* Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib
[not found] <621dbc6e5b779_bb4ce2b0cf36619a0847b1@prd-scan-dashboard-0.mail>
@ 2022-03-01 12:59 ` Joel Sherrill
[not found] ` <BN2P110MB1544826C2DADD0A490C6E5E49A029@BN2P110MB1544.NAMP110.PROD.OUTLOOK.COM>
0 siblings, 1 reply; 6+ messages in thread
From: Joel Sherrill @ 2022-03-01 12:59 UTC (permalink / raw)
To: Newlib
Hi
The RTEMS Projects runs Coverity Scan when Newlib changes.
Not sure who committed something that triggered these but overnight 6 new
defects showed up. Most look to be NULL dereferences.
--joel
---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Tue, Mar 1, 2022, 12:25 AM
Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
To: <joel.sherrill@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to RTEMS-Newlib
found with Coverity Scan.
6 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 387497: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
46 in _asiprintf_r()
________________________________________________________________________________________________________
*** CID 387497: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
46 in _asiprintf_r()
40 f._file = -1; /* No file. */
41 va_start (ap, fmt);
42 ret = _svfiprintf_r (ptr, &f, fmt, ap);
43 va_end (ap);
44 if (ret >= 0)
45 {
>>> CID 387497: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
46 *f._p = 0;
47 *strp = (char *) f._bf._base;
48 }
49 return (ret);
50 }
51
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
42 in _asiprintf_r()
36 /* mark a zero-length reallocatable buffer */
37 f._flags = __SWR | __SSTR | __SMBF;
38 f._bf._base = f._p = NULL;
39 f._bf._size = f._w = 0;
40 f._file = -1; /* No file. */
41 va_start (ap, fmt);
>>> CID 387497: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
42 ret = _svfiprintf_r (ptr, &f, fmt, ap);
43 va_end (ap);
44 if (ret >= 0)
45 {
46 *f._p = 0;
47 *strp = (char *) f._bf._base;
** CID 387496: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasniprintf.c:
54 in _vasniprintf_r()
________________________________________________________________________________________________________
*** CID 387496: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasniprintf.c:
54 in _vasniprintf_r()
48 f._bf._size = f._w = len;
49 f._file = -1; /* No file. */
50 ret = _svfiprintf_r (ptr, &f, fmt, ap);
51 if (ret < 0)
52 return NULL;
53 *lenp = ret;
>>> CID 387496: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
54 *f._p = '\0';
55 return (char *) f._bf._base;
56 }
57
58 #ifndef _REENT_ONLY
59
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasniprintf.c:
50 in _vasniprintf_r()
44 {
45 ptr->_errno = EOVERFLOW;
46 return NULL;
47 }
48 f._bf._size = f._w = len;
49 f._file = -1; /* No file. */
>>> CID 387496: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
50 ret = _svfiprintf_r (ptr, &f, fmt, ap);
51 if (ret < 0)
52 return NULL;
53 *lenp = ret;
54 *f._p = '\0';
55 return (char *) f._bf._base;
** CID 387495: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
72 in asiprintf()
________________________________________________________________________________________________________
*** CID 387495: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
72 in asiprintf()
66 f._file = -1; /* No file. */
67 va_start (ap, fmt);
68 ret = _svfiprintf_r (_REENT, &f, fmt, ap);
69 va_end (ap);
70 if (ret >= 0)
71 {
>>> CID 387495: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
72 *f._p = 0;
73 *strp = (char *) f._bf._base;
74 }
75 return (ret);
76 }
77
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
68 in asiprintf()
62 /* mark a zero-length reallocatable buffer */
63 f._flags = __SWR | __SSTR | __SMBF;
64 f._bf._base = f._p = NULL;
65 f._bf._size = f._w = 0;
66 f._file = -1; /* No file. */
67 va_start (ap, fmt);
>>> CID 387495: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
68 ret = _svfiprintf_r (_REENT, &f, fmt, ap);
69 va_end (ap);
70 if (ret >= 0)
71 {
72 *f._p = 0;
73 *strp = (char *) f._bf._base;
** CID 387494: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasiprintf.c:
59 in _vasiprintf_r()
________________________________________________________________________________________________________
*** CID 387494: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasiprintf.c:
56 in _vasiprintf_r()
50 FILE f;
51
52 f._flags = __SWR | __SSTR | __SMBF ;
53 f._bf._base = f._p = NULL;
54 f._bf._size = f._w = 0;
55 f._file = -1; /* No file. */
>>> CID 387494: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
56 ret = _svfiprintf_r (ptr, &f, fmt, ap);
