From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oa1-f46.google.com (mail-oa1-f46.google.com [209.85.160.46]) by sourceware.org (Postfix) with ESMTPS id EEB9B3851AA0 for ; Mon, 29 Aug 2022 23:09:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org EEB9B3851AA0 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=rtems.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-oa1-f46.google.com with SMTP id 586e51a60fabf-11c5505dba2so12831680fac.13 for ; Mon, 29 Aug 2022 16:09:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=x5sdD3ox1K4bQidp5x+J3ADiM4VnAEHQHi1/bhxMoFI=; b=5MxaPZBAKCVDeCBg/MaLzMAqxrdlvvDXk7mg+uqNHZfY5PDG+bXAdxJzZwTjGE2iz3 T8SX+ZFNvb67Rmmkdy9cqVegpLFeCZxc4SpqN+QWwgMZ7SQW5SAc3D3w3ZmMJRtxbB6k nY69Ra6ZSMp2+4pwb0BSsgoZOaI00KkuYnldeJwY8cbuu22EajUT2DErvxY6btR78pgU /TZKRR5hdus13hTggn41Pa0uC8CU4DLIzWkEJ6MYeFevoPBSJr6LMuUXp2T6XGJ4NOEv +5qcOosYC1rscWr06BE7B0OD1oFOakq4pyrTKK7JsoHo9g6v3TGmB2U+runzKtCAly6a FiVg== X-Gm-Message-State: ACgBeo30ifoNJyeslziPL92brWgPaM2+gDl6+LX7JnlpmLFaLAlg3r5s MFcw5k+e/rEoDyX6zlzTqdiyHFGY+3c= X-Google-Smtp-Source: AA6agR4CoeAY+FEw0HzO6lrN6aDyFKzDbNd8IMvnrhUs/21yncwAp3AVYCge/jXl3izn8qG4mkxjnA== X-Received: by 2002:a05:6808:1883:b0:344:dfc6:e079 with SMTP id bi3-20020a056808188300b00344dfc6e079mr8321681oib.198.1661814562814; Mon, 29 Aug 2022 16:09:22 -0700 (PDT) Received: from mail-oa1-f51.google.com (mail-oa1-f51.google.com. [209.85.160.51]) by smtp.gmail.com with ESMTPSA id o139-20020a4a2c91000000b00435ae9a836asm5846304ooo.15.2022.08.29.16.09.22 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 29 Aug 2022 16:09:22 -0700 (PDT) Received: by mail-oa1-f51.google.com with SMTP id 586e51a60fabf-11c5505dba2so12831598fac.13 for ; Mon, 29 Aug 2022 16:09:22 -0700 (PDT) X-Received: by 2002:a05:6808:159:b0:343:aed:267d with SMTP id h25-20020a056808015900b003430aed267dmr7835930oie.185.1661814561852; Mon, 29 Aug 2022 16:09:21 -0700 (PDT) MIME-Version: 1.0 References: <630d44245d07b_448622ac7e91099ac81e@prd-scan-dashboard-0.mail> In-Reply-To: <630d44245d07b_448622ac7e91099ac81e@prd-scan-dashboard-0.mail> Reply-To: joel@rtems.org From: Joel Sherrill Date: Mon, 29 Aug 2022 18:09:10 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib To: Newlib X-Spam-Status: No, score=-3030.8 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN, FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE, KAM_DMARC_STATUS, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SENDGRID_REDIR, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: newlib@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Newlib mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2022 23:09:31 -0000 Hi I quit running Coverity on newlib as part of the repositories analysed as part of RTEMS BUT I had to update the version of cov-analysis we used and wanted to make sure the scripting stayed working. These issues were flagged since the last time we ran it. Some look like they need attention. --joel ---------- Forwarded message --------- From: Date: Mon, Aug 29, 2022 at 5:56 PM Subject: New Defects reported by Coverity Scan for RTEMS-Newlib To: Hi, Please find the latest report on new defect(s) introduced to RTEMS-Newlib found with Coverity Scan. 10 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 10 of 10 defect(s) ** CID 398779: (UNINIT) ___________________________________________________________________________= _____________________________ *** CID 398779: (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/swscanf.c: 454 in _swscanf_r() 448 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 449 f._read =3D __seofread; 450 f._ub._base =3D NULL; 451 f._lb._base =3D NULL; 452 f._file =3D -1; /* No file. */ 453 va_start (ap, fmt); >>> CID 398779: (UNINIT) >>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r"= . 