From: Jeff Johnston <jjohnstn@redhat.com>
To: joel@rtems.org
Cc: Newlib <newlib@sourceware.org>
Subject: Re: New Defects reported by Coverity Scan for RTEMS-Newlib
Date: Tue, 30 Aug 2022 15:03:25 -0400 [thread overview]
Message-ID: <CAOox84tBoc8Uv=TuGojndoYCYvx5cxMOdQo4Xtd5uX3H2qG38w@mail.gmail.com> (raw)
In-Reply-To: <CAF9ehCU2SRAe70jG1EXMD8=71kGgFWEuqOxztn9=gRi0ev45Vg@mail.gmail.com>
Thanks Joel for bringing this to our attention.
-- Jeff J.
On Mon, Aug 29, 2022 at 7:09 PM Joel Sherrill <joel@rtems.org> wrote:
> Hi
>
> I quit running Coverity on newlib as part of the repositories analysed as
> part of RTEMS BUT I had to update the version of cov-analysis we used and
> wanted to make sure the scripting stayed working.
>
> These issues were flagged since the last time we ran it. Some look like
> they need attention.
>
> --joel
>
> ---------- Forwarded message ---------
> From: <scan-admin@coverity.com>
> Date: Mon, Aug 29, 2022 at 5:56 PM
> Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
> To: <joel.sherrill@gmail.com>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to RTEMS-Newlib
> found with Coverity Scan.
>
> 10 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.
> 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 10 of 10 defect(s)
>
>
> ** CID 398779: (UNINIT)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398779: (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
> 454 in _swscanf_r()
> 448 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 449 f._read = __seofread;
> 450 f._ub._base = NULL;
> 451 f._lb._base = NULL;
> 452 f._file = -1; /* No file. */
> 453 va_start (ap, fmt);
> >>> CID 398779: (UNINIT)
> >>> Using uninitialized value "f._flags2" when calling
> "__ssvfwscanf_r".
> 454 ret = __ssvfwscanf_r (ptr, &f, fmt, ap);
> 455 va_end (ap);
> 456 return ret;
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
> 454 in _swscanf_r()
> 448 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 449 f._read = __seofread;
> 450 f._ub._base = NULL;
> 451 f._lb._base = NULL;
> 452 f._file = -1; /* No file. */
> 453 va_start (ap, fmt);
> >>> CID 398779: (UNINIT)
> >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
> 454 ret = __ssvfwscanf_r (ptr, &f, fmt, ap);
> 455 va_end (ap);
> 456 return ret;
>
> ** CID 398778: High impact quality (Y2K38_SAFETY)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/sleep.c:
> 18 in sleep()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398778: High impact quality (Y2K38_SAFETY)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/sleep.c:
> 18 in sleep()
> 12 {
> 13 struct timespec ts;
> 14
> 15 ts.tv_sec = seconds;
> 16 ts.tv_nsec = 0;
> 17 if (!nanosleep(&ts,&ts)) return 0;
> >>> CID 398778: High impact quality (Y2K38_SAFETY)
> >>> A "time_t" value is stored in an integer with too few bits to
> accommodate it. The expression "ts.tv_sec" is cast to "unsigned int".
> 18 if (errno == EINTR) return ts.tv_sec;
> 19 return -1;
> 20 }
> 21
>
> ** CID 398777: (UNINIT)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398777: (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
> 432 in swscanf()
> 426 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 427 f._read = __seofread;
> 428 f._ub._base = NULL;
> 429 f._lb._base = NULL;
> 430 f._file = -1; /* No file. */
> 431 va_start (ap, fmt);
> >>> CID 398777: (UNINIT)
> >>> Using uninitialized value "f._flags2" when calling
> "__ssvfwscanf_r".
> 432 ret = __ssvfwscanf_r (_REENT, &f, fmt, ap);
> 433 va_end (ap);
> 434 return ret;
> 435 }
> 436
> 437 #endif /* !_REENT_ONLY */
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
> 432 in swscanf()
> 426 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 427 f._read = __seofread;
> 428 f._ub._base = NULL;
> 429 f._lb._base = NULL;
> 430 f._file = -1; /* No file. */
> 431 va_start (ap, fmt);
> >>> CID 398777: (UNINIT)
> >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
> 432 ret = __ssvfwscanf_r (_REENT, &f, fmt, ap);
> 433 va_end (ap);
> 434 return ret;
> 435 }
> 436
> 437 #endif /* !_REENT_ONLY */
>
> ** CID 398776: (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
> 44 in time()
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
> 45 in time()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398776: (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
> 44 in time()
> 38 struct timeval now;
> 39
> 40 if (_gettimeofday_r (_REENT, &now, NULL) < 0)
> 41 now.tv_sec = (time_t) -1;
> 42
> 43 if (t)
> >>> CID 398776: (UNINIT)
> >>> Using uninitialized value "now.tv_sec".
