From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=TrI8=G2=gmail.com=joel.sherrill@sourceware.org>
Received: from mail-yw1-f170.google.com (mail-yw1-f170.google.com [209.85.128.170])
	by sourceware.org (Postfix) with ESMTPS id C2B1E3856962
	for <newlib@sourceware.org>; Mon, 13 Nov 2023 14:23:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C2B1E3856962
Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=rtems.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C2B1E3856962
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=209.85.128.170
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1699885413; cv=none;
	b=vFpmLdKpDSs/LOeryN55XQ1lyjt5v4dmfdxhc7nsiqObhVNUGrbraFH51DN/ZhJ+9j7pV9AjOITXStEDegZUIqTy/WYqmJMOhLmfaU1mnCd/F6EhzpAGlB3ehg19BXZFIX+gMEtOZ1cqQpEnv7De/CwZPiD6cjXdgxQS8aVUocs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1699885413; c=relaxed/simple;
	bh=O5dC7qYDXW/en14qNg+zrvJrC+//VDCemoAEKaxdZBw=;
	h=MIME-Version:From:Date:Message-ID:Subject:To; b=t330JweSBgDMVYlO+q3GYLyF7mjQB9iMrn6U0x4qvg4+oURbwoByuNOJbfhXXdlhdSsi4QIY0IeOkWl4NNDESe3FG9EPnTrlqNSvY9LGrV9luYvSJl4Rz71oDT2Dm2oSU8j2XibIoOYAkcDPHchjN81nZBy1RbnCe1RC+RAloWQ=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-yw1-f170.google.com with SMTP id 00721157ae682-5bf58204b7aso46598947b3.3
        for <newlib@sourceware.org>; Mon, 13 Nov 2023 06:23:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1699885411; x=1700490211;
        h=to:subject:message-id:date:from:reply-to:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=zZBy4oUGdAaSqVr143/XyAqt2/XPTQoR04fTTrn2Dkg=;
        b=M0d7+XSlcKcUf1kxDJzRCaZXgjyZeifgW/TxkALzSZbhVLohSJ/BOwatwDZiBFqUvp
         cvtRo27+2hCbqsQ+Z2PWU1MPM3/ig0Hm79JB2jmTNqi8/VgYM4anlT3r00Qg5UWDo3xU
         W8zQA1k9QnxX2E5lhlG0PKn/Z7qOqCXVFSIBu2CrjOd/UIiQ0gaqwK8nbweXy36nehn1
         8m88nn/6ekoQvc8E4en6Dc/ZxHgA3zKHKALX6btxbfhIbD9r6u+dn8obQGHsRgXRn+uS
         a1zZZz8axaE5gDsaX3xwca2sL3aVGj0mP9/17acia+C+6AL7+GGTxwi9u/CqIKRF3Y4g
         Kn0A==
X-Gm-Message-State: AOJu0YwOlTiXO4aIcznJPTKDurhx3an4N9JtH2BpsyimEyTdNF5m1FjG
	MaHkBdxetLp6mWpXlO8WSk/u9UtCd/g=
X-Google-Smtp-Source: AGHT+IHDBgStbl+CYuL7ude0lkiWRL3DYZkuZRwKy6IUEuA9hEqBQsACkF5m1GQLXsfXTDcNp/JGfw==
X-Received: by 2002:a0d:db8a:0:b0:5a7:b81a:7f5d with SMTP id d132-20020a0ddb8a000000b005a7b81a7f5dmr6801662ywe.18.1699885410967;
        Mon, 13 Nov 2023 06:23:30 -0800 (PST)
Received: from mail-yb1-f177.google.com (mail-yb1-f177.google.com. [209.85.219.177])
        by smtp.gmail.com with ESMTPSA id u83-20020a816056000000b0059b2be24f88sm1767230ywb.143.2023.11.13.06.23.30
        for <newlib@sourceware.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Mon, 13 Nov 2023 06:23:30 -0800 (PST)
Received: by mail-yb1-f177.google.com with SMTP id 3f1490d57ef6-da041ffef81so4903172276.0
        for <newlib@sourceware.org>; Mon, 13 Nov 2023 06:23:30 -0800 (PST)
X-Received: by 2002:a05:6902:70f:b0:da0:4109:ad63 with SMTP id
 k15-20020a056902070f00b00da04109ad63mr7556427ybt.21.1699885410591; Mon, 13
 Nov 2023 06:23:30 -0800 (PST)
MIME-Version: 1.0
References: <654dcb688da84_69bd52d4ed1e699a037313@prd-scan-dashboard-0.mail>
 <CAF9ehCWYLfa8RKNLN=HZZFbifH4gpoTOs1ycsiBGOfN58jpReg@mail.gmail.com>
 <ZU5M4PUCpTBiQIhY@calimero.vinschen.de> <CAF9ehCXg3GqdN1U3JbmNy98xdcGj59wi815L7zfJzauTchmivQ@mail.gmail.com>
 <ZVIiTxg4azMgMdDX@calimero.vinschen.de>
In-Reply-To: <ZVIiTxg4azMgMdDX@calimero.vinschen.de>
Reply-To: joel@rtems.org
From: Joel Sherrill <joel@rtems.org>
Date: Mon, 13 Nov 2023 08:23:17 -0600
X-Gmail-Original-Message-ID: <CAF9ehCX=Fpf5dJirhoc+O-5ijAPUYHkYbqFJNjvaM=-69oLq8A@mail.gmail.com>
Message-ID: <CAF9ehCX=Fpf5dJirhoc+O-5ijAPUYHkYbqFJNjvaM=-69oLq8A@mail.gmail.com>
Subject: Re: Coverity Scan: Analysis completed for RTEMS-Newlib
To: Newlib <newlib@sourceware.org>
Content-Type: multipart/alternative; boundary="0000000000000eae95060a096ab8"
X-Spam-Status: No, score=-3031.3 required=5.0 tests=BAYES_00,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE,KAM_DMARC_STATUS,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <newlib.sourceware.org>

