Fwd: Coverity Scan: Analysis completed for RTEMS-Newlib

Fwd: Coverity Scan: Analysis completed for RTEMS-Newlib

[Joel Sherrill]

[-- Attachment #1.1: Type: text/plain, Size: 2332 bytes --]

Hmmmm.. an email just before the one I forwarded shows 6 new defects were
added in the last commits. They appear to be the same issue I just
forwarded but in different scanf variants.

CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2.
uninit_use_in_call: Using uninitialized value f._flags2 when calling
__ssvfiscanf_r. [show details
<https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980>
]

I have attached the csv of the coverity issues. These are at the bottom.
Hopefully the issue is easily enough to resolve.

It appears that a set was added to the printf() family earlier this year.

We run coverity on newlib up to three times a day if any commits are made
to the repository.

I'm happy to give access to the Scan report.

Thanks.

--joel
RTEMS


---------- Forwarded message ---------
From: <scan-admin@coverity.com>
Date: Fri, Nov 10, 2023 at 12:19 AM
Subject: Coverity Scan: Analysis completed for RTEMS-Newlib
To: <joel.sherrill@gmail.com>



    Your request for analysis of RTEMS-Newlib has been completed
successfully.
    The results are available at
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQDhzrWO-2FHbZ2MPm4jyi4u1w-3D-3DidbI_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrVKfqAO6-2B60K7aFs88IEPbYE-2FUvjNg-2BsC2hXu5wPrYyFwwSApAuE3Xu96hypAbyeyW0RVWi5VMw9V3VkqnidUUYybAYYnowwXpYwl28-2Fi-2FVadx4IQsIfLpf9o9FBjIRnf0s5Bi7qlbgdNPXqIDbqL89uKCmzXxp0Lstnek7l7-2B-2Bw-3D-3D

    Build ID: 569275

    Analysis Summary:
       New defects found: 6
       Defects eliminated: 2

    If you have difficulty understanding any defects, email us at
scan-admin@coverity.com,
    or post your question to StackOverflow
    at
https://u15810271.ct.sendgrid.net/ls/click?upn=CTPegkVN6peWFCMEieYYmPWIi1E4yUS9EoqKFcNAiqhRq8qmgeBE-2Bdt3uvFRAFXdWuYPtetdiJ46h-2Fd1eC1gFA-3D-3D21VZ_CTvEjVoKhyc6dLmJJo1u9AYIk8P8bcAbCPbBDYvYSXrVKfqAO6-2B60K7aFs88IEPbYE-2FUvjNg-2BsC2hXu5wPrYyHoBjY7m25uihlk4Xv7-2BApCTa8VfBvKYhlJiwcEGPxdjCDcyyU26-2FjbzYw85TGVlE-2Bpq1ftPr0YM2RPllG1WTGbsYWwE-2FMC3xZ7cnWW-2B15WlhYOuS36KMJJqMKoXgFrw-2Fg-3D-3D

[-- Attachment #2: Outstanding+Issues.csv --]
[-- Type: text/csv, Size: 14486 bytes --]

