coverity.com