lists.lysator.liu.se
Sign In
Sign Up
Sign In
Sign Up
Manage this list
×
Keyboard Shortcuts
Thread View
j
: Next unread message
k
: Previous unread message
j a
: Jump to all threads
j l
: Jump to MailingList overview
2024
October
September
August
July
June
May
April
March
February
January
2023
December
November
October
September
August
July
June
May
April
March
February
January
2022
December
November
October
September
August
July
June
May
April
March
February
January
2021
December
November
October
September
August
July
June
May
April
March
February
January
2020
December
November
October
September
August
July
June
May
April
March
February
January
2019
December
November
October
September
August
July
June
May
April
March
February
January
2018
December
November
October
September
August
July
June
May
April
March
February
January
2017
December
November
October
September
August
July
June
May
April
March
February
January
2016
December
November
October
September
August
July
June
May
April
March
List overview
Download
Pike-automation
----- 2024 -----
October 2024
September 2024
August 2024
July 2024
June 2024
May 2024
April 2024
March 2024
February 2024
January 2024
----- 2023 -----
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
----- 2022 -----
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
April 2022
March 2022
February 2022
January 2022
----- 2021 -----
December 2021
November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
----- 2020 -----
December 2020
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
----- 2019 -----
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
----- 2018 -----
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
----- 2017 -----
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
----- 2016 -----
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
pike-automation@lists.lysator.liu.se
48 discussions
Start a n
N
ew thread
New Defects reported by Coverity Scan for Pike-master
by scan-admin@coverity.com
05 Jul '24
05 Jul '24
Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1609623: (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1609623: (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.1-snapshot/src/threads.c: 3318 in exit_mutex_key_obj() 3312 ITEM(a)[0].u.object->prog) { 3313 /* Linkely: Valid entry. */ 3314 int is_shared = 0; 3315 3316 push_int(2); 3317 if ((a->size < 2) || SAFE_IS_ZERO(ITEM(a) + 1)) { >>> CID 1609623: (FORWARD_NULL) >>> Passing null pointer "mutex_obj" to "apply", which dereferences it. 3318 apply(mutex_obj, "trylock", 1); 3319 } else { 3320 is_shared = 1; 3321 apply(mutex_obj, "try_shared_lock", 1); 3322 } 3323 /home/covbuilder/pike/Pike-v9.1-snapshot/src/threads.c: 3321 in exit_mutex_key_obj() 3315 3316 push_int(2); 3317 if ((a->size < 2) || SAFE_IS_ZERO(ITEM(a) + 1)) { 3318 apply(mutex_obj, "trylock", 1); 3319 } else { 3320 is_shared = 1; >>> CID 1609623: (FORWARD_NULL) >>> Passing null pointer "mutex_obj" to "apply", which dereferences it. 3321 apply(mutex_obj, "try_shared_lock", 1); 3322 } 3323 3324 if (SAFE_IS_ZERO(Pike_sp - 1)) { 3325 pop_stack(); 3326 pop_stack(); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…
1
0
0
0
New Defects reported by Coverity Scan for Pike-master
by scan-admin@coverity.com
30 Jun '24
30 Jun '24
Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1606004: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1606004: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.1-snapshot/src/program.c: 7216 in add_typed_constant() 7210 return define_alias(name, id->type, flags, depth, n); 7211 } 7212 } 7213 } 7214 7215 if (type) { >>> CID 1606004: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "c" to "get_type_of_svalue", which dereferences it. 7216 struct pike_type *tmp = get_type_of_svalue(c); 7217 struct pike_type *tmp2 = and_pike_types(type, tmp); 7218 if (tmp2) { 7219 if (flags & ID_INLINE) { 7220 type = tmp2; 7221 } else { ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…
1
0
0
0
New Defects reported by Coverity Scan for Pike-master
by scan-admin@coverity.com
11 Jun '24
11 Jun '24
Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1603596: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3059 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3059 in pike_gethex() ________________________________________________________________________________________________________ *** CID 1603596: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3059 in pike_gethex() 3053 else if (k > 0) 3054 lostbits = any_on(b,k); 3055 #ifdef IEEE_Arith 3056 else if (check_denorm) 3057 goto no_lostbits; 3058 #endif >>> CID 1603596: (USE_AFTER_FREE) >>> Using freed pointer "x". 3059 if (x[k>>kshift] & 1 << (k & kmask)) 3060 lostbits |= 2; 3061 #ifdef IEEE_Arith 3062 no_lostbits: 3063 #endif 3064 nbits -= n; /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3059 in pike_gethex() 3053 else if (k > 0) 3054 lostbits = any_on(b,k); 3055 #ifdef IEEE_Arith 3056 else if (check_denorm) 3057 goto no_lostbits; 3058 #endif >>> CID 1603596: (USE_AFTER_FREE) >>> Using freed pointer "x". 3059 if (x[k>>kshift] & 1 << (k & kmask)) 3060 lostbits |= 2; 3061 #ifdef IEEE_Arith 3062 no_lostbits: 3063 #endif 3064 nbits -= n; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…
1
0
0
0
New Defects reported by Coverity Scan for Pike-stable
by scan-admin@coverity.com
01 Jun '24
01 Jun '24
