* Fwd: Coverity Scan: Analysis completed for RTEMS-Newlib [not found] <654dcb688da84_69bd52d4ed1e699a037313@prd-scan-dashboard-0.mail> @ 2023-11-10 14:50 ` Joel Sherrill 2023-11-10 15:31 ` Corinna Vinschen 0 siblings, 1 reply; 9+ messages in thread From: Joel Sherrill @ 2023-11-10 14:50 UTC (permalink / raw) To: Newlib [-- Attachment #1.1: Type: text/plain, Size: 2332 bytes --] Hmmmm.. an email just before the one I forwarded shows 6 new defects were added in the last commits. They appear to be the same issue I just forwarded but in different scanf variants. CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2. uninit_use_in_call: Using uninitialized value f._flags2 when calling __ssvfiscanf_r. [show details <https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980> ] I have attached the csv of the coverity issues. These are at the bottom. Hopefully the issue is easily enough to resolve. It appears that a set was added to the printf() family earlier this year. We run coverity on newlib up to three times a day if any commits are made to the repository. I'm happy to give access to the Scan report. Thanks. --joel RTEMS ---------- Forwarded message --------- From: <scan-admin@coverity.com> Date: Fri, Nov 10, 2023 at 12:19 AM Subject: Coverity Scan: Analysis completed for RTEMS-Newlib To: <joel.sherrill@gmail.com> Your request for analysis of RTEMS-Newlib has been completed successfully. The results are available at https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQDhzrWO-2FHbZ2MPm4jyi4u1w-3D-3DidbI_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrVKfqAO6-2B60K7aFs88IEPbYE-2FUvjNg-2BsC2hXu5wPrYyFwwSApAuE3Xu96hypAbyeyW0RVWi5VMw9V3VkqnidUUYybAYYnowwXpYwl28-2Fi-2FVadx4IQsIfLpf9o9FBjIRnf0s5Bi7qlbgdNPXqIDbqL89uKCmzXxp0Lstnek7l7-2B-2Bw-3D-3D Build ID: 569275 Analysis Summary: New defects found: 6 Defects eliminated: 2 If you have difficulty understanding any defects, email us at scan-admin@coverity.com, or post your question to StackOverflow at https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXdWuYPtetdiJ46h-2Fd1eC1gFA-3D-3D21VZ_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrVKfqAO6-2B60K7aFs88IEPbYE-2FUvjNg-2BsC2hXu5wPrYyHoBjY7m25uihlk4Xv7-2BApCTa8VfBvKYhlJiwcEGPxdjCDcyyU26-2FjbzYw85TGVlE-2Bpq1ftPr0YM2RPllG1WTGbsYWwE-2FMC3xZ7cnWW-2B15WlhYOuS36KMJJqMKoXgFrw-2Fg-3D-3D [-- Attachment #2: Outstanding+Issues.csv --] [-- Type: text/csv, Size: 14486 bytes --] CID,Type,Impact,Status,First Detected,Category,File,Classification,Owner,Severity,Action,Component,Function 35160,Improper use of negative value,Medium,New,07/25/14,Integer handling issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,categorize 132459,Copy into fixed size buffer,Low,New,08/13/15,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regerror.c,Unclassified,Unassigned,Unspecified,Undecided,Other,regerror 175325,Free of address-of expression,High,New,02/04/17,Memory - corruptions,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regfree.c,Unclassified,Unassigned,Unspecified,Undecided,Other,regfree 175326,Bad bit shift operation,Medium,New,02/04/17,Integer handling issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdlib/mprec.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__d2b 175327,Bad bit shift operation,Medium,New,02/04/17,Integer handling issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/e_sqrt.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__ieee754_sqrt 175328,Unchecked return value,Medium,New,02/04/17,Error handling issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/stdio.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__swrite 175329,Logically dead code,Medium,New,02/04/17,Control flow issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/ef_j1.c,Unclassified,Unassigned,Unspecified,Undecided,Other,qonef 175334,Explicit null dereferenced,Medium,New,02/04/17,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash_bigkey.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__big_delete 175335,Explicit null dereferenced,Medium,New,02/04/17,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,regcomp 175336,Explicit null dereferenced,Medium,New,02/04/17,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/engine.c,Unclassified,Unassigned,Unspecified,Undecided,Other,smatcher 175337,Explicit null dereferenced,Medium,New,02/04/17,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/engine.c,Unclassified,Unassigned,Unspecified,Undecided,Other,lmatcher 175340,Missing break in switch,Medium,New,02/04/17,Control flow issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,altoffset 175341,Missing break in switch,Medium,New,02/04/17,Control flow issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdlib/strtod.