From: Joel Sherrill <joel@rtems.org>
To: Newlib <newlib@sourceware.org>
Subject: Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib
Date: Tue, 1 Mar 2022 06:59:35 -0600 [thread overview]
Message-ID: <CAF9ehCWnRn8mfx7tEe=zCb5E9fgX8H0tswqhS+PR5UUAWfofXA@mail.gmail.com> (raw)
In-Reply-To: <621dbc6e5b779_bb4ce2b0cf36619a0847b1@prd-scan-dashboard-0.mail>
Hi
The RTEMS Projects runs Coverity Scan when Newlib changes.
Not sure who committed something that triggered these but overnight 6 new
defects showed up. Most look to be NULL dereferences.
--joel
---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Tue, Mar 1, 2022, 12:25 AM
Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
To: <joel.sherrill@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to RTEMS-Newlib
found with Coverity Scan.
6 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 387497: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
46 in _asiprintf_r()
________________________________________________________________________________________________________
*** CID 387497: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
46 in _asiprintf_r()
40 f._file = -1; /* No file. */
41 va_start (ap, fmt);
42 ret = _svfiprintf_r (ptr, &f, fmt, ap);
43 va_end (ap);
44 if (ret >= 0)
45 {
>>> CID 387497: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
46 *f._p = 0;
47 *strp = (char *) f._bf._base;
48 }
49 return (ret);
50 }
51
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
42 in _asiprintf_r()
36 /* mark a zero-length reallocatable buffer */
37 f._flags = __SWR | __SSTR | __SMBF;
38 f._bf._base = f._p = NULL;
39 f._bf._size = f._w = 0;
40 f._file = -1; /* No file. */
41 va_start (ap, fmt);
>>> CID 387497: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
42 ret = _svfiprintf_r (ptr, &f, fmt, ap);
43 va_end (ap);
44 if (ret >= 0)
45 {
46 *f._p = 0;
47 *strp = (char *) f._bf._base;
** CID 387496: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasniprintf.c:
54 in _vasniprintf_r()
________________________________________________________________________________________________________
*** CID 387496: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasniprintf.c:
54 in _vasniprintf_r()
48 f._bf._size = f._w = len;
49 f._file = -1; /* No file. */
50 ret = _svfiprintf_r (ptr, &f, fmt, ap);
51 if (ret < 0)
52 return NULL;
53 *lenp = ret;
>>> CID 387496: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
54 *f._p = '\0';
55 return (char *) f._bf._base;
56 }
57
58 #ifndef _REENT_ONLY
59
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasniprintf.c:
50 in _vasniprintf_r()
44 {
45 ptr->_errno = EOVERFLOW;
46 return NULL;
47 }
48 f._bf._size = f._w = len;
49 f._file = -1; /* No file. */
>>> CID 387496: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
50 ret = _svfiprintf_r (ptr, &f, fmt, ap);
51 if (ret < 0)
52 return NULL;
53 *lenp = ret;
54 *f._p = '\0';
55 return (char *) f._bf._base;
** CID 387495: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
72 in asiprintf()
________________________________________________________________________________________________________
*** CID 387495: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
72 in asiprintf()
66 f._file = -1; /* No file. */
67 va_start (ap, fmt);
68 ret = _svfiprintf_r (_REENT, &f, fmt, ap);
69 va_end (ap);
70 if (ret >= 0)
71 {
>>> CID 387495: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
72 *f._p = 0;
73 *strp = (char *) f._bf._base;
74 }
75 return (ret);
76 }
77
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
68 in asiprintf()
62 /* mark a zero-length reallocatable buffer */
63 f._flags = __SWR | __SSTR | __SMBF;
64 f._bf._base = f._p = NULL;
65 f._bf._size = f._w = 0;
66 f._file = -1; /* No file. */
67 va_start (ap, fmt);
>>> CID 387495: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
68 ret = _svfiprintf_r (_REENT, &f, fmt, ap);
69 va_end (ap);
70 if (ret >= 0)
71 {
72 *f._p = 0;
73 *strp = (char *) f._bf._base;
** CID 387494: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasiprintf.c:
59 in _vasiprintf_r()
________________________________________________________________________________________________________
*** CID 387494: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasiprintf.c:
56 in _vasiprintf_r()
50 FILE f;
51
52 f._flags = __SWR | __SSTR | __SMBF ;