Hi, Please find the latest report on new defect(s) introduced to Pike-stable found with Coverity Scan. 41 new defect(s) introduced to Pike-stable found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 41 defect(s) ** CID 1601773: Uninitialized variables (UNINIT) ________________________________________________________________________________________________________ *** CID 1601773: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/requestobject.c: 192 in f_aap_scan_for_query() 186 } 187 } 188 work_area[j++]=c; 189 } 190 191 done: >>> CID 1601773: Uninitialized variables (UNINIT) >>> Using uninitialized value "work_area[begin]" when calling "debug_make_shared_binary_string". 192 TINSERT(THIS->misc_variables, s_not_query, work_area+begin, j-begin+1); 193 free(work_area); 194 195 if(i < len) 196 TINSERT(THIS->misc_variables, s_query, s+i+1, (len-i)-1); 197 else ** CID 1601772: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() ________________________________________________________________________________________________________ *** CID 1601772: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() 1384 }); 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->u.dummy". 1390 HANDLE_PARAM("done_cb", { 1391 assign_svalue(&gc_done_cb, set); 1392 }, { 1393 assign_svalue(&get, &gc_done_cb); 1394 }); 1395 /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() 1369 HANDLE_FLOAT_FACTOR ("garbage_ratio_low", gc_garbage_ratio_low); 1370 HANDLE_FLOAT_FACTOR ("time_ratio", gc_time_ratio); 1371 HANDLE_FLOAT_FACTOR ("garbage_ratio_high", gc_garbage_ratio_high); 1372 HANDLE_FLOAT_FACTOR ("min_gc_time_ratio", gc_min_time_ratio); 1373 HANDLE_FLOAT_FACTOR ("average_slowness", gc_average_slowness); 1374 >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->tu.t.type". 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); 1380 HANDLE_PARAM("post_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() 1379 }); 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "get" when calling "mapping_string_insert". 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); 1390 HANDLE_PARAM("done_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() 1384 }); 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->tu.t.type". 1390 HANDLE_PARAM("done_cb", { 1391 assign_svalue(&gc_done_cb, set); 1392 }, { 1393 assign_svalue(&get, &gc_done_cb); 1394 }); 1395 /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() 1379 }); 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->tu.t.type". 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); 1390 HANDLE_PARAM("done_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() 1379 }); 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->u.dummy". 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); 1390 HANDLE_PARAM("done_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() 1369 HANDLE_FLOAT_FACTOR ("garbage_ratio_low", gc_garbage_ratio_low); 1370 HANDLE_FLOAT_FACTOR ("time_ratio", gc_time_ratio); 1371 HANDLE_FLOAT_FACTOR ("garbage_ratio_high", gc_garbage_ratio_high); 1372 HANDLE_FLOAT_FACTOR ("min_gc_time_ratio", gc_min_time_ratio); 1373 HANDLE_FLOAT_FACTOR ("average_slowness", gc_average_slowness); 1374 >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->u.dummy". 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); 1380 HANDLE_PARAM("post_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() 1374 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->u.dummy". 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); 1385 HANDLE_PARAM("destruct_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() 1369 HANDLE_FLOAT_FACTOR ("garbage_ratio_low", gc_garbage_ratio_low); 1370 HANDLE_FLOAT_FACTOR ("time_ratio", gc_time_ratio); 1371 HANDLE_FLOAT_FACTOR ("garbage_ratio_high", gc_garbage_ratio_high); 1372 HANDLE_FLOAT_FACTOR ("min_gc_time_ratio", gc_min_time_ratio); 1373 HANDLE_FLOAT_FACTOR ("average_slowness", gc_average_slowness); 1374 >>> CID 1601772: (UNINIT) >>> Using uninitialized value "get" when calling "mapping_string_insert". 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); 1380 HANDLE_PARAM("post_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() 1374 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "get" when calling "mapping_string_insert". 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); 1385 HANDLE_PARAM("destruct_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() 1384 }); 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "get" when calling "mapping_string_insert". 1390 HANDLE_PARAM("done_cb", { 1391 assign_svalue(&gc_done_cb, set); 1392 }, { 1393 assign_svalue(&get, &gc_done_cb); 1394 }); 1395 /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() 1374 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->tu.t.type". 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); 1385 HANDLE_PARAM("destruct_cb", { ** CID 1601771: Uninitialized variables (UNINIT) ________________________________________________________________________________________________________ *** CID 1601771: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Inotify/inotify.cmod: 298 in f_Inotify_cq__Instance_add_watch() 292 ev.mask |= IN_ISDIR; 293 } 294 /* FIXME: Handle DT_UNKNOWN. */ 295 #endif /* HAVE_DIRENT_T_TYPE */ 296 297 string_build_mkspace(&THIS->buf, sizeof(ev) + ev.len, 0); >>> CID 1601771: Uninitialized variables (UNINIT) >>> Using uninitialized value "ev". Field "ev.name" is uninitialized when calling "string_builder_binary_strcat0". 