> 44 *t = now.tv_sec;
> 45 return now.tv_sec;
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
> 45 in time()
> 39
> 40 if (_gettimeofday_r (_REENT, &now, NULL) < 0)
> 41 now.tv_sec = (time_t) -1;
> 42
> 43 if (t)
> 44 *t = now.tv_sec;
> >>> CID 398776: (UNINIT)
> >>> Using uninitialized value "now.tv_sec".
> 45 return now.tv_sec;
>
> ** CID 398775: (UNINIT)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398775: (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vswscanf.c:
> 57 in _vswscanf_r()
> 51 f._bf._base = f._p = (unsigned char *) str;
> 52 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 53 f._read = __seofread;
> 54 f._ub._base = NULL;
> 55 f._lb._base = NULL;
> 56 f._file = -1; /* No file. */
> >>> CID 398775: (UNINIT)
> >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
> 57 return __ssvfwscanf_r (ptr, &f, fmt, ap);
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vswscanf.c:
> 57 in _vswscanf_r()
> 51 f._bf._base = f._p = (unsigned char *) str;
> 52 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 53 f._read = __seofread;
> 54 f._ub._base = NULL;
> 55 f._lb._base = NULL;
> 56 f._file = -1; /* No file. */
> >>> CID 398775: (UNINIT)
> >>> Using uninitialized value "f._flags2" when calling
> "__ssvfwscanf_r".
> 57 return __ssvfwscanf_r (ptr, &f, fmt, ap);
>
> ** CID 398774: Uninitialized variables (UNINIT)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398774: Uninitialized variables (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdlib/arc4random.c:
> 93 in _rs_stir()
> 87 u_char rnd[KEYSZ + IVSZ];
> 88
> 89 if (getentropy(rnd, sizeof rnd) == -1)
> 90 _getentropy_fail();
> 91
> 92 if (!rs)
> >>> CID 398774: Uninitialized variables (UNINIT)
> >>> Using uninitialized element of array "rnd" when calling "_rs_init".
> 93 _rs_init(rnd, sizeof(rnd));
> 94 else
> 95 _rs_rekey(rnd, sizeof(rnd));
> 96 explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */
> 97
> 98 /* invalidate rs_buf */
>
> ** CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/kf_tan.c:
> 55 in __kernel_tanf()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/kf_tan.c:
> 55 in __kernel_tanf()
> 49 __int32_t ix,hx;
> 50 GET_FLOAT_WORD(hx,x);
> 51 ix = hx&0x7fffffff; /* high word of |x| */
> 52 if(ix<0x31800000) /* x < 2**-28 */
> 53 {if((int)x==0) { /* generate inexact */
> 54 if((ix|(iy+1))==0) return one/fabsf(x);
> >>> CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
> >>> In expression "-1f / x", division by expression "x" which may be
> zero has undefined behavior.
> 55 else return (iy==1)? x: -one/x;
> 56 }
> 57 }
> 58 if(ix>=0x3f2ca140) { /* |x|>=0.6744 */
> 59 if(hx<0) {x = -x; y = -y;}
> 60 z = pio4-x;
>
> ** CID 398772: Memory - corruptions (OVERRUN)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398772: Memory - corruptions (OVERRUN)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c:
> 1044 in bothcases()
> 1038 assert(othercase(ch) != ch); /* p_bracket() would
> recurse */
> 1039 p->next = bracket;
> 1040 p->end = bracket+2;
> 1041 bracket[0] = ch;
> 1042 bracket[1] = ']';
> 1043 bracket[2] = '\0';
> >>> CID 398772: Memory - corruptions (OVERRUN)
> >>> Overrunning buffer pointed to by "p->next" of 3 bytes by passing it
> to a function which accesses it at byte offset 4.