CID,Type,Impact,Status,First Detected,Category,File,Classification,Owner,Severity,Action,Component,Function
35160,Improper use of negative value,Medium,New,07/25/14,Integer handling issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,categorize
132459,Copy into fixed size buffer,Low,New,08/13/15,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regerror.c,Unclassified,Unassigned,Unspecified,Undecided,Other,regerror
175325,Free of address-of expression,High,New,02/04/17,Memory - corruptions,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regfree.c,Unclassified,Unassigned,Unspecified,Undecided,Other,regfree
175326,Bad bit shift operation,Medium,New,02/04/17,Integer handling issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdlib/mprec.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__d2b
175327,Bad bit shift operation,Medium,New,02/04/17,Integer handling issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/e_sqrt.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__ieee754_sqrt
175328,Unchecked return value,Medium,New,02/04/17,Error handling issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/stdio.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__swrite
175329,Logically dead code,Medium,New,02/04/17,Control flow issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/ef_j1.c,Unclassified,Unassigned,Unspecified,Undecided,Other,qonef
175334,Explicit null dereferenced,Medium,New,02/04/17,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash_bigkey.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__big_delete
175335,Explicit null dereferenced,Medium,New,02/04/17,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,regcomp
175336,Explicit null dereferenced,Medium,New,02/04/17,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/engine.c,Unclassified,Unassigned,Unspecified,Undecided,Other,smatcher
175337,Explicit null dereferenced,Medium,New,02/04/17,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/engine.c,Unclassified,Unassigned,Unspecified,Undecided,Other,lmatcher
175340,Missing break in switch,Medium,New,02/04/17,Control flow issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,altoffset
175341,Missing break in switch,Medium,New,02/04/17,Control flow issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdlib/strtod.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_strtod_l
175347,Unsigned compared against 0,Medium,New,02/04/17,Control flow issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/common/s_fpclassify.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__fpclassifyd
175350,Out-of-bounds read,High,New,02/04/17,Memory - illegal accesses,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash_page.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__get_page
175351,Out-of-bounds read,High,New,02/04/17,Memory - illegal accesses,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash_page.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__put_page
175352,Out-of-bounds write,High,New,02/04/17,Memory - corruptions,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,computematchjumps
175354,Resource leak,High,New,02/04/17,Resource leaks,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/collate.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__collate_substitute
175355,Resource leak,High,New,02/04/17,Resource leaks,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/argz/argz_add_sep.c,Unclassified,Unassigned,Unspecified,Undecided,Other,argz_add_sep
175357,Resource leak,High,New,02/04/17,Resource leaks,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,computematchjumps
175358,Resource leak,High,New,02/04/17,Resource leaks,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash.c,Unclassified,Unassigned,Unspecified,Undecided,Other,alloc_segs
175360,Dereference before null check,Medium,New,02/04/17,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/collate.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__collate_substitute
175363,Insecure temporary file,Low,New,02/04/17,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash_page.c,Unclassified,Unassigned,Unspecified,Undecided,Other,open_temp
175364,Wrong sizeof argument,Medium,New,02/04/17,Incorrect expression,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/misc/__dprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__dprintf
175365,Sizeof not portable,Low,New,02/04/17,Code maintainability issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__expand_table
175366,Sizeof not portable,Low,New,02/04/17,Code maintainability issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash.c,Unclassified,Unassigned,Unspecified,Undecided,Other,alloc_segs
175367,Copy into fixed size buffer,Low,New,02/04/17,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/collate.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__collate_load_tables
175368,Copy into fixed size buffer,Low,New,02/04/17,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/execvp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,execvp
175370,Untrusted loop bound,Medium,New,02/04/17,Insecure data handling,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash_page.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__get_page
175371,Untrusted allocation size,Medium,New,02/04/17,Insecure data handling,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__hash_open
175373,Time of check time of use,Low,New,02/04/17,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/unix/getcwd.c,Unclassified,Unassigned,Unspecified,Undecided,Other,getcwd
175374,Uninitialized scalar variable,High,New,02/04/17,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/locale/lmessages.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__messages_load_locale
175376,Uninitialized scalar variable,High,New,02/04/17,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/locale/lctype.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__ctype_load_locale
175378,Uninitialized scalar variable,High,New,02/04/17,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/locale/lmonetary.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__monetary_load_locale
175380,Uninitialized scalar variable,High,New,02/04/17,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/locale/lnumeric.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__numeric_load_locale
175381,Unused value,Low,New,02/04/17,Code maintainability issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/common/sf_expm1.c,Unclassified,Unassigned,Unspecified,Undecided,Other,expm1f
175382,Unused value,Low,New,02/04/17,Code maintainability issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/common/s_expm1.c,Unclassified,Unassigned,Unspecified,Undecided,Other,expm1
175384,Use after free,High,New,02/04/17,Memory - illegal accesses,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/tdelete.c,Unclassified,Unassigned,Unspecified,Undecided,Other,tdelete
299363,Time of check time of use,Low,New,09/17/20,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/nftw.c,Unclassified,Unassigned,Unspecified,Undecided,Other,do_nftw
349089,Dereference null return value,Medium,New,06/14/21,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/doc/makedoc.c,Unclassified,Unassigned,Unspecified,Undecided,Other,add_to_definition
349092,Calling risky function,Low,New,06/14/21,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/ssp/gets_chk.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__gets_chk
349093,Copy into fixed size buffer,Low,New,06/14/21,Security best practices violations,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/ndbm.c,Unclassified,Unassigned,Unspecified,Undecided,Other,dbm_open
349094,Untrusted loop bound,Medium,New,06/14/21,Insecure data handling,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/string/strstr.c,Unclassified,Unassigned,Unspecified,Undecided,Other,strstr2
349095,Untrusted loop bound,Medium,New,06/14/21,Insecure data handling,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/string/strstr.c,Unclassified,Unassigned,Unspecified,Undecided,Other,strstr3
349096,String not null terminated,High,New,06/14/21,Memory - illegal accesses,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/collate.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__collate_load_tables
349098,Operands don't affect result,Medium,New,06/14/21,Integer handling issues,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/search/hash.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__hash_open
378851,Out-of-bounds access,High,New,02/15/22,Memory - corruptions,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,nonnewline
387492,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,asniprintf
387493,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asniprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_asniprintf_r
387494,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasiprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_vasiprintf_r
387495,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,asiprintf
387496,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vasniprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_vasniprintf_r
387497,Explicit null dereferenced,Medium,New,03/01/22,Null pointer dereferences,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/asiprintf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_asiprintf_r
398772,Out-of-bounds access,High,New,08/29/22,Memory - corruptions,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/posix/regcomp.c,Unclassified,Unassigned,Unspecified,Undecided,Other,bothcases
398773,Division or modulo by float zero,Medium,New,08/29/22,Incorrect expression,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libm/math/kf_tan.c,Unclassified,Unassigned,Unspecified,Undecided,Other,__kernel_tanf
398779,Uninitialized pointer read,High,New,08/29/22,Memory - illegal accesses,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/swscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_swscanf_r
423227,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vsscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_vsscanf_r
423228,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/sscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,sscanf
423229,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/siscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_siscanf_r
423230,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/siscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,siscanf
423231,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/vsiscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_vsiscanf_r
423232,Uninitialized scalar variable,High,New,11/10/23,Uninitialized variables,/home/joel/rtems-cron-coverity/sourceware-mirror-newlib-cygwin/newlib/libc/stdio/sscanf.c,Unclassified,Unassigned,Unspecified,Undecided,Other,_sscanf_r