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_strtod_l 175347,Unsigned compared against 0,Medium,New,02/04/17,Control flow issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/common/s_fpclassify.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__fpclassifyd 175350,Out-of-bounds read,High,New,02/04/17,Memory - illegal accesses,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash_page.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__get_page 175351,Out-of-bounds read,High,New,02/04/17,Memory - illegal accesses,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash_page.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__put_page 175352,Out-of-bounds write,High,New,02/04/17,Memory - corruptions,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,computematchjumps 175354,Resource leak,High,New,02/04/17,Resource leaks,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/collate.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__collate_substitute 175355,Resource leak,High,New,02/04/17,Resource leaks,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/argz/argz_add_sep.c,Unclassified,Unassigned,Unspecified,Undecided,Other,argz_add_sep 175357,Resource leak,High,New,02/04/17,Resource leaks,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,computematchjumps 175358,Resource leak,High,New,02/04/17,Resource leaks,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash.c,Unclassified,Unassigned,Unspecified,Undecided,Other,alloc_segs 175360,Dereference before null check,Medium,New,02/04/17,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/collate.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__collate_substitute 175363,Insecure temporary file,Low,New,02/04/17,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash_page.c,Unclassified,Unassigned,Unspecified,Undecided,Other,open_temp 175364,Wrong sizeof argument,Medium,New,02/04/17,Incorrect expression,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/misc/__dprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__dprintf 175365,Sizeof not portable,Low,New,02/04/17,Code maintainability issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__expand_table 175366,Sizeof not portable,Low,New,02/04/17,Code maintainability issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash.c,Unclassified,Unassigned,Unspecified,Undecided,Other,alloc_segs 175367,Copy into fixed size buffer,Low,New,02/04/17,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/collate.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__collate_load_tables 175368,Copy into fixed size buffer,Low,New,02/04/17,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/execvp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,execvp 175370,Untrusted loop bound,Medium,New,02/04/17,Insecure data handling,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash_page.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__get_page 175371,Untrusted allocation size,Medium,New,02/04/17,Insecure data handling,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__hash_open 175373,Time of check time of use,Low,New,02/04/17,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/unix/getcwd.c,Unclassified,Unassigned,Unspecified,Undecided,Other,getcwd 175374,Uninitialized scalar variable,High,New,02/04/17,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/locale/lmessages.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__messages_load_locale 175376,Uninitialized scalar variable,High,New,02/04/17,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/locale/lctype.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__ctype_load_locale 175378,Uninitialized scalar variable,High,New,02/04/17,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/locale/lmonetary.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__monetary_load_locale 175380,Uninitialized scalar variable,High,New,02/04/17,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/locale/lnumeric.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__numeric_load_locale 175381,Unused value,Low,New,02/04/17,Code maintainability issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/common/sf_expm1.c,Unclassified,Unassigned,Unspecified,Undecided,Other,expm1f 175382,Unused value,Low,New,02/04/17,Code maintainability issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/common/s_expm1.c,Unclassified,Unassigned,Unspecified,Undecided,Other,expm1 175384,Use after free,High,New,02/04/17,Memory - illegal accesses,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/tdelete.c,Unclassified,Unassigned,Unspecified,Undecided,Other,tdelete 299363,Time of check time of use,Low,New,09/17/20,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/nftw.c,Unclassified,Unassigned,Unspecified,Undecided,Other,do_nftw 349089,Dereference null return value,Medium,New,06/14/21,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/doc/makedoc.c,Unclassified,Unassigned,Unspecified,Undecided,Other,add_to_definition 349092,Calling risky function,Low,New,06/14/21,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/ssp/gets_chk.