public inbox for newlib@sourceware.org
 help / color / mirror / Atom feed
From: Joel Sherrill <joel@rtems.org>
To: Newlib <newlib@sourceware.org>
Subject: Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib
Date: Tue, 1 Mar 2022 06:59:35 -0600	[thread overview]
Message-ID: <CAF9ehCWnRn8mfx7tEe=zCb5E9fgX8H0tswqhS+PR5UUAWfofXA@mail.gmail.com> (raw)
In-Reply-To: <621dbc6e5b779_bb4ce2b0cf36619a0847b1@prd-scan-dashboard-0.mail>

Hi

The RTEMS Projects runs Coverity Scan when Newlib changes.

Not sure who committed something that triggered these but overnight 6 new
defects showed up. Most look to be NULL dereferences.

--joel

---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Tue, Mar 1, 2022, 12:25 AM
Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
To: <joel.sherrill@gmail.com>


Hi,

Please find the latest report on new defect(s) introduced to RTEMS-Newlib
found with Coverity Scan.

6 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 387497:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
46 in _asiprintf_r()


________________________________________________________________________________________________________
*** CID 387497:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
46 in _asiprintf_r()
40       f._file = -1;  /* No file. */
41       va_start (ap, fmt);
42       ret = _svfiprintf_r (ptr, &f, fmt, ap);
43       va_end (ap);
44       if (ret >= 0)
45         {
>>>     CID 387497:    (FORWARD_NULL)
>>>     Dereferencing null pointer "f._p".
46           *f._p = 0;
47           *strp = (char *) f._bf._base;
48         }
49       return (ret);
50     }
51
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
42 in _asiprintf_r()
36       /* mark a zero-length reallocatable buffer */
37       f._flags = __SWR | __SSTR | __SMBF;
38       f._bf._base = f._p = NULL;
39       f._bf._size = f._w = 0;
40       f._file = -1;  /* No file. */
41       va_start (ap, fmt);
>>>     CID 387497:    (FORWARD_NULL)
>>>     Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
42       ret = _svfiprintf_r (ptr, &f, fmt, ap);
43       va_end (ap);
44       if (ret >= 0)
45         {
46           *f._p = 0;
47           *strp = (char *) f._bf._base;

** CID 387496:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasniprintf.c:
54 in _vasniprintf_r()


________________________________________________________________________________________________________
*** CID 387496:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasniprintf.c:
54 in _vasniprintf_r()
48       f._bf._size = f._w = len;
49       f._file = -1;  /* No file. */
50       ret = _svfiprintf_r (ptr, &f, fmt, ap);
51       if (ret < 0)
52         return NULL;
53       *lenp = ret;
>>>     CID 387496:    (FORWARD_NULL)
>>>     Dereferencing null pointer "f._p".
54       *f._p = '\0';
55       return (char *) f._bf._base;
56     }
57
58     #ifndef _REENT_ONLY
59
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasniprintf.c:
50 in _vasniprintf_r()
44         {
45           ptr->_errno = EOVERFLOW;
46           return NULL;
47         }
48       f._bf._size = f._w = len;
49       f._file = -1;  /* No file. */
>>>     CID 387496:    (FORWARD_NULL)
>>>     Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
50       ret = _svfiprintf_r (ptr, &f, fmt, ap);
51       if (ret < 0)
52         return NULL;
53       *lenp = ret;
54       *f._p = '\0';
55       return (char *) f._bf._base;

** CID 387495:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
72 in asiprintf()


________________________________________________________________________________________________________
*** CID 387495:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
72 in asiprintf()
66       f._file = -1;  /* No file. */
67       va_start (ap, fmt);
68       ret = _svfiprintf_r (_REENT, &f, fmt, ap);
69       va_end (ap);
70       if (ret >= 0)
71         {
>>>     CID 387495:    (FORWARD_NULL)
>>>     Dereferencing null pointer "f._p".
72           *f._p = 0;
73           *strp = (char *) f._bf._base;
74         }
75       return (ret);
76     }
77
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
68 in asiprintf()
62       /* mark a zero-length reallocatable buffer */
63       f._flags = __SWR | __SSTR | __SMBF;
64       f._bf._base = f._p = NULL;
65       f._bf._size = f._w = 0;
66       f._file = -1;  /* No file. */
67       va_start (ap, fmt);
>>>     CID 387495:    (FORWARD_NULL)
>>>     Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
68       ret = _svfiprintf_r (_REENT, &f, fmt, ap);
69       va_end (ap);
70       if (ret >= 0)
71         {
72           *f._p = 0;
73           *strp = (char *) f._bf._base;