Re: Coverity Scan: Analysis completed for RTEMS-Newlib

[Corinna Vinschen]

On Nov 10 08:50, Joel Sherrill wrote:
> Hmmmm.. an email just before the one I forwarded shows 6 new defects were
> added in the last commits. They appear to be the same issue I just
> forwarded but in different scanf variants.
> 
> CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2.
> uninit_use_in_call: Using uninitialized value f._flags2 when calling
> __ssvfiscanf_r. [show details
> <https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980>
> ]

Looks like a false positive.

The ORIENT macro will set or reset the value of the _flags2 __SWID bit
if the _flags __SORD bit isn't set.  It never is set at the start, so
the _flags2 __SWID bit is always set.  And only then, the ORIENT macro
will check the value.


Corinna

Re: Coverity Scan: Analysis completed for RTEMS-Newlib

[Takashi Yano]

On Fri, 10 Nov 2023 16:31:44 +0100
Corinna Vinschen wrote:
> On Nov 10 08:50, Joel Sherrill wrote:
> > Hmmmm.. an email just before the one I forwarded shows 6 new defects were
> > added in the last commits. They appear to be the same issue I just
> > forwarded but in different scanf variants.
> > 
> > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2.
> > uninit_use_in_call: Using uninitialized value f._flags2 when calling
> > __ssvfiscanf_r. [show details
> > <https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980>
> > ]
> 
> Looks like a false positive.
> 
> The ORIENT macro will set or reset the value of the _flags2 __SWID bit
> if the _flags __SORD bit isn't set.  It never is set at the start, so
> the _flags2 __SWID bit is always set.  And only then, the ORIENT macro
> will check the value.

Perhaps, this happens because other bits of _flags2 than __SWID is not
initialized.

Which is better solution do you think?
(1) Modify ORIENT macro so that it returns (ori > 0) ? 1 : -1.
(2) Initialize f._flags2 = 0 in sscanf() family.