57 if (ret >= 0)
58 {
59 *f._p = 0;
60 *strp = (char *) f._bf._base;
61 }
62 return ret;
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasiprintf.c:
59 in _vasiprintf_r()
53 f._bf._base = f._p = NULL;
54 f._bf._size = f._w = 0;
55 f._file = -1; /* No file. */
56 ret = _svfiprintf_r (ptr, &f, fmt, ap);
57 if (ret >= 0)
58 {
>>> CID 387494: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
59 *f._p = 0;
60 *strp = (char *) f._bf._base;
61 }
62 return ret;
** CID 387493: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
56 in _asniprintf_r()
________________________________________________________________________________________________________
*** CID 387493: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
56 in _asniprintf_r()
50 va_start (ap, fmt);
51 ret = _svfiprintf_r (ptr, &f, fmt, ap);
52 va_end (ap);
53 if (ret < 0)
54 return NULL;
55 *lenp = ret;
>>> CID 387493: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
56 *f._p = '\0';
57 return (char *) f._bf._base;
58 }
59
60 #ifndef _REENT_ONLY
61
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
51 in _asniprintf_r()
45 ptr->_errno = EOVERFLOW;
46 return NULL;
47 }
48 f._bf._size = f._w = len;
49 f._file = -1; /* No file. */
50 va_start (ap, fmt);
>>> CID 387493: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
51 ret = _svfiprintf_r (ptr, &f, fmt, ap);
52 va_end (ap);
53 if (ret < 0)
54 return NULL;
55 *lenp = ret;
56 *f._p = '\0';
** CID 387492: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
102 in asniprintf()
________________________________________________________________________________________________________
*** CID 387492: (FORWARD_NULL)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
97 in asniprintf()
91 ptr->_errno = EOVERFLOW;
92 return NULL;
93 }
94 f._bf._size = f._w = len;
95 f._file = -1; /* No file. */
96 va_start (ap, fmt);
>>> CID 387492: (FORWARD_NULL)
>>> Passing "&f" to "_svfiprintf_r", which dereferences null "f._p".
97 ret = _svfiprintf_r (ptr, &f, fmt, ap);
98 va_end (ap);
99 if (ret < 0)
100 return NULL;
101 *lenp = ret;
102 *f._p = '\0';
103 return (char *) f._bf._base;
104 }
105
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c:
102 in asniprintf()
96 va_start (ap, fmt);
97 ret = _svfiprintf_r (ptr, &f, fmt, ap);
98 va_end (ap);
99 if (ret < 0)
100 return NULL;
101 *lenp = ret;
>>> CID 387492: (FORWARD_NULL)
>>> Dereferencing null pointer "f._p".
102 *f._p = '\0';
103 return (char *) f._bf._base;
104 }
105
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQWqa-2BcrUOdcmLJRN5wHA-2F-2Bj-2BUPxOS2vpJc2U7lnvDDSM-3Dnqug_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrGLZMaHd5esU0ARWQLalpbU14eFG-2B8GBetplQDq0TFveW7GhsLMcXeSEhKYoSzfs79W0hf2Yn-2BdzWSDPS0EESLlkStqI3WwPQMfb34ZdTZU7WEQcrZaQuFXKuGz0VlCF7KqPVBI3zTemmClCpRRwRohHCmfibOFsZTs1X-2FRcY52FNG4ag-2BOQcuq0K2qt4q3HU-3D
To manage Coverity Scan email notifications for "joel.sherrill@gmail.com",
click
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQfFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2FuqaA-3DJ8Qh_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrGLZMaHd5esU0ARWQLalpbU14eFG-2B8GBetplQDq0TFvV2SdrBvi9WPWAL9ik9dUN3G4GCz8VYLMQNfnG1KXM-2B3Izv46DsGCDeNRaHHjKQaodaHQLONx4FWpogc4bk0lIv9WPI18Ah675HB1nu1NDtORJjikxZE-2BlhmmrkoLD0utEP5uRkuJbyd23X6MuuSrA8-3D
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: New Defects reported by Coverity Scan for RTEMS-Newlib
[not found] ` <BN2P110MB1544826C2DADD0A490C6E5E49A029@BN2P110MB1544.NAMP110.PROD.OUTLOOK.COM>
@ 2022-03-01 19:30 ` C Howland
2022-03-01 20:43 ` Joel Sherrill
0 siblings, 1 reply; 6+ messages in thread
From: C Howland @ 2022-03-01 19:30 UTC (permalink / raw)
To: newlib
>
> ------------------------------
> *From:* Newlib <newlib-bounces+craig.howland=caci.com@sourceware.org> on
> behalf of Joel Sherrill <joel@rtems.org>
> *Sent:* Tuesday, March 1, 2022 7:59 AM
> *To:* Newlib <newlib@sourceware.org>
> *Subject:* Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib
>
>
>
> Hi
>
> The RTEMS Projects runs Coverity Scan when Newlib changes.
>
> Not sure who committed something that triggered these but overnight 6 new
> defects showed up. Most look to be NULL dereferences.
>
> --joel
>
> ---------- Forwarded message ---------
> From: <scan-admin@coverity.com>
> Date: Tue, Mar 1, 2022, 12:25 AM
> Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
> To: <joel.sherrill@gmail.com>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to RTEMS-Newlib
> found with Coverity Scan.
>
> 6 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.