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__gets_chk 349093,Copy into fixed size buffer,Low,New,06/14/21,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/ndbm.c,Unclassified,Unassigned,Unspecified,Undecided,Other,dbm_open 349094,Untrusted loop bound,Medium,New,06/14/21,Insecure data handling,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/string/strstr.c,Unclassified,Unassigned,Unspecified,Undecided,Other,strstr2 349095,Untrusted loop bound,Medium,New,06/14/21,Insecure data handling,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/string/strstr.c,Unclassified,Unassigned,Unspecified,Undecided,Other,strstr3 349096,String not null terminated,High,New,06/14/21,Memory - illegal accesses,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/collate.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__collate_load_tables 349098,Operands don't affect result,Medium,New,06/14/21,Integer handling issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__hash_open 378851,Out-of-bounds access,High,New,02/15/22,Memory - corruptions,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,nonnewline 387492,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,asniprintf 387493,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_asniprintf_r 387494,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasiprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_vasiprintf_r 387495,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,asiprintf 387496,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasniprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_vasniprintf_r 387497,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_asiprintf_r 398772,Out-of-bounds access,High,New,08/29/22,Memory - corruptions,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,bothcases 398773,Division or modulo by float zero,Medium,New,08/29/22,Incorrect expression,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/kf_tan.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__kernel_tanf 398779,Uninitialized pointer read,High,New,08/29/22,Memory - illegal accesses,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_swscanf_r 423227,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vsscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_vsscanf_r 423228,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/sscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,sscanf 423229,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/siscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_siscanf_r 423230,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/siscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,siscanf 423231,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vsiscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_vsiscanf_r 423232,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/sscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_sscanf_r ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Coverity Scan: Analysis completed for RTEMS-Newlib 2023-11-10 14:50 ` Fwd: Coverity Scan: Analysis completed for RTEMS-Newlib Joel Sherrill @ 2023-11-10 15:31 ` Corinna Vinschen 2023-11-10 15:55 ` Takashi Yano 2023-11-10 17:44 ` Joel Sherrill 0 siblings, 2 replies; 9+ messages in thread From: Corinna Vinschen @ 2023-11-10 15:31 UTC (permalink / raw) To: newlib On Nov 10 08:50, Joel Sherrill wrote: > Hmmmm.. an email just before the one I forwarded shows 6 new defects were > added in the last commits. They appear to be the same issue I just > forwarded but in different scanf variants. > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2. > uninit_use_in_call: Using uninitialized value f._flags2 when calling > __ssvfiscanf_r. [show details > <https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980> > ] Looks like a false positive. The ORIENT macro will set or reset the value of the _flags2 __SWID bit if the _flags __SORD bit isn't set. It never is set at the start, so the _flags2 __SWID bit is always set. And only then, the ORIENT macro will check the value. Corinna ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Coverity Scan: Analysis completed for RTEMS-Newlib 2023-11-10 15:31 ` Corinna Vinschen @ 2023-11-10 15:55 ` Takashi Yano 2023-11-10 15:59 ` Takashi Yano 2023-11-10 17:44 ` Joel Sherrill 1 sibling, 1 reply; 9+ messages in thread From: Takashi Yano @ 2023-11-10 15:55 UTC (permalink / raw) To: newlib On Fri, 10 Nov 2023 16:31:44 +0100 Corinna Vinschen wrote: > On Nov 10 08:50, Joel Sherrill wrote: > > Hmmmm.. an email just before the one I forwarded shows 6 new defects were > > added in the last commits. They appear to be the same issue I just > > forwarded but in different scanf variants. > > > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2. > > uninit_use_in_call: Using uninitialized value f._flags2 when calling > > __ssvfiscanf_r. [show details > > <https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980> > > ] > > Looks like a false positive. > > The ORIENT macro will set or reset the value of the _flags2 __SWID bit > if the _flags __SORD bit isn't set. It never is set at the start, so > the _flags2 __SWID bit is always set. And only then, the ORIENT macro > will check the value. Perhaps, this happens because other bits of _flags2 than __SWID is not initialized. Which is better solution do you think? (1) Modify ORIENT macro so that it returns (ori > 0) ? 1 : -1. (2) Initialize f._flags2 = 0 in sscanf() family. -- Takashi Yano <takashi.yano@nifty.ne.jp> ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Coverity Scan: Analysis completed for RTEMS-Newlib 2023-11-10 15:55 ` Takashi Yano @ 2023-11-10 15:59 ` Takashi Yano 2023-11-15 13:50 ` Corinna Vinschen 0 siblings, 1 reply; 9+ messages in thread From: Takashi Yano @ 2023-11-10 15:59 UTC (permalink / raw) To: newlib On Sat, 11 Nov 2023 00:55:15 +0900 Takashi Yano wrote: > On Fri, 10 Nov 2023 16:31:44 +0100 > Corinna Vinschen wrote: > > On Nov 10 08:50, Joel Sherrill wrote: > > > Hmmmm.. an email just before the one I forwarded shows 6 new defects were > > > added in the last commits. They appear to be the same issue I just > > > forwarded but in different scanf variants. > > > > > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2. > > > uninit_use_in_call: Using uninitialized value f._flags2 when calling > > > __ssvfiscanf_r. [show details > > > <https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980> > > > ] > > > > Looks like a false positive. > > > > The ORIENT macro will set or reset the value of the _flags2 __SWID bit > > if the _flags __SORD bit isn't set. It never is set at the start, so > > the _flags2 __SWID bit is always set. And only then, the ORIENT macro > > will check the value. > > Perhaps, this happens because other bits of _flags2 than __SWID is not > initialized. > > Which is better solution do you think? > (1) Modify ORIENT macro so that it returns (ori > 0) ? 1 : -1. > (2) Initialize f._flags2 = 0 in sscanf() family. Ah, this problem will also occur for sprintf() family. So it seems that (1) is easier becase f._file = -1 is set at 41 places. -- Takashi Yano <takashi.yano@nifty.ne.jp> ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Coverity Scan: Analysis completed for RTEMS-Newlib 2023-11-10 15:59 ` Takashi Yano @ 2023-11-15 13:50 ` Corinna Vinschen 0 siblings, 0 replies; 9+ messages in thread From: Corinna Vinschen @ 2023-11-15 13:50 UTC (permalink / raw) To: Takashi Yano; +Cc: newlib On Nov 11 00:59, Takashi Yano wrote: > On Sat, 11 Nov 2023 00:55:15 +0900 > Takashi Yano wrote: > > On Fri, 10 Nov 2023 16:31:44 +0100 > > Corinna Vinschen wrote: > > > On Nov 10 08:50, Joel Sherrill wrote: > > > > Hmmmm.. an email just before the one I forwarded shows 6 new defects were > > > > added in the last commits. They appear to be the same issue I just > > > > forwarded but in different scanf variants. > > > > > > > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2. > > > > uninit_use_in_call: Using uninitialized value f._flags2 when calling > > > > __ssvfiscanf_r. [show details > > > > <https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980> > > > > ] > > > > > > Looks like a false positive. > > > > > > The ORIENT macro will set or reset the value of the _flags2 __SWID bit > > > if the _flags __SORD bit isn't set. It never is set at the start, so > > > the _flags2 __SWID bit is always set. And only then, the ORIENT macro > > > will check the value. > > > > Perhaps, this happens because other bits of _flags2 than __SWID is not > > initialized. > > > > Which is better solution do you think? > > (1) Modify ORIENT macro so that it returns (ori > 0) ? 