-- 
Takashi Yano <takashi.yano@nifty.ne.jp>

Re: Coverity Scan: Analysis completed for RTEMS-Newlib

[Takashi Yano]

On Sat, 11 Nov 2023 00:55:15 +0900
Takashi Yano wrote:
> On Fri, 10 Nov 2023 16:31:44 +0100
> Corinna Vinschen wrote:
> > On Nov 10 08:50, Joel Sherrill wrote:
> > > Hmmmm.. an email just before the one I forwarded shows 6 new defects were
> > > added in the last commits. They appear to be the same issue I just
> > > forwarded but in different scanf variants.
> > > 
> > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2.
> > > uninit_use_in_call: Using uninitialized value f._flags2 when calling
> > > __ssvfiscanf_r. [show details
> > > <https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980>
> > > ]
> > 
> > Looks like a false positive.
> > 
> > The ORIENT macro will set or reset the value of the _flags2 __SWID bit
> > if the _flags __SORD bit isn't set.  It never is set at the start, so
> > the _flags2 __SWID bit is always set.  And only then, the ORIENT macro
> > will check the value.
> 
> Perhaps, this happens because other bits of _flags2 than __SWID is not
> initialized.
> 
> Which is better solution do you think?
> (1) Modify ORIENT macro so that it returns (ori > 0) ? 1 : -1.
> (2) Initialize f._flags2 = 0 in sscanf() family.

Ah, this problem will also occur for sprintf() family. So it seems that
(1) is easier becase f._file = -1 is set at 41 places.

-- 
Takashi Yano <takashi.yano@nifty.ne.jp>

Re: Coverity Scan: Analysis completed for RTEMS-Newlib

[Joel Sherrill]

[-- Attachment #1: Type: text/plain, Size: 1915 bytes --]

On Fri, Nov 10, 2023 at 9:32 AM Corinna Vinschen <vinschen@redhat.com>
wrote:

> On Nov 10 08:50, Joel Sherrill wrote:
> > Hmmmm.. an email just before the one I forwarded shows 6 new defects were
> > added in the last commits. They appear to be the same issue I just
> > forwarded but in different scanf variants.
> >
> > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2.
> > uninit_use_in_call: Using uninitialized value f._flags2 when calling
> > __ssvfiscanf_r. [show details
> > <
> https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980
> >
> > ]
>
> Looks like a false positive.
>
> The ORIENT macro will set or reset the value of the _flags2 __SWID bit
> if the _flags __SORD bit isn't set.  It never is set at the start, so
> the _flags2 __SWID bit is always set.  And only then, the ORIENT macro
> will check the value.
>

Thanks. I will mark them as false positive.

What about the issue in the printf variants? Looks like similar code. Are
they
also false positives? This is from asiprintf.c

37  f._flags = __SWR | __SSTR | __SMBF;

1. assign_zero: Assigning: f._p = NULL.
38  f._bf._base = f._p = NULL;
39  f._bf._size = f._w = 0;
40  f._file = -1;  /* No file. */
41  va_start (ap, fmt);

CID 387497 (#2 of 2): Explicit null dereferenced (FORWARD_NULL)2.
var_deref_model: Passing &f to _svfiprintf_r, which dereferences null f._p.
 [show details
<https://scan3.scan.coverity.com/eventId=13202490-1&modelId=13202490-0&fileInstanceId=104130544&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfprintf.c&fileStart=650&fileEnd=1786>
]
42  ret = _svfiprintf_r (ptr, &f, fmt, ap);

>
>
> Corinna
>
>

Re: Coverity Scan: Analysis completed for RTEMS-Newlib

[Corinna Vinschen]