454 ret =3D __ssvfwscanf_r (ptr, &f, fmt, ap); 455 va_end (ap); 456 return ret; /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/swscanf.c: 454 in _swscanf_r() 448 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 449 f._read =3D __seofread; 450 f._ub._base =3D NULL; 451 f._lb._base =3D NULL; 452 f._file =3D -1; /* No file. */ 453 va_start (ap, fmt); >>> CID 398779: (UNINIT) >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r". 454 ret =3D __ssvfwscanf_r (ptr, &f, fmt, ap); 455 va_end (ap); 456 return ret; ** CID 398778: High impact quality (Y2K38_SAFETY) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/sleep.c: 18 in sleep() ___________________________________________________________________________= _____________________________ *** CID 398778: High impact quality (Y2K38_SAFETY) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/sleep.c: 18 in sleep() 12 { 13 struct timespec ts; 14 15 ts.tv_sec =3D seconds; 16 ts.tv_nsec =3D 0; 17 if (!nanosleep(&ts,&ts)) return 0; >>> CID 398778: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "ts.tv_sec" is cast to "unsigned int". 18 if (errno =3D=3D EINTR) return ts.tv_sec; 19 return -1; 20 } 21 ** CID 398777: (UNINIT) ___________________________________________________________________________= _____________________________ *** CID 398777: (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/swscanf.c: 432 in swscanf() 426 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 427 f._read =3D __seofread; 428 f._ub._base =3D NULL; 429 f._lb._base =3D NULL; 430 f._file =3D -1; /* No file. */ 431 va_start (ap, fmt); >>> CID 398777: (UNINIT) >>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r"= . 432 ret =3D __ssvfwscanf_r (_REENT, &f, fmt, ap); 433 va_end (ap); 434 return ret; 435 } 436 437 #endif /* !_REENT_ONLY */ /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/swscanf.c: 432 in swscanf() 426 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 427 f._read =3D __seofread; 428 f._ub._base =3D NULL; 429 f._lb._base =3D NULL; 430 f._file =3D -1; /* No file. */ 431 va_start (ap, fmt); >>> CID 398777: (UNINIT) >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r". 432 ret =3D __ssvfwscanf_r (_REENT, &f, fmt, ap); 433 va_end (ap); 434 return ret; 435 } 436 437 #endif /* !_REENT_ONLY */ ** CID 398776: (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= time/time.c: 44 in time() /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= time/time.c: 45 in time() ___________________________________________________________________________= _____________________________ *** CID 398776: (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= time/time.c: 44 in time() 38 struct timeval now; 39 40 if (_gettimeofday_r (_REENT, &now, NULL) < 0) 41 now.tv_sec =3D (time_t) -1; 42 43 if (t) >>> CID 398776: (UNINIT) >>> Using uninitialized value "now.tv_sec". 44 *t =3D now.tv_sec; 45 return now.tv_sec; /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= time/time.c: 45 in time() 39 40 if (_gettimeofday_r (_REENT, &now, NULL) < 0) 41 now.tv_sec =3D (time_t) -1; 42 43 if (t) 44 *t =3D now.tv_sec; >>> CID 398776: (UNINIT) >>> Using uninitialized value "now.tv_sec". 45 return now.tv_sec; ** CID 398775: (UNINIT) ___________________________________________________________________________= _____________________________ *** CID 398775: (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/vswscanf.c: 57 in _vswscanf_r() 51 f._bf._base =3D f._p =3D (unsigned char *) str; 52 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 53 f._read =3D __seofread; 54 f._ub._base =3D NULL; 55 f._lb._base =3D NULL; 56 f._file =3D -1; /* No file. */ >>> CID 398775: (UNINIT) >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r". 