--0000000000000eae95060a096ab8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Nov 13, 2023, 7:19 AM Corinna Vinschen <vinschen@redhat.com> wrote:

> On Nov 10 11:44, Joel Sherrill wrote:
> > On Fri, Nov 10, 2023 at 9:32=E2=80=AFAM Corinna Vinschen <vinschen@redh=
at.com>
> > wrote:
> >
> > > On Nov 10 08:50, Joel Sherrill wrote:
> > > > Hmmmm.. an email just before the one I forwarded shows 6 new defects
> were
> > > > added in the last commits. They appear to be the same issue I just
> > > > forwarded but in different scanf variants.
> > > >
> > > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2.
> > > > uninit_use_in_call: Using uninitialized value f._flags2 when calling
> > > > __ssvfiscanf_r. [show details
> > > > <
> > >
> https://scan3.scan.coverity.com/eventId=3D13202494-1&modelId=3D13202494-0=
&fileInstanceId=3D104130545&filePath=3D%2Fhome%2Fjoel%2Frtems-cron-coverity=
%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&file=
Start=3D400&fileEnd=3D1980
> > > >
> > > > ]
> > >
> > > Looks like a false positive.
> > >
> > > The ORIENT macro will set or reset the value of the _flags2 __SWID bit
> > > if the _flags __SORD bit isn't set.  It never is set at the start, so
> > > the _flags2 __SWID bit is always set.  And only then, the ORIENT macro
> > > will check the value.
> > >
> >
> > Thanks. I will mark them as false positive.
> >
> > What about the issue in the printf variants? Looks like similar code. A=
re
> > they
> > also false positives? This is from asiprintf.c
> >
> > 37  f._flags =3D __SWR | __SSTR | __SMBF;
> >
> > 1. assign_zero: Assigning: f._p =3D NULL.
> > 38  f._bf._base =3D f._p =3D NULL;
> > 39  f._bf._size =3D f._w =3D 0;
> > 40  f._file =3D -1;  /* No file. */
> > 41  va_start (ap, fmt);
> >
> > CID 387497 (#2 of 2): Explicit null dereferenced (FORWARD_NULL)2.
> > var_deref_model: Passing &f to _svfiprintf_r, which dereferences null
> f._p.
> >  [show details
> > <
> https://scan3.scan.coverity.com/eventId=3D13202490-1&modelId=3D13202490-0=
&fileInstanceId=3D104130544&filePath=3D%2Fhome%2Fjoel%2Frtems-cron-coverity=
%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfprintf.c&fil=
eStart=3D650&fileEnd=3D1786
> >
> > ]
> > 42  ret =3D _svfiprintf_r (ptr, &f, fmt, ap);
>
> Did you try to debug it?
>

No. It just looked similar and was introduced earlier this year.

--joel

>
>
> Corinna
>
>

--0000000000000eae95060a096ab8--