> 1044 p_bracket(p);
> 1045 assert(p->next == bracket+2);
> 1046 p->next = oldnext;
> 1047 p->end = oldend;
> 1048 }
> 1049
>
> ** CID 398771: High impact quality (Y2K38_SAFETY)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/usleep.c:
> 18 in usleep()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398771: High impact quality (Y2K38_SAFETY)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/usleep.c:
> 18 in usleep()
> 12 {
> 13 struct timespec ts;
> 14
> 15 ts.tv_sec = (long int)useconds / 1000000;
> 16 ts.tv_nsec = ((long int)useconds % 1000000) * 1000;
> 17 if (!nanosleep(&ts,&ts)) return 0;
> >>> CID 398771: High impact quality (Y2K38_SAFETY)
> >>> A "time_t" value is stored in an integer with too few bits to
> accommodate it. The expression "ts.tv_sec" is cast to "int".
> 18 if (errno == EINTR) return ts.tv_sec;
> 19 return -1;
> 20 }
> 21
>
> ** CID 378851: Memory - corruptions (OVERRUN)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 378851: Memory - corruptions (OVERRUN)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c:
> 1090 in nonnewline()
> 1084 p->next = bracket;
> 1085 p->end = bracket+3;
> 1086 bracket[0] = '^';
> 1087 bracket[1] = '\n';
> 1088 bracket[2] = ']';
> 1089 bracket[3] = '\0';
> >>> CID 378851: Memory - corruptions (OVERRUN)
> >>> Overrunning buffer pointed to by "p->next" of 4 bytes by passing it
> to a function which accesses it at byte offset 4.
> 1090 p_bracket(p);
> 1091 assert(p->next == bracket+3);
> 1092 p->next = oldnext;
> 1093 p->end = oldend;
> 1094 }
> 1095
>
>
>
> ________________________________________________________________________________________________________
> To view the defects in Coverity Scan visit,
>
> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQWqa-2BcrUOdcmLJRN5wHA-2F-2Bj-2BUPxOS2vpJc2U7lnvDDSM-3DgcXN_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6zqtxlihMO5pRBlqs6CXC6JoeSQ5BknttytYW4gn54pXoG5E1T2VTg7ZExldrWnOHoGNfjITpyeGBnq8zf1R1SvLaQHX0KwLC3QLIILHDIyeRDmH6ivilCfFIJbx4IaHchThYPPrH23evm0vJ6A6-2BcYCz2qmJNN2577UqVyYc0aItJ859abhW8GanEpsc-3D
>
> To manage Coverity Scan email notifications for "joel.sherrill@gmail.com
> ",
> click
>
> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQfFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2FuqaA-3D5Xsf_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6zqtxlihMO5pRBlqs6CXC6JoeSQ5BknttytYW4gsEM86eEaAqPEjIHUArLBXYOUpWfZ4bmwC96PG11GPPh-2FLsC0rkTKQE2J8XRI45hCnTpCTbj87kq0GI1XLddKyw1JXGGqDcyizThGumwZmd8Tr5waHqdorDd3Wom83BYSMOhcHiGVjpnvscbd8ReGFw-3D
>
>
WARNING: multiple messages have this Message-ID
From: Jeff Johnston <jjohnstn@redhat.com>
To: joel@rtems.org
Cc: Newlib <newlib@sourceware.org>
Subject: Re: New Defects reported by Coverity Scan for RTEMS-Newlib
Date: Tue, 30 Aug 2022 15:03:25 -0400 [thread overview]
Message-ID: <CAOox84tBoc8Uv=TuGojndoYCYvx5cxMOdQo4Xtd5uX3H2qG38w@mail.gmail.com> (raw)
Message-ID: <20220830190325.JOsWKkhBuGt0HoKIZPgVMvTKUdv5cJuoiaVIL7Cf99c@z> (raw)
In-Reply-To: <CAF9ehCU2SRAe70jG1EXMD8=71kGgFWEuqOxztn9=gRi0ev45Vg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 13455 bytes --]
Thanks Joel for bringing this to our attention.
-- Jeff J.
On Mon, Aug 29, 2022 at 7:09 PM Joel Sherrill <joel@rtems.org> wrote:
> Hi
>
> I quit running Coverity on newlib as part of the repositories analysed as
> part of RTEMS BUT I had to update the version of cov-analysis we used and
> wanted to make sure the scripting stayed working.
>
> These issues were flagged since the last time we ran it. Some look like
> they need attention.