57 return __ssvfwscanf_r (ptr, &f, fmt, ap); /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/vswscanf.c: 57 in _vswscanf_r() 51 f._bf._base =3D f._p =3D (unsigned char *) str; 52 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 53 f._read =3D __seofread; 54 f._ub._base =3D NULL; 55 f._lb._base =3D NULL; 56 f._file =3D -1; /* No file. */ >>> CID 398775: (UNINIT) >>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r"= . 57 return __ssvfwscanf_r (ptr, &f, fmt, ap); ** CID 398774: Uninitialized variables (UNINIT) ___________________________________________________________________________= _____________________________ *** CID 398774: Uninitialized variables (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdlib/arc4random.c: 93 in _rs_stir() 87 u_char rnd[KEYSZ + IVSZ]; 88 89 if (getentropy(rnd, sizeof rnd) =3D=3D -1) 90 _getentropy_fail(); 91 92 if (!rs) >>> CID 398774: Uninitialized variables (UNINIT) >>> Using uninitialized element of array "rnd" when calling "_rs_init". 93 _rs_init(rnd, sizeof(rnd)); 94 else 95 _rs_rekey(rnd, sizeof(rnd)); 96 explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */ 97 98 /* invalidate rs_buf */ ** CID 398773: Incorrect expression (DIVIDE_BY_ZERO) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/= math/kf_tan.c: 55 in __kernel_tanf() ___________________________________________________________________________= _____________________________ *** CID 398773: Incorrect expression (DIVIDE_BY_ZERO) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/= math/kf_tan.c: 55 in __kernel_tanf() 49 __int32_t ix,hx; 50 GET_FLOAT_WORD(hx,x); 51 ix =3D hx&0x7fffffff; /* high word of |x| */ 52 if(ix<0x31800000) /* x < 2**-28 */ 53 {if((int)x=3D=3D0) { /* generate inexact */ 54 if((ix|(iy+1))=3D=3D0) return one/fabsf(x); >>> CID 398773: Incorrect expression (DIVIDE_BY_ZERO) >>> In expression "-1f / x", division by expression "x" which may be zero has undefined behavior. 55 else return (iy=3D=3D1)? x: -one/x; 56 } 57 } 58 if(ix>=3D0x3f2ca140) { /* |x|>=3D0.6744 */ 59 if(hx<0) {x =3D -x; y =3D -y;} 60 z =3D pio4-x; ** CID 398772: Memory - corruptions (OVERRUN) ___________________________________________________________________________= _____________________________ *** CID 398772: Memory - corruptions (OVERRUN) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/regcomp.c: 1044 in bothcases() 1038 assert(othercase(ch) !=3D ch); /* p_bracket() would recurse */ 1039 p->next =3D bracket; 1040 p->end =3D bracket+2; 1041 bracket[0] =3D ch; 1042 bracket[1] =3D ']'; 1043 bracket[2] =3D '\0'; >>> CID 398772: Memory - corruptions (OVERRUN) >>> Overrunning buffer pointed to by "p->next" of 3 bytes by passing it to a function which accesses it at byte offset 4. 1044 p_bracket(p); 1045 assert(p->next =3D=3D bracket+2); 1046 p->next =3D oldnext; 1047 p->end =3D oldend; 1048 } 1049 ** CID 398771: High impact quality (Y2K38_SAFETY) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/usleep.c: 18 in usleep() ___________________________________________________________________________= _____________________________ *** CID 398771: High impact quality (Y2K38_SAFETY) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/usleep.c: 18 in usleep() 12 { 13 struct timespec ts; 14 15 ts.tv_sec =3D (long int)useconds / 1000000; 16 ts.tv_nsec =3D ((long int)useconds % 1000000) * 1000; 17 if (!nanosleep(&ts,&ts)) return 0; >>> CID 398771: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "ts.tv_sec" is cast to "int". 