53 f._bf._base = f._p = NULL;
54 f._bf._size = f._w = 0;
55 f._file = -1; /* No file. */
>>> CID 387494: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
56 ret = _svfiprintf_r (ptr, &f, fmt, ap);
57 if (ret >= 0)
58 {
59 *f._p = 0;
60 *strp = (char *) f._bf._base;
61 }
62 return ret;
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasiprintf.c:
59 in _vasiprintf_r()
53 f._bf._base = f._p = NULL;
54 f._bf._size = f._w = 0;
55 f._file = -1; /* No file. */
56 ret = _svfiprintf_r (ptr, &f, fmt, ap);
57 if (ret >= 0)
58 {
>>> CID 387494: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
59 *f._p = 0;
60 *strp = (char *) f._bf._base;
61 }
62 return ret;
** CID 387493: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
56 in _asniprintf_r()
________________________________________________________________________________________________________
*** CID 387493: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
56 in _asniprintf_r()
50 va_start (ap, fmt);
51 ret = _svfiprintf_r (ptr, &f, fmt, ap);
52 va_end (ap);
53 if (ret < 0)
54 return NULL;
55 *lenp = ret;
>>> CID 387493: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
56 *f._p = '\0';
57 return (char *) f._bf._base;
58 }
59
60 #ifndef _REENT_ONLY
61
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
51 in _asniprintf_r()
45 ptr->_errno = EOVERFLOW;
46 return NULL;
47 }
48 f._bf._size = f._w = len;
49 f._file = -1; /* No file. */
50 va_start (ap, fmt);
>>> CID 387493: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
51 ret = _svfiprintf_r (ptr, &f, fmt, ap);
52 va_end (ap);
53 if (ret < 0)
54 return NULL;
55 *lenp = ret;
56 *f._p = '\0';
** CID 387492: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
102 in asniprintf()
________________________________________________________________________________________________________
*** CID 387492: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
97 in asniprintf()
91 ptr->_errno = EOVERFLOW;
92 return NULL;
93 }
94 f._bf._size = f._w = len;
95 f._file = -1; /* No file. */
96 va_start (ap, fmt);
>>> CID 387492: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
97 ret = _svfiprintf_r (ptr, &f, fmt, ap);
98 va_end (ap);
99 if (ret < 0)
100 return NULL;
101 *lenp = ret;
102 *f._p = '\0';
103 return (char *) f._bf._base;
104 }
105
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
102 in asniprintf()
96 va_start (ap, fmt);
97 ret = _svfiprintf_r (ptr, &f, fmt, ap);
98 va_end (ap);
99 if (ret < 0)
100 return NULL;
101 *lenp = ret;
>>> CID 387492: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
102 *f._p = '\0';
103 return (char *) f._bf._base;
104 }
105
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQWqa-2BcrUOdcmLJRN5wHA-2F-2Bj-2BUPxOS2vpJc2U7lnvDDSM-3Dnqug_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrGLZMaHd5esU0ARWQLalpbU14eFG-2B8GBetplQDq0TFveW7GhsLMcXeSEhKYoSzfs79W0hf2Yn-2BdzWSDPS0EESLlkStqI3WwPQMfb34ZdTZU7WEQcrZaQuFXKuGz0VlCF7KqPVBI3zTemmClCpRRwRohHCmfibOFsZTs1X-2FRcY52FNG4ag-2BOQcuq0K2qt4q3HU-3D
To manage Coverity Scan email notifications for "joel.sherrill@gmail.com",
click
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQfFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2FuqaA-3DJ8Qh_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrGLZMaHd5esU0ARWQLalpbU14eFG-2B8GBetplQDq0TFvV2SdrBvi9WPWAL9ik9dUN3G4GCz8VYLMQNfnG1KXM-2B3Izv46DsGCDeNRaHHjKQaodaHQLONx4FWpogc4bk0lIv9WPI18Ah675HB1nu1NDtORJjikxZE-2BlhmmrkoLD0utEP5uRkuJbyd23X6MuuSrA8-3D
next parent reply other threads:[~2022-03-01 12:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <621dbc6e5b779_bb4ce2b0cf36619a0847b1@prd-scan-dashboard-0.mail>
2022-03-01 12:59 ` Joel Sherrill [this message]
[not found] ` <BN2P110MB1544826C2DADD0A490C6E5E49A029@BN2P110MB1544.NAMP110.PROD.OUTLOOK.COM>
2022-03-01 19:30 ` C Howland
2022-03-01 20:43 ` Joel Sherrill
[not found] <630d44245d07b_448622ac7e91099ac81e@prd-scan-dashboard-0.mail>
2022-08-29 23:09 ` Fwd: " Joel Sherrill
2022-08-29 23:09 ` Joel Sherrill
[not found] <654dcb725557c_69be32c62521719a8359f9@prd-scan-dashboard-0.mail>
2023-11-10 14:40 ` Joel Sherrill
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAF9ehCWnRn8mfx7tEe=zCb5E9fgX8H0tswqhS+PR5UUAWfofXA@mail.gmail.com' \
--to=joel@rtems.org \
--cc=newlib@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).