>
> --joel
>
> ---------- Forwarded message ---------
> From: <scan-admin@coverity.com>
> Date: Mon, Aug 29, 2022 at 5:56 PM
> Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
> To: <joel.sherrill@gmail.com>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to RTEMS-Newlib
> found with Coverity Scan.
>
> 10 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.
> 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 10 of 10 defect(s)
>
>
> ** CID 398779: (UNINIT)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398779: (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
> 454 in _swscanf_r()
> 448 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 449 f._read = __seofread;
> 450 f._ub._base = NULL;
> 451 f._lb._base = NULL;
> 452 f._file = -1; /* No file. */
> 453 va_start (ap, fmt);
> >>> CID 398779: (UNINIT)
> >>> Using uninitialized value "f._flags2" when calling
> "__ssvfwscanf_r".
> 454 ret = __ssvfwscanf_r (ptr, &f, fmt, ap);
> 455 va_end (ap);
> 456 return ret;
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
> 454 in _swscanf_r()
> 448 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 449 f._read = __seofread;
> 450 f._ub._base = NULL;
> 451 f._lb._base = NULL;
> 452 f._file = -1; /* No file. */
> 453 va_start (ap, fmt);
> >>> CID 398779: (UNINIT)
> >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
> 454 ret = __ssvfwscanf_r (ptr, &f, fmt, ap);
> 455 va_end (ap);
> 456 return ret;
>
> ** CID 398778: High impact quality (Y2K38_SAFETY)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/sleep.c:
> 18 in sleep()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398778: High impact quality (Y2K38_SAFETY)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/sleep.c:
> 18 in sleep()
> 12 {
> 13 struct timespec ts;
> 14
> 15 ts.tv_sec = seconds;
> 16 ts.tv_nsec = 0;
> 17 if (!nanosleep(&ts,&ts)) return 0;
> >>> CID 398778: High impact quality (Y2K38_SAFETY)
> >>> A "time_t" value is stored in an integer with too few bits to
> accommodate it. The expression "ts.tv_sec" is cast to "unsigned int".
> 18 if (errno == EINTR) return ts.tv_sec;
> 19 return -1;
> 20 }
> 21
>
> ** CID 398777: (UNINIT)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398777: (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
> 432 in swscanf()
> 426 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 427 f._read = __seofread;
> 428 f._ub._base = NULL;
> 429 f._lb._base = NULL;
> 430 f._file = -1; /* No file. */
> 431 va_start (ap, fmt);
> >>> CID 398777: (UNINIT)
> >>> Using uninitialized value "f._flags2" when calling
> "__ssvfwscanf_r".
> 432 ret = __ssvfwscanf_r (_REENT, &f, fmt, ap);
> 433 va_end (ap);
> 434 return ret;
> 435 }
> 436
> 437 #endif /* !_REENT_ONLY */
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c:
> 432 in swscanf()
> 426 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 427 f._read = __seofread;
> 428 f._ub._base = NULL;
> 429 f._lb._base = NULL;
> 430 f._file = -1; /* No file. */
> 431 va_start (ap, fmt);
> >>> CID 398777: (UNINIT)
> >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
> 432 ret = __ssvfwscanf_r (_REENT, &f, fmt, ap);
> 433 va_end (ap);
> 434 return ret;
> 435 }
> 436
> 437 #endif /* !_REENT_ONLY */
>
> ** CID 398776: (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
> 44 in time()
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
> 45 in time()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398776: (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
> 44 in time()
> 38 struct timeval now;
> 39
> 40 if (_gettimeofday_r (_REENT, &now, NULL) < 0)
> 41 now.tv_sec = (time_t) -1;
> 42
> 43 if (t)
> >>> CID 398776: (UNINIT)
> >>> Using uninitialized value "now.tv_sec".
> 44 *t = now.tv_sec;
> 45 return now.tv_sec;
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/time/time.c:
> 45 in time()
> 39
> 40 if (_gettimeofday_r (_REENT, &now, NULL) < 0)
> 41 now.tv_sec = (time_t) -1;
> 42
> 43 if (t)
> 44 *t = now.tv_sec;
> >>> CID 398776: (UNINIT)
> >>> Using uninitialized value "now.tv_sec".