18 if (errno =3D=3D EINTR) return ts.tv_sec; 19 return -1; 20 } 21 ** CID 378851: Memory - corruptions (OVERRUN) ___________________________________________________________________________= _____________________________ *** CID 378851: Memory - corruptions (OVERRUN) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/regcomp.c: 1090 in nonnewline() 1084 p->next =3D bracket; 1085 p->end =3D bracket+3; 1086 bracket[0] =3D '^'; 1087 bracket[1] =3D '\n'; 1088 bracket[2] =3D ']'; 1089 bracket[3] =3D '\0'; >>> CID 378851: Memory - corruptions (OVERRUN) >>> Overrunning buffer pointed to by "p->next" of 4 bytes by passing it to a function which accesses it at byte offset 4. 1090 p_bracket(p); 1091 assert(p->next =3D=3D bracket+3); 1092 p->next =3D oldnext; 1093 p->end =3D oldend; 1094 } 1095 ___________________________________________________________________________= _____________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=3DHRESupC-2F2Czv4BOaCWWCy7my= 0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQWqa-2BcrUOdcmLJRN5wHA-2F-2Bj-2BUP= xOS2vpJc2U7lnvDDSM-3DgcXN_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6= zqtxlihMO5pRBlqs6CXC6JoeSQ5BknttytYW4gn54pXoG5E1T2VTg7ZExldrWnOHoGNfjITpyeG= Bnq8zf1R1SvLaQHX0KwLC3QLIILHDIyeRDmH6ivilCfFIJbx4IaHchThYPPrH23evm0vJ6A6-2B= cYCz2qmJNN2577UqVyYc0aItJ859abhW8GanEpsc-3D To manage Coverity Scan email notifications for "joel.sherrill@gmail.com"= , click https://u15810271.ct.sendgrid.net/ls/click?upn=3DHRESupC-2F2Czv4BOaCWWCy7my= 0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQ= fFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2= FuqaA-3D5Xsf_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6zqtxlihMO5pRB= lqs6CXC6JoeSQ5BknttytYW4gsEM86eEaAqPEjIHUArLBXYOUpWfZ4bmwC96PG11GPPh-2FLsC0= rkTKQE2J8XRI45hCnTpCTbj87kq0GI1XLddKyw1JXGGqDcyizThGumwZmd8Tr5waHqdorDd3Wom= 83BYSMOhcHiGVjpnvscbd8ReGFw-3D From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oa1-f46.google.com (mail-oa1-f46.google.com [209.85.160.46]) by sourceware.org (Postfix) with ESMTPS id EEB9B3851AA0 for ; Mon, 29 Aug 2022 23:09:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org EEB9B3851AA0 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=rtems.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-oa1-f46.google.com with SMTP id 586e51a60fabf-11c5505dba2so12831680fac.13 for ; Mon, 29 Aug 2022 16:09:24 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=x5sdD3ox1K4bQidp5x+J3ADiM4VnAEHQHi1/bhxMoFI=; b=5MxaPZBAKCVDeCBg/MaLzMAqxrdlvvDXk7mg+uqNHZfY5PDG+bXAdxJzZwTjGE2iz3 T8SX+ZFNvb67Rmmkdy9cqVegpLFeCZxc4SpqN+QWwgMZ7SQW5SAc3D3w3ZmMJRtxbB6k nY69Ra6ZSMp2+4pwb0BSsgoZOaI00KkuYnldeJwY8cbuu22EajUT2DErvxY6btR78pgU /TZKRR5hdus13hTggn41Pa0uC8CU4DLIzWkEJ6MYeFevoPBSJr6LMuUXp2T6XGJ4NOEv +5qcOosYC1rscWr06BE7B0OD1oFOakq4pyrTKK7JsoHo9g6v3TGmB2U+runzKtCAly6a FiVg== X-Gm-Message-State: ACgBeo30ifoNJyeslziPL92brWgPaM2+gDl6+LX7JnlpmLFaLAlg3r5s MFcw5k+e/rEoDyX6zlzTqdiyHFGY+3c= X-Google-Smtp-Source: AA6agR4CoeAY+FEw0HzO6lrN6aDyFKzDbNd8IMvnrhUs/21yncwAp3AVYCge/jXl3izn8qG4mkxjnA== X-Received: by 2002:a05:6808:1883:b0:344:dfc6:e079 with SMTP id bi3-20020a056808188300b00344dfc6e079mr8321681oib.198.1661814562814; Mon, 29 Aug 2022 16:09:22 -0700 (PDT) Received: from mail-oa1-f51.google.com (mail-oa1-f51.google.com. [209.85.160.51]) by smtp.gmail.com with ESMTPSA id o139-20020a4a2c91000000b00435ae9a836asm5846304ooo.15.2022.08.29.16.09.22 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 29 Aug 2022 16:09:22 -0700 (PDT) Received: by mail-oa1-f51.google.com with SMTP id 586e51a60fabf-11c5505dba2so12831598fac.13 for ; Mon, 29 Aug 2022 16:09:22 -0700 (PDT) X-Received: by 2002:a05:6808:159:b0:343:aed:267d with SMTP id h25-20020a056808015900b003430aed267dmr7835930oie.185.1661814561852; Mon, 