>
>
> New defect(s) Reported-by: Coverity Scan
> Showing 6 of 6 defect(s)
>
>
> ** CID 387497: (FORWARD_NULL)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
> 46 in _asiprintf_r()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 387497: (FORWARD_NULL)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
> 46 in _asiprintf_r()
> 40 f._file = -1; /* No file. */
> 41 va_start (ap, fmt);
> 42 ret = _svfiprintf_r (ptr, &f, fmt, ap);
> 43 va_end (ap);
> 44 if (ret >= 0)
> 45 {
> >>> CID 387497: (FORWARD_NULL)
> >>> Dereferencing null pointer "f._p".
> 46 *f._p = 0;
> 47 *strp = (char *) f._bf._base;
> 48 }
> 49 return (ret);
> 50 }
> 51
>
Joel:
In a quick look nothing related to these has changed. And looking
specifically at this one complaint (which looks to be representative of all
the rest), the complaint is spurious. The check for the return being >= 0
means that _p has been set by the called function.
Craig
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: New Defects reported by Coverity Scan for RTEMS-Newlib
2022-03-01 19:30 ` C Howland
@ 2022-03-01 20:43 ` Joel Sherrill
0 siblings, 0 replies; 6+ messages in thread
From: Joel Sherrill @ 2022-03-01 20:43 UTC (permalink / raw)
To: C Howland; +Cc: Newlib
On Tue, Mar 1, 2022, 1:31 PM C Howland <cc1964t@gmail.com> wrote:
> >
> > ------------------------------
> > *From:* Newlib <newlib-bounces+craig.howland=caci.com@sourceware.org> on
> > behalf of Joel Sherrill <joel@rtems.org>
> > *Sent:* Tuesday, March 1, 2022 7:59 AM
> > *To:* Newlib <newlib@sourceware.org>
> > *Subject:* Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib
> >
> >
> >
> > Hi
> >
> > The RTEMS Projects runs Coverity Scan when Newlib changes.
> >
> > Not sure who committed something that triggered these but overnight 6 new
> > defects showed up. Most look to be NULL dereferences.
> >
> > --joel
> >
> > ---------- Forwarded message ---------
> > From: <scan-admin@coverity.com>
> > Date: Tue, Mar 1, 2022, 12:25 AM
> > Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
> > To: <joel.sherrill@gmail.com>
> >
> >
> > Hi,
> >
> > Please find the latest report on new defect(s) introduced to RTEMS-Newlib
> > found with Coverity Scan.
> >
> > 6 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.
> >
> >
> > New defect(s) Reported-by: Coverity Scan
> > Showing 6 of 6 defect(s)
> >
> >
> > ** CID 387497: (FORWARD_NULL)
> >
> >
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
> > 46 in _asiprintf_r()
> >
> >
> >
> >
> ________________________________________________________________________________________________________
> > *** CID 387497: (FORWARD_NULL)
> >
> >
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c:
> > 46 in _asiprintf_r()
> > 40 f._file = -1; /* No file. */
> > 41 va_start (ap, fmt);
> > 42 ret = _svfiprintf_r (ptr, &f, fmt, ap);
> > 43 va_end (ap);
> > 44 if (ret >= 0)
> > 45 {
> > >>> CID 387497: (FORWARD_NULL)
> > >>> Dereferencing null pointer "f._p".
> > 46 *f._p = 0;
> > 47 *strp = (char *) f._bf._base;
> > 48 }
> > 49 return (ret);
> > 50 }
> > 51
> >
>
> Joel:
> In a quick look nothing related to these has changed. And looking
> specifically at this one complaint (which looks to be representative of all
> the rest), the complaint is spurious. The check for the return being >= 0
> means that _p has been set by the called function.
>
Weird. Shouldn't have popped up suddenly.
Just passing along. If you don't pay attention when they are new, they age
badly.
Thanks.
Craig
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib
[not found] <654dcb725557c_69be32c62521719a8359f9@prd-scan-dashboard-0.mail>
@ 2023-11-10 14:40 ` Joel Sherrill
0 siblings, 0 replies; 6+ messages in thread
From: Joel Sherrill @ 2023-11-10 14:40 UTC (permalink / raw)
To: Newlib
[-- Attachment #1: Type: text/plain, Size: 6891 bytes --]
The RTEMS Project scan on newlib shows that the recent change introduced a
new issue.
--joel
---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Fri, Nov 10, 2023 at 12:19 AM
Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
To: <joel.sherrill@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to RTEMS-Newlib
found with Coverity Scan.
6 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 423232: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 423232: Uninitialized variables (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/sscanf.c:
469 in _sscanf_r()
463 f._bf._size = f._r = strlen (str);
464 f._read = __seofread;
465 f._ub._base = NULL;
466 f._lb._base = NULL;
467 f._file = -1; /* No file. */
468 va_start (ap, fmt);
>>> CID 423232: Uninitialized variables (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfscanf_r".