On Nov 10 11:44, Joel Sherrill wrote:
> On Fri, Nov 10, 2023 at 9:32 AM Corinna Vinschen <vinschen@redhat.com>
> wrote:
> 
> > On Nov 10 08:50, Joel Sherrill wrote:
> > > Hmmmm.. an email just before the one I forwarded shows 6 new defects were
> > > added in the last commits. They appear to be the same issue I just
> > > forwarded but in different scanf variants.
> > >
> > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2.
> > > uninit_use_in_call: Using uninitialized value f._flags2 when calling
> > > __ssvfiscanf_r. [show details
> > > <
> > https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980
> > >
> > > ]
> >
> > Looks like a false positive.
> >
> > The ORIENT macro will set or reset the value of the _flags2 __SWID bit
> > if the _flags __SORD bit isn't set.  It never is set at the start, so
> > the _flags2 __SWID bit is always set.  And only then, the ORIENT macro
> > will check the value.
> >
> 
> Thanks. I will mark them as false positive.
> 
> What about the issue in the printf variants? Looks like similar code. Are
> they
> also false positives? This is from asiprintf.c
> 
> 37  f._flags = __SWR | __SSTR | __SMBF;
> 
> 1. assign_zero: Assigning: f._p = NULL.
> 38  f._bf._base = f._p = NULL;
> 39  f._bf._size = f._w = 0;
> 40  f._file = -1;  /* No file. */
> 41  va_start (ap, fmt);
> 
> CID 387497 (#2 of 2): Explicit null dereferenced (FORWARD_NULL)2.
> var_deref_model: Passing &f to _svfiprintf_r, which dereferences null f._p.
>  [show details
> <https://scan3.scan.coverity.com/eventId=13202490-1&modelId=13202490-0&fileInstanceId=104130544&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfprintf.c&fileStart=650&fileEnd=1786>
> ]
> 42  ret = _svfiprintf_r (ptr, &f, fmt, ap);

Did you try to debug it?


Corinna

Re: Coverity Scan: Analysis completed for RTEMS-Newlib

[Joel Sherrill]

[-- Attachment #1: Type: text/plain, Size: 2334 bytes --]

On Mon, Nov 13, 2023, 7:19 AM Corinna Vinschen <vinschen@redhat.com> wrote:

> On Nov 10 11:44, Joel Sherrill wrote:
> > On Fri, Nov 10, 2023 at 9:32 AM Corinna Vinschen <vinschen@redhat.com>
> > wrote:
> >
> > > On Nov 10 08:50, Joel Sherrill wrote:
> > > > Hmmmm.. an email just before the one I forwarded shows 6 new defects
> were
> > > > added in the last commits. They appear to be the same issue I just
> > > > forwarded but in different scanf variants.
> > > >
> > > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2.
> > > > uninit_use_in_call: Using uninitialized value f._flags2 when calling
> > > > __ssvfiscanf_r. [show details
> > > > <
> > >
> https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980
> > > >
> > > > ]
> > >
> > > Looks like a false positive.
> > >
> > > The ORIENT macro will set or reset the value of the _flags2 __SWID bit
> > > if the _flags __SORD bit isn't set.  It never is set at the start, so
> > > the _flags2 __SWID bit is always set.  And only then, the ORIENT macro
> > > will check the value.
> > >
> >
> > Thanks. I will mark them as false positive.
> >
> > What about the issue in the printf variants? Looks like similar code. Are
> > they
> > also false positives? This is from asiprintf.c
> >
> > 37  f._flags = __SWR | __SSTR | __SMBF;
> >
> > 1. assign_zero: Assigning: f._p = NULL.
> > 38  f._bf._base = f._p = NULL;
> > 39  f._bf._size = f._w = 0;
> > 40  f._file = -1;  /* No file. */
> > 41  va_start (ap, fmt);
> >
> > CID 387497 (#2 of 2): Explicit null dereferenced (FORWARD_NULL)2.
> > var_deref_model: Passing &f to _svfiprintf_r, which dereferences null
> f._p.
> >  [show details
> > <
> https://scan3.scan.coverity.com/eventId=13202490-1&modelId=13202490-0&fileInstanceId=104130544&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfprintf.c&fileStart=650&fileEnd=1786
> >
> > ]
> > 42  ret = _svfiprintf_r (ptr, &f, fmt, ap);
>
> Did you try to debug it?
>

No. It just looked similar and was introduced earlier this year.

--joel

>
>
> Corinna
>
>

Re: Coverity Scan: Analysis completed for RTEMS-Newlib

[Corinna Vinschen]