29 Aug 2022 16:09:21 -0700 (PDT) MIME-Version: 1.0 References: <630d44245d07b_448622ac7e91099ac81e@prd-scan-dashboard-0.mail> In-Reply-To: <630d44245d07b_448622ac7e91099ac81e@prd-scan-dashboard-0.mail> Reply-To: joel@rtems.org From: Joel Sherrill Date: Mon, 29 Aug 2022 18:09:10 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib To: Newlib Content-Type: multipart/alternative; boundary="000000000000a4515d05e7695a76" X-Spam-Status: No, score=-3030.8 required=5.0 tests=BAYES_00,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SENDGRID_REDIR,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Message-ID: <20220829230910._yxxggGmrVDxEfS6ICpRPS1tXzOkIAf4pNgIjEHXnJ8@z> --000000000000a4515d05e7695a76 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi I quit running Coverity on newlib as part of the repositories analysed as part of RTEMS BUT I had to update the version of cov-analysis we used and wanted to make sure the scripting stayed working. These issues were flagged since the last time we ran it. Some look like they need attention. --joel ---------- Forwarded message --------- From: Date: Mon, Aug 29, 2022 at 5:56 PM Subject: New Defects reported by Coverity Scan for RTEMS-Newlib To: Hi, Please find the latest report on new defect(s) introduced to RTEMS-Newlib found with Coverity Scan. 10 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 10 of 10 defect(s) ** CID 398779: (UNINIT) ___________________________________________________________________________= _____________________________ *** CID 398779: (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/swscanf.c: 454 in _swscanf_r() 448 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 449 f._read =3D __seofread; 450 f._ub._base =3D NULL; 451 f._lb._base =3D NULL; 452 f._file =3D -1; /* No file. */ 453 va_start (ap, fmt); >>> CID 398779: (UNINIT) >>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r". 454 ret =3D __ssvfwscanf_r (ptr, &f, fmt, ap); 455 va_end (ap); 456 return ret; /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/swscanf.c: 454 in _swscanf_r() 448 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 449 f._read =3D __seofread; 450 f._ub._base =3D NULL; 451 f._lb._base =3D NULL; 452 f._file =3D -1; /* No file. */ 453 va_start (ap, fmt); >>> CID 398779: (UNINIT) >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r". 454 ret =3D __ssvfwscanf_r (ptr, &f, fmt, ap); 455 va_end (ap); 456 return ret; ** CID 398778: High impact quality (Y2K38_SAFETY) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/sleep.c: 18 in sleep() ___________________________________________________________________________= _____________________________ *** CID 398778: High impact quality (Y2K38_SAFETY) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/sleep.c: 18 in sleep() 12 { 13 struct timespec ts; 14 15 ts.tv_sec =3D seconds; 16 ts.tv_nsec =3D 0; 17 if (!nanosleep(&ts,&ts)) return 0; >>> CID 398778: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "ts.tv_sec" is cast to "unsigned int". 18 if (errno =3D=3D EINTR) return ts.tv_sec; 19 return -1; 20 } 21 ** CID 398777: (UNINIT) ___________________________________________________________________________= _____________________________ *** CID 398777: (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/swscanf.c: 432 in swscanf() 426 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 427 f._read =3D __seofread; 428 f._ub._base =3D NULL; 429 f._lb._base =3D NULL; 430 f._file =3D -1; /* No file. */ 431 va_start (ap, fmt); >>> CID 398777: (UNINIT) >>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r". 432 ret =3D __ssvfwscanf_r (_REENT, &f, fmt, ap); 433 va_end (ap); 434 return ret; 435 } 436 437 #endif /* !