> 45 return now.tv_sec;
>
> ** CID 398775: (UNINIT)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398775: (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vswscanf.c:
> 57 in _vswscanf_r()
> 51 f._bf._base = f._p = (unsigned char *) str;
> 52 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 53 f._read = __seofread;
> 54 f._ub._base = NULL;
> 55 f._lb._base = NULL;
> 56 f._file = -1; /* No file. */
> >>> CID 398775: (UNINIT)
> >>> Using uninitialized value "f._ur" when calling "__ssvfwscanf_r".
> 57 return __ssvfwscanf_r (ptr, &f, fmt, ap);
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vswscanf.c:
> 57 in _vswscanf_r()
> 51 f._bf._base = f._p = (unsigned char *) str;
> 52 f._bf._size = f._r = wcslen (str) * sizeof (wchar_t);
> 53 f._read = __seofread;
> 54 f._ub._base = NULL;
> 55 f._lb._base = NULL;
> 56 f._file = -1; /* No file. */
> >>> CID 398775: (UNINIT)
> >>> Using uninitialized value "f._flags2" when calling
> "__ssvfwscanf_r".
> 57 return __ssvfwscanf_r (ptr, &f, fmt, ap);
>
> ** CID 398774: Uninitialized variables (UNINIT)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398774: Uninitialized variables (UNINIT)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdlib/arc4random.c:
> 93 in _rs_stir()
> 87 u_char rnd[KEYSZ + IVSZ];
> 88
> 89 if (getentropy(rnd, sizeof rnd) == -1)
> 90 _getentropy_fail();
> 91
> 92 if (!rs)
> >>> CID 398774: Uninitialized variables (UNINIT)
> >>> Using uninitialized element of array "rnd" when calling "_rs_init".
> 93 _rs_init(rnd, sizeof(rnd));
> 94 else
> 95 _rs_rekey(rnd, sizeof(rnd));
> 96 explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */
> 97
> 98 /* invalidate rs_buf */
>
> ** CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/kf_tan.c:
> 55 in __kernel_tanf()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/kf_tan.c:
> 55 in __kernel_tanf()
> 49 __int32_t ix,hx;
> 50 GET_FLOAT_WORD(hx,x);
> 51 ix = hx&0x7fffffff; /* high word of |x| */
> 52 if(ix<0x31800000) /* x < 2**-28 */
> 53 {if((int)x==0) { /* generate inexact */
> 54 if((ix|(iy+1))==0) return one/fabsf(x);
> >>> CID 398773: Incorrect expression (DIVIDE_BY_ZERO)
> >>> In expression "-1f / x", division by expression "x" which may be
> zero has undefined behavior.
> 55 else return (iy==1)? x: -one/x;
> 56 }
> 57 }
> 58 if(ix>=0x3f2ca140) { /* |x|>=0.6744 */
> 59 if(hx<0) {x = -x; y = -y;}
> 60 z = pio4-x;
>
> ** CID 398772: Memory - corruptions (OVERRUN)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398772: Memory - corruptions (OVERRUN)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c:
> 1044 in bothcases()
> 1038 assert(othercase(ch) != ch); /* p_bracket() would
> recurse */
> 1039 p->next = bracket;
> 1040 p->end = bracket+2;
> 1041 bracket[0] = ch;
> 1042 bracket[1] = ']';
> 1043 bracket[2] = '\0';
> >>> CID 398772: Memory - corruptions (OVERRUN)
> >>> Overrunning buffer pointed to by "p->next" of 3 bytes by passing it
> to a function which accesses it at byte offset 4.
> 1044 p_bracket(p);
> 1045 assert(p->next == bracket+2);
> 1046 p->next = oldnext;
> 1047 p->end = oldend;
> 1048 }
> 1049
>
> ** CID 398771: High impact quality (Y2K38_SAFETY)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/usleep.c:
> 18 in usleep()
>
>
>
> ________________________________________________________________________________________________________
> *** CID 398771: High impact quality (Y2K38_SAFETY)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/usleep.c:
> 18 in usleep()
> 12 {
> 13 struct timespec ts;
> 14
> 15 ts.tv_sec = (long int)useconds / 1000000;
> 16 ts.tv_nsec = ((long int)useconds % 1000000) * 1000;
> 17 if (!nanosleep(&ts,&ts)) return 0;
> >>> CID 398771: High impact quality (Y2K38_SAFETY)
> >>> A "time_t" value is stored in an integer with too few bits to
> accommodate it. The expression "ts.tv_sec" is cast to "int".