469 ret = __ssvfscanf_r (ptr, &f, fmt, ap);
470 va_end (ap);
471 return ret;
472 }
473
474 #ifdef _NANO_FORMATTED_IO
475 int
476 _siscanf_r (struct _reent *, const char *, const char *, ...)
477 _ATTRIBUTE ((__alias__("_sscanf_r")));
** CID 423231: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 423231: Uninitialized variables (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vsiscanf.c:
58 in _vsiscanf_r()
52 f._bf._base = f._p = (unsigned char *) str;
53 f._bf._size = f._r = strlen (str);
54 f._read = __seofread;
55 f._ub._base = NULL;
56 f._lb._base = NULL;
57 f._file = -1; /* No file. */
>>> CID 423231: Uninitialized variables (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfiscanf_r".
58 return __ssvfiscanf_r (ptr, &f, fmt, ap);
** CID 423230: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 423230: Uninitialized variables (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/siscanf.c:
100 in siscanf()
94 f._bf._size = f._r = strlen (str);
95 f._read = __seofread;
96 f._ub._base = NULL;
97 f._lb._base = NULL;
98 f._file = -1; /* No file. */
99 va_start (ap, fmt);
>>> CID 423230: Uninitialized variables (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfiscanf_r".
100 ret = __ssvfiscanf_r (_REENT, &f, fmt, ap);
101 va_end (ap);
102 return ret;
103 }
104
105 #endif /* !_REENT_ONLY */
** CID 423229: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 423229: Uninitialized variables (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/siscanf.c:
124 in _siscanf_r()
118 f._bf._size = f._r = strlen (str);
119 f._read = __seofread;
120 f._ub._base = NULL;
121 f._lb._base = NULL;
122 f._file = -1; /* No file. */
123 va_start (ap, fmt);
>>> CID 423229: Uninitialized variables (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfiscanf_r".
124 ret = __ssvfiscanf_r (ptr, &f, fmt, ap);
125 va_end (ap);
126 return ret;
** CID 423228: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 423228: Uninitialized variables (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/sscanf.c:
439 in sscanf()
433 f._bf._size = f._r = strlen (str);
434 f._read = __seofread;
435 f._ub._base = NULL;
436 f._lb._base = NULL;
437 f._file = -1; /* No file. */
438 va_start (ap, fmt);
>>> CID 423228: Uninitialized variables (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfscanf_r".
439 ret = __ssvfscanf_r (_REENT, &f, fmt, ap);
440 va_end (ap);
441 return ret;
442 }
443
444 #ifdef _NANO_FORMATTED_IO
** CID 423227: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 423227: Uninitialized variables (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vsscanf.c:
64 in _vsscanf_r()
58 f._bf._base = f._p = (unsigned char *) str;
59 f._bf._size = f._r = strlen (str);
60 f._read = __seofread;
61 f._ub._base = NULL;
62 f._lb._base = NULL;
63 f._file = -1; /* No file. */
>>> CID 423227: Uninitialized variables (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfscanf_r".
64 return __ssvfscanf_r (ptr, &f, fmt, ap);
65 }
66
67 #ifdef _NANO_FORMATTED_IO
68 int
69 _vsiscanf_r (struct _reent *, const char *, const char *, __VALIST)
70 _ATTRIBUTE ((__alias__("_vsscanf_r")));
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQWqa-2BcrUOdcmLJRN5wHA-2F-2BoTXFME2lv6iQTYdROp9w6g-3DQTF3_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXp1-2BJXKpwt4lXmrE0X07lEhNaO7tBL6kJfZw-2FGQ5RAQBkD-2FfM67sOR-2FBAm5aQfUHtxJk-2FCacFNPXewtLnpAdTY1WiQZdVvp2XpFZqG2vutBufgYKbMiZ0mbd5TLcHaqtAG1SNf6JuIUAMBiPHK73Z3Q3yfpbmH-2FDVUL9UIkjSmNKRHboJ-2BNTLwF-2BEVor5SVrRA-3D
To manage Coverity Scan email notifications for "joel.sherrill@gmail.com",
click
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQfFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa9CE8CGpcthnaEEfHiFVPqc-3DhjWj_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXp1-2BJXKpwt4lXmrE0X07lEhNaO7tBL6kJfZw-2FGQ5RAQBsp-2FrHGE1qFCrN1eUAbyDSLUURBk8su75Gbb68SpMXZjOf4zGYZ9SA9OnI08Y106eYEHPmV-2F8TLs-2BFUD1b8y32sPrlw0P7whD98wRlcHUwUZ5zn0TobkovFd1mH4rNSiu6wf0Ze8WbqUhKuj7wnEMT4-3D
^ permalink raw reply [flat|nested] 6+ messages in thread
* Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib
[not found] <630d44245d07b_448622ac7e91099ac81e@prd-scan-dashboard-0.mail>
@ 2022-08-29 23:09 ` Joel Sherrill
2022-08-29 23:09 ` Joel Sherrill
0 siblings, 1 reply; 6+ messages in thread
From: Joel Sherrill @ 2022-08-29 23:09 UTC (permalink / raw)
To: Newlib
Hi
I quit running Coverity on newlib as part of the repositories analysed as
part of RTEMS BUT I had to update the version of cov-analysis we used and
wanted to make sure the scripting stayed working.
