From: Corinna Vinschen <vinschen@redhat.com>
To: Alexey Lapshin <alexey.lapshin@espressif.com>
Cc: Joel Sherrill <joel.sherrill@gmail.com>, Newlib <newlib@sourceware.org>
Subject: Re: New Defects reported by Coverity Scan for RTEMS-Newlib
Date: Tue, 11 Feb 2025 11:40:53 +0100 [thread overview]
Message-ID: <Z6spNXNPyZj-XObC@calimero.vinschen.de> (raw)
In-Reply-To: <CAF9ehCV445OJwX7XriomUZLW43Jz=pubyEHQvBnxTsu+X=U_-A@mail.gmail.com>
Alexey?
On Feb 10 16:56, Joel Sherrill wrote:
> Coverity Scan has spotted a handful of issues with the recent string
> changes.
>
> --joel
>
> ---------- Forwarded message ---------
> From: <scan-admin@coverity.com>
> Date: Mon, Feb 10, 2025 at 4:27 PM
> Subject: New Defects reported by Coverity Scan for RTEMS-Newlib
> To: <joel.sherrill@gmail.com>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to RTEMS-Newlib
> found with Coverity Scan.
>
> 6 new defect(s) introduced to RTEMS-Newlib found with Coverity Scan.
>
>
> New defect(s) Reported-by: Coverity Scan
> Showing 6 of 6 defect(s)
>
>
> ** CID 474676: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/mempcpy.c:
> 68 in mempcpy()
>
>
> ________________________________________________________________________________________________________
> *** CID 474676: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/mempcpy.c:
> 68 in mempcpy()
> 62 while (!TOO_SMALL_BIG_BLOCK(len0))
> 63 {
> 64 *aligned_dst++ = *aligned_src++;
> 65 *aligned_dst++ = *aligned_src++;
> 66 *aligned_dst++ = *aligned_src++;
> 67 *aligned_dst++ = *aligned_src++;
> >>> CID 474676: Integer handling issues (INTEGER_OVERFLOW)
> >>> Expression "len0", underflows the type of "len0", which is type
> "size_t".
> 68 len0 -= BIG_BLOCK_SIZE;
> 69 }
> 70
> 71 /* Copy one long word at a time if possible. */
> 72 while (!TOO_SMALL_LITTLE_BLOCK(len0))
> 73 {
>
> ** CID 474675: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/stpncpy.c:
> 64 in stpncpy()
>
>
> ________________________________________________________________________________________________________
> *** CID 474675: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/stpncpy.c:
> 64 in stpncpy()
> 58 aligned_src = (long*)src;
> 59
> 60 /* SRC and DEST are both LITTLE_BLOCK_SIZE aligned,
> 61 try to do LITTLE_BLOCK_SIZE sized copies. */
> 62 while (!TOO_SMALL_LITTLE_BLOCK (count) &&
> !DETECT_NULL(*aligned_src))
> 63 {
> >>> CID 474675: Integer handling issues (INTEGER_OVERFLOW)
> >>> Expression "count", underflows the type of "count", which is type
> "size_t".
> 64 count -= LITTLE_BLOCK_SIZE;
> 65 *aligned_dst++ = *aligned_src++;
> 66 }
> 67
> 68 dst = (char*)aligned_dst;
> 69 src = (char*)aligned_src;
>
> ** CID 474674: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memccpy.c:
> 96 in memccpy()
>
>
> ________________________________________________________________________________________________________
> *** CID 474674: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memccpy.c:
> 96 in memccpy()
> 90 {
> 91 unsigned long buffer = (unsigned long)(*aligned_src);
> 92 buffer ^= mask;
> 93 if (DETECT_NULL(buffer))
> 94 break; /* endchar is found, go byte by byte from here */
> 95 *aligned_dst++ = *aligned_src++;
> >>> CID 474674: Integer handling issues (INTEGER_OVERFLOW)
> >>> Expression "len0", underflows the type of "len0", which is type
> "size_t".
> 96 len0 -= LITTLE_BLOCK_SIZE;
> 97 }
> 98
> 99 /* Pick up any residual with a byte copier. */
> 100 dst = (unsigned char*)aligned_dst;
> 101 src = (unsigned char*)aligned_src;
>
> ** CID 474673: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memmove.c:
> 88 in memmove()
>
>
> ________________________________________________________________________________________________________
> *** CID 474673: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memmove.c:
> 88 in memmove()
> 82 aligned_src = (long*)src;
> 83
> 84 /* Copy one long word at a time if possible. */
> 85 while (!TOO_SMALL_LITTLE_BLOCK(length))
> 86 {
> 87 *--aligned_dst = *--aligned_src;
> >>> CID 474673: Integer handling issues (INTEGER_OVERFLOW)
> >>> Expression "length", underflows the type of "length", which is type
> "size_t".