> 18 if (errno == EINTR) return ts.tv_sec;
> 19 return -1;
> 20 }
> 21
>
> ** CID 378851: Memory - corruptions (OVERRUN)
>
>
>
> ________________________________________________________________________________________________________
> *** CID 378851: Memory - corruptions (OVERRUN)
>
> /home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c:
> 1090 in nonnewline()
> 1084 p->next = bracket;
> 1085 p->end = bracket+3;
> 1086 bracket[0] = '^';
> 1087 bracket[1] = '\n';
> 1088 bracket[2] = ']';
> 1089 bracket[3] = '\0';
> >>> CID 378851: Memory - corruptions (OVERRUN)
> >>> Overrunning buffer pointed to by "p->next" of 4 bytes by passing it
> to a function which accesses it at byte offset 4.
> 1090 p_bracket(p);
> 1091 assert(p->next == bracket+3);
> 1092 p->next = oldnext;
> 1093 p->end = oldend;
> 1094 }
> 1095
>
>
>
> ________________________________________________________________________________________________________
> To view the defects in Coverity Scan visit,
>
> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQWqa-2BcrUOdcmLJRN5wHA-2F-2Bj-2BUPxOS2vpJc2U7lnvDDSM-3DgcXN_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6zqtxlihMO5pRBlqs6CXC6JoeSQ5BknttytYW4gn54pXoG5E1T2VTg7ZExldrWnOHoGNfjITpyeGBnq8zf1R1SvLaQHX0KwLC3QLIILHDIyeRDmH6ivilCfFIJbx4IaHchThYPPrH23evm0vJ6A6-2BcYCz2qmJNN2577UqVyYc0aItJ859abhW8GanEpsc-3D
>
> To manage Coverity Scan email notifications for "joel.sherrill@gmail.com
> ",
> click
>
> https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXxTJDdEZ5ceQ-2BXdf-2FM1tcMIXP73MN3HxQfFTMLU5dSe8Rv0KFh7gYStOFjZD12ucRRnrjyUHOCTj7rG0E9HBcwa6j-2FX4NTabdEq2v7MM-2FuqaA-3D5Xsf_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrko-2B6zqtxlihMO5pRBlqs6CXC6JoeSQ5BknttytYW4gsEM86eEaAqPEjIHUArLBXYOUpWfZ4bmwC96PG11GPPh-2FLsC0rkTKQE2J8XRI45hCnTpCTbj87kq0GI1XLddKyw1JXGGqDcyizThGumwZmd8Tr5waHqdorDd3Wom83BYSMOhcHiGVjpnvscbd8ReGFw-3D
>
>
next prev parent reply other threads:[~2022-08-30 19:03 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <630d44245d07b_448622ac7e91099ac81e@prd-scan-dashboard-0.mail>
2022-08-29 23:09 ` Fwd: " Joel Sherrill
2022-08-29 23:09 ` Joel Sherrill
2022-08-30 19:03 ` Jeff Johnston [this message]
2022-08-30 19:03 ` Jeff Johnston
2022-08-31 19:16 ` Jeff Johnston
2022-08-31 19:16 ` Jeff Johnston
2022-08-31 19:58 ` Joel Sherrill
2022-08-31 19:58 ` Joel Sherrill
[not found] <67aa7d4565885_1e98fe2ac1a16659a8550b1@prd-scan-dashboard-0.mail>
2025-02-10 22:56 ` Fwd: " Joel Sherrill
2025-02-11 10:40 ` Corinna Vinschen
2025-02-11 10:50 ` Alexey Lapshin
2025-02-11 12:02 ` Corinna Vinschen
2025-02-11 15:07 ` Joel Sherrill
2025-02-11 21:24 ` Brian Inglis
[not found] <621dbc6e5b779_bb4ce2b0cf36619a0847b1@prd-scan-dashboard-0.mail>
2022-03-01 12:59 ` Fwd: " Joel Sherrill
[not found] ` <BN2P110MB1544826C2DADD0A490C6E5E49A029@BN2P110MB1544.NAMP110.PROD.OUTLOOK.COM>
2022-03-01 19:30 ` C Howland
2022-03-01 20:43 ` Joel Sherrill
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAOox84tBoc8Uv=TuGojndoYCYvx5cxMOdQo4Xtd5uX3H2qG38w@mail.gmail.com' \
--to=jjohnstn@redhat.com \
--cc=joel@rtems.org \
--cc=newlib@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).