1 : -1. > > (2) Initialize f._flags2 = 0 in sscanf() family. > > Ah, this problem will also occur for sprintf() family. So it seems that > (1) is easier becase f._file = -1 is set at 41 places. I wonder, though, if setting f._flags2 = 0 isn't all around the better solution. That would mean that ORIENT itself doesn't have to become more complicated, having to check (ori > 0) even in places, where this isn't a problem. Corinna ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Coverity Scan: Analysis completed for RTEMS-Newlib 2023-11-10 15:31 ` Corinna Vinschen 2023-11-10 15:55 ` Takashi Yano @ 2023-11-10 17:44 ` Joel Sherrill 2023-11-13 13:19 ` Corinna Vinschen 1 sibling, 1 reply; 9+ messages in thread From: Joel Sherrill @ 2023-11-10 17:44 UTC (permalink / raw) To: newlib [-- Attachment #1: Type: text/plain, Size: 1915 bytes --] On Fri, Nov 10, 2023 at 9:32 AM Corinna Vinschen <vinschen@redhat.com> wrote: > On Nov 10 08:50, Joel Sherrill wrote: > > Hmmmm.. an email just before the one I forwarded shows 6 new defects were > > added in the last commits. They appear to be the same issue I just > > forwarded but in different scanf variants. > > > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2. > > uninit_use_in_call: Using uninitialized value f._flags2 when calling > > __ssvfiscanf_r. [show details > > < > https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980 > > > > ] > > Looks like a false positive. > > The ORIENT macro will set or reset the value of the _flags2 __SWID bit > if the _flags __SORD bit isn't set. It never is set at the start, so > the _flags2 __SWID bit is always set. And only then, the ORIENT macro > will check the value. > Thanks. I will mark them as false positive. What about the issue in the printf variants? Looks like similar code. Are they also false positives? This is from asiprintf.c 37 f._flags = __SWR | __SSTR | __SMBF; 1. assign_zero: Assigning: f._p = NULL. 38 f._bf._base = f._p = NULL; 39 f._bf._size = f._w = 0; 40 f._file = -1; /* No file. */ 41 va_start (ap, fmt); CID 387497 (#2 of 2): Explicit null dereferenced (FORWARD_NULL)2. var_deref_model: Passing &f to _svfiprintf_r, which dereferences null f._p. [show details <https://scan3.scan.coverity.com/eventId=13202490-1&modelId=13202490-0&fileInstanceId=104130544&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfprintf.c&fileStart=650&fileEnd=1786> ] 42 ret = _svfiprintf_r (ptr, &f, fmt, ap); > > > Corinna > > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Coverity Scan: Analysis completed for RTEMS-Newlib 2023-11-10 17:44 ` Joel Sherrill @ 2023-11-13 13:19 ` Corinna Vinschen 2023-11-13 14:23 ` Joel Sherrill 0 siblings, 1 reply; 9+ messages in thread From: Corinna Vinschen @ 2023-11-13 13:19 UTC (permalink / raw) To: newlib On Nov 10 11:44, Joel Sherrill wrote: > On Fri, Nov 10, 2023 at 9:32 AM Corinna Vinschen <vinschen@redhat.com> > wrote: > > > On Nov 10 08:50, Joel Sherrill wrote: > > > Hmmmm.. an email just before the one I forwarded shows 6 new defects were > > > added in the last commits. They appear to be the same issue I just > > > forwarded but in different scanf variants. > > > > > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2. > > > uninit_use_in_call: Using uninitialized value f._flags2 when calling > > > __ssvfiscanf_r. [show details > > > < > > https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980 > > > > > > ] > > > > Looks like a false positive. > > > > The ORIENT macro will set or reset the value of the _flags2 __SWID bit > > if the _flags __SORD bit isn't set. It never is set at the start, so > > the _flags2 __SWID bit is always set. And only then, the ORIENT macro > > will check the value. > > > > Thanks. I will mark them as false positive. > > What about the issue in the printf variants? Looks like similar code. Are > they > also false positives? This is from asiprintf.c > > 37 f._flags = __SWR | __SSTR | __SMBF; > > 1. assign_zero: Assigning: f._p = NULL. > 38 f._bf._base = f._p = NULL; > 39 f._bf._size = f._w = 0; > 40 f._file = -1; /* No file. */ > 41 va_start (ap, fmt); > > CID 387497 (#2 of 2): Explicit null dereferenced (FORWARD_NULL)2. > var_deref_model: Passing &f to _svfiprintf_r, which dereferences null f._p. > [show details > <https://scan3.scan.coverity.com/eventId=13202490-1&modelId=13202490-0&fileInstanceId=104130544&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfprintf.c&fileStart=650&fileEnd=1786> > ] > 42 ret = _svfiprintf_r (ptr, &f, fmt, ap); Did you try to debug it? Corinna ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Coverity Scan: Analysis completed for RTEMS-Newlib 2023-11-13 13:19 ` Corinna Vinschen @ 2023-11-13 14:23 ` Joel Sherrill 2023-11-13 16:21 ` Corinna Vinschen 0 siblings, 1 reply; 9+ messages in thread From: Joel Sherrill @ 2023-11-13 14:23 UTC (permalink / raw) To: Newlib [-- Attachment #1: Type: text/plain, Size: 2334 bytes --] On Mon, Nov 13, 2023, 7:19 AM Corinna Vinschen <vinschen@redhat.com> wrote: > On Nov 10 11:44, Joel Sherrill wrote: > > On Fri, Nov 10, 2023 at 9:32 AM Corinna Vinschen <vinschen@redhat.com> > > wrote: > > > > > On Nov 10 08:50, Joel Sherrill wrote: > > > > Hmmmm.. an email just before the one I forwarded shows 6 new defects > were > > > > added in the last