_REENT_ONLY */ /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/swscanf.c: 432 in swscanf() 426 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 427 f._read =3D __seofread; 428 f._ub._base =3D NULL; 429 f._lb._base =3D NULL; 430 f._file =3D -1; /* No file. */ 431 va_start (ap, fmt); >>> CID 398777: (UNINIT) >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r". 432 ret =3D __ssvfwscanf_r (_REENT, &f, fmt, ap); 433 va_end (ap); 434 return ret; 435 } 436 437 #endif /* !_REENT_ONLY */ ** CID 398776: (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= time/time.c: 44 in time() /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= time/time.c: 45 in time() ___________________________________________________________________________= _____________________________ *** CID 398776: (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= time/time.c: 44 in time() 38 struct timeval now; 39 40 if (_gettimeofday_r (_REENT, &now, NULL) < 0) 41 now.tv_sec =3D (time_t) -1; 42 43 if (t) >>> CID 398776: (UNINIT) >>> Using uninitialized value "now.tv_sec". 44 *t =3D now.tv_sec; 45 return now.tv_sec; /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= time/time.c: 45 in time() 39 40 if (_gettimeofday_r (_REENT, &now, NULL) < 0) 41 now.tv_sec =3D (time_t) -1; 42 43 if (t) 44 *t =3D now.tv_sec; >>> CID 398776: (UNINIT) >>> Using uninitialized value "now.tv_sec". 45 return now.tv_sec; ** CID 398775: (UNINIT) ___________________________________________________________________________= _____________________________ *** CID 398775: (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/vswscanf.c: 57 in _vswscanf_r() 51 f._bf._base =3D f._p =3D (unsigned char *) str; 52 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 53 f._read =3D __seofread; 54 f._ub._base =3D NULL; 55 f._lb._base =3D NULL; 56 f._file =3D -1; /* No file. */ >>> CID 398775: (UNINIT) >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r". 57 return __ssvfwscanf_r (ptr, &f, fmt, ap); /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdio/vswscanf.c: 57 in _vswscanf_r() 51 f._bf._base =3D f._p =3D (unsigned char *) str; 52 f._bf._size =3D f._r =3D wcslen (str) * sizeof (wchar_t); 53 f._read =3D __seofread; 54 f._ub._base =3D NULL; 55 f._lb._base =3D NULL; 56 f._file =3D -1; /* No file. */ >>> CID 398775: (UNINIT) >>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r". 57 return __ssvfwscanf_r (ptr, &f, fmt, ap); ** CID 398774: Uninitialized variables (UNINIT) ___________________________________________________________________________= _____________________________ *** CID 398774: Uninitialized variables (UNINIT) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= stdlib/arc4random.c: 93 in _rs_stir() 87 u_char rnd[KEYSZ + IVSZ]; 88 89 if (getentropy(rnd, sizeof rnd) =3D=3D -1) 90 _getentropy_fail(); 91 92 if (!rs) >>> CID 398774: Uninitialized variables (UNINIT) >>> Using uninitialized element of array "rnd" when calling "_rs_init". 93 _rs_init(rnd, sizeof(rnd)); 94 else 95 _rs_rekey(rnd, sizeof(rnd)); 96 explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */ 97 98 /* invalidate rs_buf */ ** CID 398773: Incorrect expression (DIVIDE_BY_ZERO) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/= math/kf_tan.c: 55 in __kernel_tanf() ___________________________________________________________________________= _____________________________ *** CID 398773: Incorrect expression (DIVIDE_BY_ZERO) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/= math/kf_tan.c: 55 in __kernel_tanf() 49 __int32_t ix,hx; 50 GET_FLOAT_WORD(hx,x); 51 ix =3D hx&0x7fffffff; /* high word of |x| */ 52 if(ix<0x31800000) /* x < 2**-28 */ 53 {if((int)x=3D=3D0) { /* generate inexact */ 54 if((ix|(iy+1))=3D=3D0) return one/fabsf(x); >>> CID 398773: Incorrect expression (DIVIDE_BY_ZERO) >>> In expression "-1f / x", division by expression "x" which may be zero has undefined behavior. 