On Nov 13 08:23, Joel Sherrill wrote:
> On Mon, Nov 13, 2023, 7:19 AM Corinna Vinschen <vinschen@redhat.com> wrote:
> 
> > On Nov 10 11:44, Joel Sherrill wrote:
> > > On Fri, Nov 10, 2023 at 9:32 AM Corinna Vinschen <vinschen@redhat.com>
> > > wrote:
> > >
> > > > On Nov 10 08:50, Joel Sherrill wrote:
> > > > > Hmmmm.. an email just before the one I forwarded shows 6 new defects
> > were
> > > > > added in the last commits. They appear to be the same issue I just
> > > > > forwarded but in different scanf variants.
> > > > >
> > > > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2.
> > > > > uninit_use_in_call: Using uninitialized value f._flags2 when calling
> > > > > __ssvfiscanf_r. [show details
> > > > > <
> > > >
> > https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980
> > > > >
> > > > > ]
> > > >
> > > > Looks like a false positive.
> > > >
> > > > The ORIENT macro will set or reset the value of the _flags2 __SWID bit
> > > > if the _flags __SORD bit isn't set.  It never is set at the start, so
> > > > the _flags2 __SWID bit is always set.  And only then, the ORIENT macro
> > > > will check the value.
> > > >
> > >
> > > Thanks. I will mark them as false positive.
> > >
> > > What about the issue in the printf variants? Looks like similar code. Are
> > > they
> > > also false positives? This is from asiprintf.c
> > >
> > > 37  f._flags = __SWR | __SSTR | __SMBF;
> > >
> > > 1. assign_zero: Assigning: f._p = NULL.
> > > 38  f._bf._base = f._p = NULL;
> > > 39  f._bf._size = f._w = 0;
> > > 40  f._file = -1;  /* No file. */
> > > 41  va_start (ap, fmt);
> > >
> > > CID 387497 (#2 of 2): Explicit null dereferenced (FORWARD_NULL)2.
> > > var_deref_model: Passing &f to _svfiprintf_r, which dereferences null
> > f._p.
> > >  [show details
> > > <
> > https://scan3.scan.coverity.com/eventId=13202490-1&modelId=13202490-0&fileInstanceId=104130544&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfprintf.c&fileStart=650&fileEnd=1786
> > >
> > > ]
> > > 42  ret = _svfiprintf_r (ptr, &f, fmt, ap);
> >
> > Did you try to debug it?
> >
> 
> No. It just looked similar and was introduced earlier this year.

Then please, do.


Thanks,
Corinna

Re: Coverity Scan: Analysis completed for RTEMS-Newlib

[Corinna Vinschen]

On Nov 11 00:59, Takashi Yano wrote:
> On Sat, 11 Nov 2023 00:55:15 +0900
> Takashi Yano wrote:
> > On Fri, 10 Nov 2023 16:31:44 +0100
> > Corinna Vinschen wrote:
> > > On Nov 10 08:50, Joel Sherrill wrote:
> > > > Hmmmm.. an email just before the one I forwarded shows 6 new defects were
> > > > added in the last commits. They appear to be the same issue I just
> > > > forwarded but in different scanf variants.
> > > > 
> > > > CID 423229 (#1 of 1): Uninitialized scalar variable (UNINIT)2.
> > > > uninit_use_in_call: Using uninitialized value f._flags2 when calling
> > > > __ssvfiscanf_r. [show details
> > > > <https://scan3.scan.coverity.com/eventId=13202494-1&modelId=13202494-0&fileInstanceId=104130545&filePath=%2Fhome%2Fjoel%2Frtems-cron-coverity%2Fsourceware-mirror-newlib-cygwin%2Fnewlib%2Flibc%2Fstdio%2Fvfscanf.c&fileStart=400&fileEnd=1980>
> > > > ]
> > > 
> > > Looks like a false positive.
> > > 
> > > The ORIENT macro will set or reset the value of the _flags2 __SWID bit
> > > if the _flags __SORD bit isn't set.  It never is set at the start, so
> > > the _flags2 __SWID bit is always set.  And only then, the ORIENT macro
> > > will check the value.
> > 
> > Perhaps, this happens because other bits of _flags2 than __SWID is not
> > initialized.
> > 
> > Which is better solution do you think?
> > (1) Modify ORIENT macro so that it returns (ori > 0) ? 1 : -1.
> > (2) Initialize f._flags2 = 0 in sscanf() family.
> 
> Ah, this problem will also occur for sprintf() family. So it seems that
> (1) is easier becase f._file = -1 is set at 41 places.

I wonder, though, if setting f._flags2 = 0 isn't all around the better
solution.  That would mean that ORIENT itself doesn't have to become
more complicated, having to check (ori > 0) even in places, where this
isn't a problem.


Corinna