commits. They appear to be the same issue I just > > > > forwarded but in different scanf variants. > > > > > > > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2. > > > > uninit_use_in_call: Using uninitialized value f._flags2 when calling > > > > __ssvfiscanf_r. [show details > > > > < > > > > https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980 > > > > > > > > ] > > > > > > Looks like a false positive. > > > > > > The ORIENT macro will set or reset the value of the _flags2 __SWID bit > > > if the _flags __SORD bit isn't set. It never is set at the start, so > > > the _flags2 __SWID bit is always set. And only then, the ORIENT macro > > > will check the value. > > > > > > > Thanks. I will mark them as false positive. > > > > What about the issue in the printf variants? Looks like similar code. Are > > they > > also false positives? This is from asiprintf.c > > > > 37 f._flags = __SWR | __SSTR | __SMBF; > > > > 1. assign_zero: Assigning: f._p = NULL. > > 38 f._bf._base = f._p = NULL; > > 39 f._bf._size = f._w = 0; > > 40 f._file = -1; /* No file. */ > > 41 va_start (ap, fmt); > > > > CID 387497 (#2 of 2): Explicit null dereferenced (FORWARD_NULL)2. > > var_deref_model: Passing &f to _svfiprintf_r, which dereferences null > f._p. > > [show details > > < > https://scan3.scan.coverity.com/eventId=13202490-1&modelId=13202490-0&fileInstanceId=104130544&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfprintf.c&fileStart=650&fileEnd=1786 > > > > ] > > 42 ret = _svfiprintf_r (ptr, &f, fmt, ap); > > Did you try to debug it? > No. It just looked similar and was introduced earlier this year. --joel > > > Corinna > > ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Coverity Scan: Analysis completed for RTEMS-Newlib 2023-11-13 14:23 ` Joel Sherrill @ 2023-11-13 16:21 ` Corinna Vinschen 0 siblings, 0 replies; 9+ messages in thread From: Corinna Vinschen @ 2023-11-13 16:21 UTC (permalink / raw) To: Joel Sherrill; +Cc: Newlib On Nov 13 08:23, Joel Sherrill wrote: > On Mon, Nov 13, 2023, 7:19 AM Corinna Vinschen <vinschen@redhat.com> wrote: > > > On Nov 10 11:44, Joel Sherrill wrote: > > > On Fri, Nov 10, 2023 at 9:32 AM Corinna Vinschen <vinschen@redhat.com> > > > wrote: > > > > > > > On Nov 10 08:50, Joel Sherrill wrote: > > > > > Hmmmm.. an email just before the one I forwarded shows 6 new defects > > were > > > > > added in the last commits. They appear to be the same issue I just > > > > > forwarded but in different scanf variants. > > > > > > > > > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2. > > > > > uninit_use_in_call: Using uninitialized value f._flags2 when calling > > > > > __ssvfiscanf_r. [show details > > > > > < > > > > > > https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980 > > > > > > > > > > ] > > > > > > > > Looks like a false positive. > > > > > > > > The ORIENT macro will set or reset the value of the _flags2 __SWID bit > > > > if the _flags __SORD bit isn't set. It never is set at the start, so > > > > the _flags2 __SWID bit is always set. And only then, the ORIENT macro > > > > will check the value. > > > > > > > > > > Thanks. I will mark them as false positive. > > > > > > What about the issue in the printf variants? Looks like similar code. Are > > > they > > > also false positives? This is from asiprintf.c > > > > > > 37 f._flags = __SWR | __SSTR | __SMBF; > > > > > > 1. assign_zero: Assigning: f._p = NULL. > > > 38 f._bf._base = f._p = NULL; > > > 39 f._bf._size = f._w = 0; > > > 40 f._file = -1; /* No file. */ > > > 41 va_start (ap, fmt); > > > > > > CID 387497 (#2 of 2): Explicit null dereferenced (FORWARD_NULL)2. > > > var_deref_model: Passing &f to _svfiprintf_r, which dereferences null > > f._p. > > > [show details > > > < > > https://scan3.scan.coverity.com/eventId=13202490-1&modelId=13202490-0&fileInstanceId=104130544&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfprintf.c&fileStart=650&fileEnd=1786 > > > > > > ] > > > 42 ret = _svfiprintf_r (ptr, &f, fmt, ap); > > > > Did you try to debug it? > > > > No. It just looked similar and was introduced earlier this year. Then please, do. Thanks, Corinna ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2023-11-15 13:50 UTC | newest] Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <654dcb688da84_69bd52d4ed1e699a037313@prd-scan-dashboard-0.mail> 2023-11-10 14:50 ` Fwd: Coverity Scan: Analysis completed for RTEMS-Newlib Joel Sherrill 2023-11-10 15:31 ` Corinna Vinschen 2023-11-10 15:55 ` Takashi Yano 2023-11-10 15:59 ` Takashi Yano 2023-11-15 13:50 ` Corinna Vinschen 2023-11-10 17:44 ` Joel Sherrill 2023-11-13 13:19 ` Corinna Vinschen 2023-11-13 14:23 ` Joel Sherrill 2023-11-13 16:21 ` Corinna Vinschen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).