55 else return (iy=3D=3D1)? x: -one/x; 56 } 57 } 58 if(ix>=3D0x3f2ca140) { /* |x|>=3D0.6744 */ 59 if(hx<0) {x =3D -x; y =3D -y;} 60 z =3D pio4-x; ** CID 398772: Memory - corruptions (OVERRUN) ___________________________________________________________________________= _____________________________ *** CID 398772: Memory - corruptions (OVERRUN) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/regcomp.c: 1044 in bothcases() 1038 assert(othercase(ch) !=3D ch); /* p_bracket() would recurse */ 1039 p->next =3D bracket; 1040 p->end =3D bracket+2; 1041 bracket[0] =3D ch; 1042 bracket[1] =3D ']'; 1043 bracket[2] =3D '\0'; >>> CID 398772: Memory - corruptions (OVERRUN) >>> Overrunning buffer pointed to by "p->next" of 3 bytes by passing it to a function which accesses it at byte offset 4. 1044 p_bracket(p); 1045 assert(p->next =3D=3D bracket+2); 1046 p->next =3D oldnext; 1047 p->end =3D oldend; 1048 } 1049 ** CID 398771: High impact quality (Y2K38_SAFETY) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/usleep.c: 18 in usleep() ___________________________________________________________________________= _____________________________ *** CID 398771: High impact quality (Y2K38_SAFETY) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/usleep.c: 18 in usleep() 12 { 13 struct timespec ts; 14 15 ts.tv_sec =3D (long int)useconds / 1000000; 16 ts.tv_nsec =3D ((long int)useconds % 1000000) * 1000; 17 if (!nanosleep(&ts,&ts)) return 0; >>> CID 398771: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "ts.tv_sec" is cast to "int". 18 if (errno =3D=3D EINTR) return ts.tv_sec; 19 return -1; 20 } 21 ** CID 378851: Memory - corruptions (OVERRUN) ___________________________________________________________________________= _____________________________ *** CID 378851: Memory - corruptions (OVERRUN) /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/= posix/regcomp.c: 1090 in nonnewline() 1084 p->next =3D bracket; 1085 p->end =3D bracket+3; 1086 bracket[0] =3D '^'; 1087 bracket[1] =3D '\n'; 1088 bracket[2] =3D ']'; 1089 bracket[3] =3D '\0'; >>> CID 378851: Memory - corruptions (OVERRUN) >>> Overrunning buffer pointed to by "p->next" of 4 bytes by passing it to a function which accesses it at byte offset 4. 1090 p_bracket(p); 1091 assert(p->next =3D=3D bracket+3); 1092 p->next =3D oldnext; 1093 p->end =3D oldend; 1094 } 1095 ___________________________________________________________________________= _____________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=3DHRESupC-2F2Czv4BOaCWWCy7my= 0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQWqa-2BcrUOdcmLJRN5wHA-2F-2Bj-2BUP= xOS2vpJc2U7lnvDDSM-3DgcXN_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6= zqtxlihMO5pRBlqs6CXC6JoeSQ5BknttytYW4gn54pXoG5E1T2VTg7ZExldrWnOHoGNfjITpyeG= Bnq8zf1R1SvLaQHX0KwLC3QLIILHDIyeRDmH6ivilCfFIJbx4IaHchThYPPrH23evm0vJ6A6-2B= cYCz2qmJNN2577UqVyYc0aItJ859abhW8GanEpsc-3D To manage Coverity Scan email notifications for "joel.sherrill@gmail.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=3DHRESupC-2F2Czv4BOaCWWCy7my= 0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQ= fFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2= FuqaA-3D5Xsf_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6zqtxlihMO5pRB= lqs6CXC6JoeSQ5BknttytYW4gsEM86eEaAqPEjIHUArLBXYOUpWfZ4bmwC96PG11GPPh-2FLsC0= rkTKQE2J8XRI45hCnTpCTbj87kq0GI1XLddKyw1JXGGqDcyizThGumwZmd8Tr5waHqdorDd3Wom= 83BYSMOhcHiGVjpnvscbd8ReGFw-3D --000000000000a4515d05e7695a76--