> 88 length -= LITTLE_BLOCK_SIZE;
> 89 }
> 90
> 91 /* Pick up any residual with a byte copier. */
> 92 dst = (char*)aligned_dst;
> 93 src = (char*)aligned_src;
>
> ** CID 474672: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memcpy.c:
> 72 in memcpy()
>
>
> ________________________________________________________________________________________________________
> *** CID 474672: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/memcpy.c:
> 72 in memcpy()
> 66 while (!TOO_SMALL_BIG_BLOCK(len0))
> 67 {
> 68 *aligned_dst++ = *aligned_src++;
> 69 *aligned_dst++ = *aligned_src++;
> 70 *aligned_dst++ = *aligned_src++;
> 71 *aligned_dst++ = *aligned_src++;
> >>> CID 474672: Integer handling issues (INTEGER_OVERFLOW)
> >>> Expression "len0", underflows the type of "len0", which is type
> "size_t".
> 72 len0 -= BIG_BLOCK_SIZE;
> 73 }
> 74
> 75 /* Copy one long word at a time if possible. */
> 76 while (!TOO_SMALL_LITTLE_BLOCK(len0))
> 77 {
>
> ** CID 470638: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/strncpy.c:
> 78 in strncpy()
>
>
> ________________________________________________________________________________________________________
> *** CID 470638: Integer handling issues (INTEGER_OVERFLOW)
> /home/joel/rtems-cron-coverity/newlib-cygwin/newlib/libc/string/strncpy.c:
> 78 in strncpy()
> 72 aligned_src = (long*)src;
> 73
> 74 /* SRC and DEST are both "long int" aligned, try to do "long
> int"
> 75 sized copies. */
> 76 while (!TOO_SMALL_LITTLE_BLOCK(count) &&
> !DETECT_NULL(*aligned_src))
> 77 {
> >>> CID 470638: Integer handling issues (INTEGER_OVERFLOW)
> >>> Expression "count", underflows the type of "count", which is type
> "size_t".
> 78 count -= sizeof (long int);
> 79 *aligned_dst++ = *aligned_src++;
> 80 }
> 81
> 82 dst = (char*)aligned_dst;
> 83 src = (char*)aligned_src;
>
>
> ________________________________________________________________________________________________________
> To view the defects in Coverity Scan visit,
> https://scan.coverity.com/projects/rtems-newlib?tab=overview
>
> To manage Coverity Scan email notifications for "joel.sherrill@gmail.com",
> click
> https://scan.coverity.com/subscriptions/edit?email=joel.sherrill%40gmail.com&token=1d6de09a8cf588074bed902a634fe5bc
next prev parent reply other threads:[~2025-02-11 10:41 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <67aa7d4565885_1e98fe2ac1a16659a8550b1@prd-scan-dashboard-0.mail>
2025-02-10 22:56 ` Fwd: " Joel Sherrill
2025-02-11 10:40 ` Corinna Vinschen [this message]
2025-02-11 10:50 ` Alexey Lapshin
2025-02-11 12:02 ` Corinna Vinschen
2025-02-11 15:07 ` Joel Sherrill
2025-02-11 21:24 ` Brian Inglis
[not found] <630d44245d07b_448622ac7e91099ac81e@prd-scan-dashboard-0.mail>
2022-08-29 23:09 ` Fwd: " Joel Sherrill
2022-08-30 19:03 ` Jeff Johnston
2022-08-30 19:03 ` Jeff Johnston
2022-08-31 19:16 ` Jeff Johnston
2022-08-31 19:16 ` Jeff Johnston
2022-08-31 19:58 ` Joel Sherrill
2022-08-31 19:58 ` Joel Sherrill
[not found] <621dbc6e5b779_bb4ce2b0cf36619a0847b1@prd-scan-dashboard-0.mail>
2022-03-01 12:59 ` Fwd: " Joel Sherrill
[not found] ` <BN2P110MB1544826C2DADD0A490C6E5E49A029@BN2P110MB1544.NAMP110.PROD.OUTLOOK.COM>
2022-03-01 19:30 ` C Howland
2022-03-01 20:43 ` Joel Sherrill
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z6spNXNPyZj-XObC@calimero.vinschen.de \
--to=vinschen@redhat.com \
--cc=alexey.lapshin@espressif.com \
--cc=joel.sherrill@gmail.com \
--cc=newlib@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).