These issues were flagged since the last time we ran it. Some look like
they need attention.
--joel
---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Mon, Aug 29, 2022 at 5:56 PM
Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
To: <joel.sherrill@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to RTEMS-Newlib
found with Coverity Scan.
10 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 398779: (UNINIT)
________________________________________________________________________________________________________
*** CID 398779: (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
454 in _swscanf_r()
448 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
449 f._read = __seofread;
450 f._ub._base = NULL;
451 f._lb._base = NULL;
452 f._file = -1; /* No file. */
453 va_start (ap, fmt);
>>> CID 398779: (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r".
454 ret = __ssvfwscanf_r (ptr, &f, fmt, ap);
455 va_end (ap);
456 return ret;
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
454 in _swscanf_r()
448 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
449 f._read = __seofread;
450 f._ub._base = NULL;
451 f._lb._base = NULL;
452 f._file = -1; /* No file. */
453 va_start (ap, fmt);
>>> CID 398779: (UNINIT)
>>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
454 ret = __ssvfwscanf_r (ptr, &f, fmt, ap);
455 va_end (ap);
456 return ret;
** CID 398778: High impact quality (Y2K38_SAFETY)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/sleep.c:
18 in sleep()
________________________________________________________________________________________________________
*** CID 398778: High impact quality (Y2K38_SAFETY)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/sleep.c:
18 in sleep()
12 {
13 struct timespec ts;
14
15 ts.tv_sec = seconds;
16 ts.tv_nsec = 0;
17 if (!nanosleep(&ts,&ts)) return 0;
>>> CID 398778: High impact quality (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to
accommodate it. The expression "ts.tv_sec" is cast to "unsigned int".
18 if (errno == EINTR) return ts.tv_sec;
19 return -1;
20 }
21
** CID 398777: (UNINIT)
________________________________________________________________________________________________________
*** CID 398777: (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
432 in swscanf()
426 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
427 f._read = __seofread;
428 f._ub._base = NULL;
429 f._lb._base = NULL;
430 f._file = -1; /* No file. */
431 va_start (ap, fmt);
>>> CID 398777: (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r".
432 ret = __ssvfwscanf_r (_REENT, &f, fmt, ap);
433 va_end (ap);
434 return ret;
435 }
436
437 #endif /* !_REENT_ONLY */
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
432 in swscanf()
426 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
427 f._read = __seofread;
428 f._ub._base = NULL;
429 f._lb._base = NULL;
430 f._file = -1; /* No file. */
431 va_start (ap, fmt);
>>> CID 398777: (UNINIT)
>>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
432 ret = __ssvfwscanf_r (_REENT, &f, fmt, ap);
433 va_end (ap);
434 return ret;
435 }
436
437 #endif /* !_REENT_ONLY */
** CID 398776: (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
44 in time()
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
45 in time()
________________________________________________________________________________________________________
*** CID 398776: (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
44 in time()
38 struct timeval now;
39
40 if (_gettimeofday_r (_REENT, &now, NULL) < 0)
41 now.tv_sec = (time_t) -1;
42
43 if (t)
>>> CID 398776: (UNINIT)
>>> Using uninitialized value "now.tv_sec".
44 *t = now.tv_sec;
45 return now.tv_sec;
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
45 in time()
39
40 if (_gettimeofday_r (_REENT, &now, NULL) < 0)
41 now.tv_sec = (time_t) -1;
42
43 if (t)
44 *t = now.tv_sec;
>>> CID 398776: (UNINIT)
>>> Using uninitialized value "now.tv_sec".
45 return now.tv_sec;
** CID 398775: (UNINIT)
________________________________________________________________________________________________________
*** CID 398775: (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vswscanf.c:
57 in _vswscanf_r()
51 f._bf._base = f._p = (unsigned char *) str;
52 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
53 f._read = __seofread;
54 f._ub._base = NULL;
55 f._lb._base = NULL;
56 f._file = -1; /* No file. */
>>> CID 398775: (UNINIT)
>>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
57 return __ssvfwscanf_r (ptr, &f, fmt, ap);
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vswscanf.c:
57 in _vswscanf_r()
51 f._bf._base = f._p = (unsigned char *) str;
52 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
53 f._read = __seofread;
54 f._ub._base = NULL;
55 f._lb._base = NULL;
56 f._file = -1; /* No file. */
>>> CID 398775: (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r".
57 return __ssvfwscanf_r (ptr, &f, fmt, ap);
** CID 398774: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 398774: Uninitialized variables (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdlib/arc4random.c:
93 in _rs_stir()
87 u_char rnd[KEYSZ + IVSZ];
88
89 if (getentropy(rnd, sizeof rnd) == -1)
90 _getentropy_fail();
91
92 if (!rs)
>>> CID 398774: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "rnd" when calling "_rs_init".
