Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib

public inbox for newlib@sourceware.org
 help / color / mirror / Atom feed

From: Joel Sherrill <joel.sherrill@gmail.com>
To: Newlib <newlib@sourceware.org>
Subject: Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib
Date: Mon, 10 Feb 2025 16:56:09 -0600	[thread overview]
Message-ID: <CAF9ehCV445OJwX7XriomUZLW43Jz=pubyEHQvBnxTsu+X=U_-A@mail.gmail.com> (raw)
In-Reply-To: <67aa7d4565885_1e98fe2ac1a16659a8550b1@prd-scan-dashboard-0.mail>

[-- Attachment #1: Type: text/plain, Size: 7218 bytes --]

Coverity Scan has spotted a handful of issues with the recent string
changes.

--joel

---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Mon, Feb 10, 2025 at 4:27 PM
Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
To: <joel.sherrill@gmail.com>


Hi,

Please find the latest report on new defect(s) introduced to RTEMS-Newlib
found with Coverity Scan.

6 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 474676:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/mempcpy.c:
68 in mempcpy()


________________________________________________________________________________________________________
*** CID 474676:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/mempcpy.c:
68 in mempcpy()
62           while (!TOO_SMALL_BIG_BLOCK(len0))
63             {
64               *aligned_dst++ = *aligned_src++;
65               *aligned_dst++ = *aligned_src++;
66               *aligned_dst++ = *aligned_src++;
67               *aligned_dst++ = *aligned_src++;
>>>     CID 474676:  Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "len0", underflows the type of "len0", which is type
"size_t".
68               len0 -= BIG_BLOCK_SIZE;
69             }
70
71           /* Copy one long word at a time if possible.  */
72           while (!TOO_SMALL_LITTLE_BLOCK(len0))
73             {

** CID 474675:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/stpncpy.c:
64 in stpncpy()


________________________________________________________________________________________________________
*** CID 474675:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/stpncpy.c:
64 in stpncpy()
58           aligned_src = (long*)src;
59
60           /* SRC and DEST are both LITTLE_BLOCK_SIZE aligned,
61       try to do LITTLE_BLOCK_SIZE sized copies.  */
62           while (!TOO_SMALL_LITTLE_BLOCK (count) &&
!DETECT_NULL(*aligned_src))
63      {
>>>     CID 474675:  Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "count", underflows the type of "count", which is type
"size_t".
64        count -= LITTLE_BLOCK_SIZE;
65        *aligned_dst++ = *aligned_src++;
66      }
67
68           dst = (char*)aligned_dst;
69           src = (char*)aligned_src;

** CID 474674:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memccpy.c:
96 in memccpy()


________________________________________________________________________________________________________
*** CID 474674:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memccpy.c:
96 in memccpy()
90             {
91               unsigned long buffer = (unsigned long)(*aligned_src);
92               buffer ^=  mask;
93               if (DETECT_NULL(buffer))
94                 break; /* endchar is found, go byte by byte from here */
95               *aligned_dst++ = *aligned_src++;
>>>     CID 474674:  Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "len0", underflows the type of "len0", which is type
"size_t".
96               len0 -= LITTLE_BLOCK_SIZE;
97             }
98
99            /* Pick up any residual with a byte copier.  */
100           dst = (unsigned char*)aligned_dst;
101           src = (unsigned char*)aligned_src;

** CID 474673:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memmove.c:
88 in memmove()


________________________________________________________________________________________________________
*** CID 474673:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memmove.c:
88 in memmove()
82               aligned_src = (long*)src;
83
84               /* Copy one long word at a time if possible.  */
85               while (!TOO_SMALL_LITTLE_BLOCK(length))
86                 {
87                   *--aligned_dst = *--aligned_src;
>>>     CID 474673:  Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "length", underflows the type of "length", which is type
"size_t".
88                   length -= LITTLE_BLOCK_SIZE;
89                 }
90
91               /* Pick up any residual with a byte copier.  */
92               dst = (char*)aligned_dst;
93               src = (char*)aligned_src;

** CID 474672:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memcpy.c:
72 in memcpy()


________________________________________________________________________________________________________
*** CID 474672:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memcpy.c:
72 in memcpy()
66           while (!TOO_SMALL_BIG_BLOCK(len0))
67             {
68               *aligned_dst++ = *aligned_src++;
69               *aligned_dst++ = *aligned_src++;
70               *aligned_dst++ = *aligned_src++;
71               *aligned_dst++ = *aligned_src++;
>>>     CID 474672:  Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "len0", underflows the type of "len0", which is type
"size_t".
72               len0 -= BIG_BLOCK_SIZE;
73             }
74
75           /* Copy one long word at a time if possible.  */
76           while (!TOO_SMALL_LITTLE_BLOCK(len0))
77             {

** CID 470638:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/strncpy.c:
78 in strncpy()


________________________________________________________________________________________________________
*** CID 470638:  Integer handling issues  (INTEGER_OVERFLOW)
/home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/strncpy.c:
78 in strncpy()
72           aligned_src = (long*)src;
73
74           /* SRC and DEST are both "long int" aligned, try to do "long
int"
75       sized copies.  */
76           while (!TOO_SMALL_LITTLE_BLOCK(count) &&
!DETECT_NULL(*aligned_src))
77      {
>>>     CID 470638:  Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "count", underflows the type of "count", which is type
"size_t".
78        count -= sizeof (long int);
79        *aligned_dst++ = *aligned_src++;
80      }
81
82           dst = (char*)aligned_dst;
83           src = (char*)aligned_src;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/rtems-newlib?tab=overview

  To manage Coverity Scan email notifications for "joel.sherrill@gmail.com",
click
https://scan.coverity.com/subscriptions/edit?email=joel.sherrill%40gmail.com&token=1d6de09a8cf588074bed902a634fe5bc

next      parent reply	other threads:[~2025-02-10 22:56 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <67aa7d4565885_1e98fe2ac1a16659a8550b1@prd-scan-dashboard-0.mail>
2025-02-10 22:56 ` Joel Sherrill [this message]
2025-02-11 10:40   ` Corinna Vinschen
2025-02-11 10:50     ` Alexey Lapshin
2025-02-11 12:02       ` Corinna Vinschen
2025-02-11 15:07         ` Joel Sherrill
2025-02-11 21:24           ` Brian Inglis
     [not found] <654dcb725557c_69be32c62521719a8359f9@prd-scan-dashboard-0.mail>
2023-11-10 14:40 ` Fwd: " Joel Sherrill
     [not found] <630d44245d07b_448622ac7e91099ac81e@prd-scan-dashboard-0.mail>
2022-08-29 23:09 ` Joel Sherrill
2022-08-29 23:09   ` Joel Sherrill
     [not found] <621dbc6e5b779_bb4ce2b0cf36619a0847b1@prd-scan-dashboard-0.mail>
2022-03-01 12:59 ` Joel Sherrill

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAF9ehCV445OJwX7XriomUZLW43Jz=pubyEHQvBnxTsu+X=U_-A@mail.gmail.com' \
    --to=joel.sherrill@gmail.com \
    --cc=newlib@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).