** CID 387494:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasiprintf.c:
59 in _vasiprintf_r()


________________________________________________________________________________________________________
*** CID 387494:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasiprintf.c:
56 in _vasiprintf_r()
50       FILE f;
51
52       f._flags = __SWR | __SSTR | __SMBF ;
53       f._bf._base = f._p = NULL;
54       f._bf._size = f._w = 0;
55       f._file = -1;  /* No file. */
>>>     CID 387494:    (FORWARD_NULL)
>>>     Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
56       ret = _svfiprintf_r (ptr, &f, fmt, ap);
57       if (ret >= 0)
58         {
59           *f._p = 0;
60           *strp = (char *) f._bf._base;
61         }
62       return ret;
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasiprintf.c:
59 in _vasiprintf_r()
53       f._bf._base = f._p = NULL;
54       f._bf._size = f._w = 0;
55       f._file = -1;  /* No file. */
56       ret = _svfiprintf_r (ptr, &f, fmt, ap);
57       if (ret >= 0)
58         {
>>>     CID 387494:    (FORWARD_NULL)
>>>     Dereferencing null pointer "f._p".
59           *f._p = 0;
60           *strp = (char *) f._bf._base;
61         }
62       return ret;

** CID 387493:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
56 in _asniprintf_r()


________________________________________________________________________________________________________
*** CID 387493:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
56 in _asniprintf_r()
50       va_start (ap, fmt);
51       ret = _svfiprintf_r (ptr, &f, fmt, ap);
52       va_end (ap);
53       if (ret < 0)
54         return NULL;
55       *lenp = ret;
>>>     CID 387493:    (FORWARD_NULL)
>>>     Dereferencing null pointer "f._p".
56       *f._p = '\0';
57       return (char *) f._bf._base;
58     }
59
60     #ifndef _REENT_ONLY
61
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
51 in _asniprintf_r()
45           ptr->_errno = EOVERFLOW;
46           return NULL;
47         }
48       f._bf._size = f._w = len;
49       f._file = -1;  /* No file. */
50       va_start (ap, fmt);
>>>     CID 387493:    (FORWARD_NULL)
>>>     Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
51       ret = _svfiprintf_r (ptr, &f, fmt, ap);
52       va_end (ap);
53       if (ret < 0)
54         return NULL;
55       *lenp = ret;
56       *f._p = '\0';

** CID 387492:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
102 in asniprintf()


________________________________________________________________________________________________________
*** CID 387492:    (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
97 in asniprintf()
91           ptr->_errno = EOVERFLOW;
92           return NULL;
93         }
94       f._bf._size = f._w = len;
95       f._file = -1;  /* No file. */
96       va_start (ap, fmt);
>>>     CID 387492:    (FORWARD_NULL)
>>>     Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
97       ret = _svfiprintf_r (ptr, &f, fmt, ap);
98       va_end (ap);
99       if (ret < 0)
100         return NULL;
101       *lenp = ret;
102       *f._p = '\0';
103       return (char *) f._bf._base;
104     }
105
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
102 in asniprintf()
96       va_start (ap, fmt);
97       ret = _svfiprintf_r (ptr, &f, fmt, ap);
98       va_end (ap);
99       if (ret < 0)
100         return NULL;
101       *lenp = ret;
>>>     CID 387492:    (FORWARD_NULL)
>>>     Dereferencing null pointer "f._p".
102       *f._p = '\0';
103       return (char *) f._bf._base;
104     }
105


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQWqa-2BcrUOdcmLJRN5wHA-2F-2Bj-2BUPxOS2vpJc2U7lnvDDSM-3Dnqug_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrGLZMaHd5esU0ARWQLalpbU14eFG-2B8GBetplQDq0TFveW7GhsLMcXeSEhKYoSzfs79W0hf2Yn-2BdzWSDPS0EESLlkStqI3WwPQMfb34ZdTZU7WEQcrZaQuFXKuGz0VlCF7KqPVBI3zTemmClCpRRwRohHCmfibOFsZTs1X-2FRcY52FNG4ag-2BOQcuq0K2qt4q3HU-3D

  To manage Coverity Scan email notifications for "joel.sherrill@gmail.com",
click
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQfFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2FuqaA-3DJ8Qh_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrGLZMaHd5esU0ARWQLalpbU14eFG-2B8GBetplQDq0TFvV2SdrBvi9WPWAL9ik9dUN3G4GCz8VYLMQNfnG1KXM-2B3Izv46DsGCDeNRaHHjKQaodaHQLONx4FWpogc4bk0lIv9WPI18Ah675HB1nu1NDtORJjikxZE-2BlhmmrkoLD0utEP5uRkuJbyd23X6MuuSrA8-3D

       reply	other threads:[~2022-03-01 12:59 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <621dbc6e5b779_bb4ce2b0cf36619a0847b1@prd-scan-dashboard-0.mail>
2022-03-01 12:59 ` Joel Sherrill [this message]
     [not found]   ` <BN2P110MB1544826C2DADD0A490C6E5E49A029@BN2P110MB1544.NAMP110.PROD.OUTLOOK.COM>
2022-03-01 19:30     ` C Howland
2022-03-01 20:43       ` Joel Sherrill
     [not found] <630d44245d07b_448622ac7e91099ac81e@prd-scan-dashboard-0.mail>
2022-08-29 23:09 ` Fwd: " Joel Sherrill

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAF9ehCWnRn8mfx7tEe=zCb5E9fgX8H0tswqhS+PR5UUAWfofXA@mail.gmail.com' \
    --to=joel@rtems.org \
    --cc=newlib@sourceware.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).