93 _rs_init(rnd, sizeof(rnd));
94 else
95 _rs_rekey(rnd, sizeof(rnd));
96 explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */
97
98 /* invalidate rs_buf */
** CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/kf_tan.c:
55 in __kernel_tanf()
________________________________________________________________________________________________________
*** CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/kf_tan.c:
55 in __kernel_tanf()
49 __int32_t ix,hx;
50 GET_FLOAT_WORD(hx,x);
51 ix = hx&0x7fffffff; /* high word of |x| */
52 if(ix<0x31800000) /* x < 2**-28 */
53 {if((int)x==0) { /* generate inexact */
54 if((ix|(iy+1))==0) return one/fabsf(x);
>>> CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
>>> In expression "-1f / x", division by expression "x" which may be
zero has undefined behavior.
55 else return (iy==1)? x: -one/x;
56 }
57 }
58 if(ix>=0x3f2ca140) { /* |x|>=0.6744 */
59 if(hx<0) {x = -x; y = -y;}
60 z = pio4-x;
** CID 398772: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 398772: Memory - corruptions (OVERRUN)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c:
1044 in bothcases()
1038 assert(othercase(ch) != ch); /* p_bracket() would
recurse */
1039 p->next = bracket;
1040 p->end = bracket+2;
1041 bracket[0] = ch;
1042 bracket[1] = ']';
1043 bracket[2] = '\0';
>>> CID 398772: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "p->next" of 3 bytes by passing it
to a function which accesses it at byte offset 4.
1044 p_bracket(p);
1045 assert(p->next == bracket+2);
1046 p->next = oldnext;
1047 p->end = oldend;
1048 }
1049
** CID 398771: High impact quality (Y2K38_SAFETY)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/usleep.c:
18 in usleep()
________________________________________________________________________________________________________
*** CID 398771: High impact quality (Y2K38_SAFETY)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/usleep.c:
18 in usleep()
12 {
13 struct timespec ts;
14
15 ts.tv_sec = (long int)useconds / 1000000;
16 ts.tv_nsec = ((long int)useconds % 1000000) * 1000;
17 if (!nanosleep(&ts,&ts)) return 0;
>>> CID 398771: High impact quality (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to
accommodate it. The expression "ts.tv_sec" is cast to "int".
18 if (errno == EINTR) return ts.tv_sec;
19 return -1;
20 }
21
** CID 378851: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 378851: Memory - corruptions (OVERRUN)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c:
1090 in nonnewline()
1084 p->next = bracket;
1085 p->end = bracket+3;
1086 bracket[0] = '^';
1087 bracket[1] = '\n';
1088 bracket[2] = ']';
1089 bracket[3] = '\0';
>>> CID 378851: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "p->next" of 4 bytes by passing it
to a function which accesses it at byte offset 4.
1090 p_bracket(p);
1091 assert(p->next == bracket+3);
1092 p->next = oldnext;
1093 p->end = oldend;
1094 }
1095
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQWqa-2BcrUOdcmLJRN5wHA-2F-2Bj-2BUPxOS2vpJc2U7lnvDDSM-3DgcXN_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6zqtxlihMO5pRBlqs6CXC6JoeSQ5BknttytYW4gn54pXoG5E1T2VTg7ZExldrWnOHoGNfjITpyeGBnq8zf1R1SvLaQHX0KwLC3QLIILHDIyeRDmH6ivilCfFIJbx4IaHchThYPPrH23evm0vJ6A6-2BcYCz2qmJNN2577UqVyYc0aItJ859abhW8GanEpsc-3D
To manage Coverity Scan email notifications for "joel.sherrill@gmail.com",
click
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQfFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2FuqaA-3D5Xsf_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6zqtxlihMO5pRBlqs6CXC6JoeSQ5BknttytYW4gsEM86eEaAqPEjIHUArLBXYOUpWfZ4bmwC96PG11GPPh-2FLsC0rkTKQE2J8XRI45hCnTpCTbj87kq0GI1XLddKyw1JXGGqDcyizThGumwZmd8Tr5waHqdorDd3Wom83BYSMOhcHiGVjpnvscbd8ReGFw-3D
^ permalink raw reply [flat|nested] 6+ messages in thread
* Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib
2022-08-29 23:09 ` Fwd: " Joel Sherrill
@ 2022-08-29 23:09 ` Joel Sherrill
0 siblings, 0 replies; 6+ messages in thread
From: Joel Sherrill @ 2022-08-29 23:09 UTC (permalink / raw)
To: Newlib
[-- Attachment #1: Type: text/plain, Size: 12625 bytes --]
Hi
I quit running Coverity on newlib as part of the repositories analysed as
part of RTEMS BUT I had to update the version of cov-analysis we used and
wanted to make sure the scripting stayed working.
These issues were flagged since the last time we ran it. Some look like
they need attention.
--joel
---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Mon, Aug 29, 2022 at 5:56 PM
Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
To: <joel.sherrill@gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to RTEMS-Newlib
found with Coverity Scan.
10 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 398779: (UNINIT)
________________________________________________________________________________________________________
*** CID 398779: (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
454 in _swscanf_r()
448 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
449 f._read = __seofread;
450 f._ub._base = NULL;
451 f._lb._base = NULL;
452 f._file = -1; /* No file. */
453 va_start (ap, fmt);
>>> CID 398779: (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r".
454 ret = __ssvfwscanf_r (ptr, &f, fmt, ap);
455 va_end (ap);
456 return ret;
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
454 in _swscanf_r()
448 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
449 f._read = __seofread;
450 f._ub._base = NULL;
451 f._lb._base = NULL;
452 f._file = -1; /* No file. */
453 va_start (ap, fmt);
>>> CID 398779: (UNINIT)
>>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
454 ret = __ssvfwscanf_r (ptr, &f, fmt, ap);
455 va_end (ap);
456 return ret;
** CID 398778: High impact quality (Y2K38_SAFETY)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/sleep.c:
18 in sleep()
________________________________________________________________________________________________________
*** CID 398778: High impact quality (Y2K38_SAFETY)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/sleep.c:
18 in sleep()
12 {
13 struct timespec ts;
14
15 ts.tv_sec = seconds;
16 ts.tv_nsec = 0;
17 if (!nanosleep(&ts,&ts)) return 0;
>>> CID 398778: High impact quality (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to
accommodate it. The expression "ts.tv_sec" is cast to "unsigned int".
18 if (errno == EINTR) return ts.tv_sec;
19 return -1;
20 }
21
** CID 398777: (UNINIT)
________________________________________________________________________________________________________
*** CID 398777: (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
432 in swscanf()
426 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
427 f._read = __seofread;
428 f._ub._base = NULL;
429 f._lb._base = NULL;
430 f._file = -1; /* No file. */
431 va_start (ap, fmt);
>>> CID 398777: (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r".
432 ret = __ssvfwscanf_r (_REENT, &f, fmt, ap);
433 va_end (ap);
434 return ret;
435 }
436
437 #endif /* !_REENT_ONLY */
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
432 in swscanf()
426 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
427 f._read = __seofread;
428 f._ub._base = NULL;
429 f._lb._base = NULL;
430 f._file = -1; /* No file. */
431 va_start (ap, fmt);
>>> CID 398777: (UNINIT)
>>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
432 ret = __ssvfwscanf_r (_REENT, &f, fmt, ap);
433 va_end (ap);
434 return ret;
435 }
436
437 #endif /* !_REENT_ONLY */
** CID 398776: (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
44 in time()
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
45 in time()
________________________________________________________________________________________________________
*** CID 398776: (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
44 in time()
38 struct timeval now;
39
40 if (_gettimeofday_r (_REENT, &now, NULL) < 0)
41 now.tv_sec = (time_t) -1;
42
43 if (t)
>>> CID 398776: (UNINIT)
>>> Using uninitialized value "now.tv_sec".
44 *t = now.tv_sec;
45 return now.tv_sec;
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
45 in time()
39
40 if (_gettimeofday_r (_REENT, &now, NULL) < 0)
41 now.tv_sec = (time_t) -1;
42
43 if (t)
44 *t = now.tv_sec;
>>> CID 398776: (UNINIT)
>>> Using uninitialized value "now.tv_sec".
45 return now.tv_sec;
** CID 398775: (UNINIT)
________________________________________________________________________________________________________
*** CID 398775: (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vswscanf.c:
57 in _vswscanf_r()
51 f._bf._base = f._p = (unsigned char *) str;
52 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
53 f._read = __seofread;
54 f._ub._base = NULL;
55 f._lb._base = NULL;
56 f._file = -1; /* No file. */
>>> CID 398775: (UNINIT)
>>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
57 return __ssvfwscanf_r (ptr, &f, fmt, ap);
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vswscanf.c:
57 in _vswscanf_r()
51 f._bf._base = f._p = (unsigned char *) str;
52 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
53 f._read = __seofread;
54 f._ub._base = NULL;
55 f._lb._base = NULL;
56 f._file = -1; /* No file. */
>>> CID 398775: (UNINIT)
>>> Using uninitialized value "f._flags2" when calling "__ssvfwscanf_r".
57 return __ssvfwscanf_r (ptr, &f, fmt, ap);
** CID 398774: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 398774: Uninitialized variables (UNINIT)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdlib/arc4random.c:
93 in _rs_stir()
87 u_char rnd[KEYSZ + IVSZ];
88
89 if (getentropy(rnd, sizeof rnd) == -1)
90 _getentropy_fail();
91
92 if (!rs)
>>> CID 398774: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "rnd" when calling "_rs_init".
93 _rs_init(rnd, sizeof(rnd));
94 else
95 _rs_rekey(rnd, sizeof(rnd));
96 explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */
97
98 /* invalidate rs_buf */
** CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/kf_tan.c:
55 in __kernel_tanf()
________________________________________________________________________________________________________
*** CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/kf_tan.c:
55 in __kernel_tanf()
49 __int32_t ix,hx;
50 GET_FLOAT_WORD(hx,x);
51 ix = hx&0x7fffffff; /* high word of |x| */
52 if(ix<0x31800000) /* x < 2**-28 */
53 {if((int)x==0) { /* generate inexact */
54 if((ix|(iy+1))==0) return one/fabsf(x);
>>> CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
>>> In expression "-1f / x", division by expression "x" which may be
zero has undefined behavior.
55 else return (iy==1)? x: -one/x;
56 }
57 }
58 if(ix>=0x3f2ca140) { /* |x|>=0.6744 */
59 if(hx<0) {x = -x; y = -y;}
60 z = pio4-x;
** CID 398772: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 398772: Memory - corruptions (OVERRUN)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c:
1044 in bothcases()
1038 assert(othercase(ch) != ch); /* p_bracket() would
recurse */
1039 p->next = bracket;
1040 p->end = bracket+2;
1041 bracket[0] = ch;
1042 bracket[1] = ']';
1043 bracket[2] = '\0';
>>> CID 398772: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "p->next" of 3 bytes by passing it
to a function which accesses it at byte offset 4.
1044 p_bracket(p);
1045 assert(p->next == bracket+2);
1046 p->next = oldnext;
1047 p->end = oldend;
1048 }
1049
** CID 398771: High impact quality (Y2K38_SAFETY)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/usleep.c:
18 in usleep()
________________________________________________________________________________________________________
*** CID 398771: High impact quality (Y2K38_SAFETY)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/usleep.c:
18 in usleep()
12 {
13 struct timespec ts;
14
15 ts.tv_sec = (long int)useconds / 1000000;
16 ts.tv_nsec = ((long int)useconds % 1000000) * 1000;
17 if (!nanosleep(&ts,&ts)) return 0;
>>> CID 398771: High impact quality (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to
accommodate it. The expression "ts.tv_sec" is cast to "int".
18 if (errno == EINTR) return ts.tv_sec;
19 return -1;
20 }
21
** CID 378851: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 378851: Memory - corruptions (OVERRUN)
/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c:
1090 in nonnewline()
1084 p->next = bracket;
1085 p->end = bracket+3;
1086 bracket[0] = '^';
1087 bracket[1] = '\n';
1088 bracket[2] = ']';
1089 bracket[3] = '\0';
>>> CID 378851: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "p->next" of 4 bytes by passing it
to a function which accesses it at byte offset 4.
1090 p_bracket(p);
1091 assert(p->next == bracket+3);
1092 p->next = oldnext;
1093 p->end = oldend;
1094 }
1095
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQWqa-2BcrUOdcmLJRN5wHA-2F-2Bj-2BUPxOS2vpJc2U7lnvDDSM-3DgcXN_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6zqtxlihMO5pRBlqs6CXC6JoeSQ5BknttytYW4gn54pXoG5E1T2VTg7ZExldrWnOHoGNfjITpyeGBnq8zf1R1SvLaQHX0KwLC3QLIILHDIyeRDmH6ivilCfFIJbx4IaHchThYPPrH23evm0vJ6A6-2BcYCz2qmJNN2577UqVyYc0aItJ859abhW8GanEpsc-3D
To manage Coverity Scan email notifications for "joel.sherrill@gmail.com",
click
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQfFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2FuqaA-3D5Xsf_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6zqtxlihMO5pRBlqs6CXC6JoeSQ5BknttytYW4gsEM86eEaAqPEjIHUArLBXYOUpWfZ4bmwC96PG11GPPh-2FLsC0rkTKQE2J8XRI45hCnTpCTbj87kq0GI1XLddKyw1JXGGqDcyizThGumwZmd8Tr5waHqdorDd3Wom83BYSMOhcHiGVjpnvscbd8ReGFw-3D
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-11-10 14:41 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <621dbc6e5b779_bb4ce2b0cf36619a0847b1@prd-scan-dashboard-0.mail>
2022-03-01 12:59 ` Fwd: New Defects reported by Coverity Scan for RTEMS-Newlib Joel Sherrill
[not found] ` <BN2P110MB1544826C2DADD0A490C6E5E49A029@BN2P110MB1544.NAMP110.PROD.OUTLOOK.COM>
2022-03-01 19:30 ` C Howland
2022-03-01 20:43 ` Joel Sherrill
[not found] <630d44245d07b_448622ac7e91099ac81e@prd-scan-dashboard-0.mail>
2022-08-29 23:09 ` Fwd: " Joel Sherrill
2022-08-29 23:09 ` Joel Sherrill
[not found] <654dcb725557c_69be32c62521719a8359f9@prd-scan-dashboard-0.mail>
2023-11-10 14:40 ` Joel Sherrill
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).