298 string_builder_binary_strcat0(&THIS->buf, 299 (p_wchar0 *)&ev, 300 sizeof(ev)); 301 string_builder_strcat(&THIS->buf, dirent->d_name); 302 string_builder_fill(&THIS->buf, pad+1, 303 MKPCHARP("\0\0\0\0\0\0\0\0", 0), 8, 0); ** CID 1601770: (UNINIT) ________________________________________________________________________________________________________ *** CID 1601770: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5912 in add_constant() 5906 { 5907 my_yyerror("Identifier %S defined twice.", name); 5908 return n; 5909 } 5910 5911 /* override */ >>> CID 1601770: (UNINIT) >>> Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "override_identifier". 5912 if ((overridden = override_identifier (&ref, name, 0)) >= 0) { 5913 #ifdef PIKE_DEBUG 5914 struct reference *oref = 5915 Pike_compiler->new_program->identifier_references+overridden; 5916 if((oref->inherit_offset != ref.inherit_offset) || 5917 (oref->identifier_offset != ref.identifier_offset) || /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5926 in add_constant() 5920 } 5921 #endif 5922 return overridden; 5923 } 5924 } 5925 n=Pike_compiler->new_program->num_identifier_references; >>> CID 1601770: (UNINIT) >>> Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references". 5926 add_to_identifier_references(ref); 5927 5928 return n; 5929 } 5930 5931 PMOD_EXPORT int simple_add_constant(const char *name, ** CID 1601769: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5455 in low_define_variable() ________________________________________________________________________________________________________ *** CID 1601769: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5455 in low_define_variable() 5449 5450 add_to_variable_index(ref.identifier_offset); 5451 5452 debug_add_to_identifiers(dummy); 5453 5454 n=Pike_compiler->new_program->num_identifier_references; >>> CID 1601769: Uninitialized variables (UNINIT) >>> Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references". 5455 add_to_identifier_references(ref); 5456 5457 return n; 5458 } 5459 5460 /* type is a textual type */ ** CID 1601768: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5320 in low_define_alias() ________________________________________________________________________________________________________ *** CID 1601768: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5320 in low_define_alias() 5314 ref.inherit_offset=0; 5315 ref.run_time_type = PIKE_T_UNKNOWN; 5316 5317 debug_add_to_identifiers(dummy); 5318 5319 n = Pike_compiler->new_program->num_identifier_references; >>> CID 1601768: Uninitialized variables (UNINIT) >>> Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references". 5320 add_to_identifier_references(ref); 5321 5322 return n; 5323 } 5324 5325 PMOD_EXPORT int define_alias(struct pike_string *name, struct pike_type *type, ** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 3471 in th_num_idle_farmers() ________________________________________________________________________________________________________ *** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 3471 in th_num_idle_farmers() 3465 /* NOT_REACHED */ 3466 return 0;/* Keep the compiler happy. */ 3467 } 3468 3469 int th_num_idle_farmers(void) 3470 { >>> CID 1601765: Concurrent data access violations (MISSING_LOCK) >>> Accessing "_num_idle_farmers" without holding lock "rosie". Elsewhere, "_num_idle_farmers" is written to with "rosie" held 3 out of 3 times. 3471 return _num_idle_farmers; 3472 } 3473 3474 3475 int th_num_farmers(void) 3476 { ** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply() ________________________________________________________________________________________________________ *** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply() 57 58 void drop_reply(int ok) 59 //! Drop reply. 60 { 61 INT_TYPE t,o; 62 get_all_args("reply",args,"%i",&o); >>> CID 1601764: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "guint32". 63 gdk_drop_reply((GdkDragContext *)THIS->obj,o,time(NULL)); 64 RETURN_THIS(); 65 } 66 67 void drag_set_icon_widget(GTK2.Widget widget, int hot_x, int hot_y) 68 //! Set the drag widget. This is a widget that will be shown, and then ** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time() ________________________________________________________________________________________________________ *** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time() 41 //! Get the flags. 42 43 int get_initial_time(); 44 //! Queries the initial time that was set using set_time() or during creation. 45 46 >>> CID 1601762: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_initial_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint". ** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6077 in f_count_memory() /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6097 in f_count_memory() /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6100 in f_count_memory() /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6071 in f_count_memory() ________________________________________________________________________________________________________ *** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6077 in f_count_memory() 6071 DO_AGGREGATE_ARRAY (120); 6072 } 6073 } 6074 if (list == &mc_incomplete) list = &mc_indirect; 6075 else break; 6076 } >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6077 } END_AGGREGATE_ARRAY; 6078 args++; 6079 mapping_string_insert (opts, ind, Pike_sp - 1); 6080 } 6081 6082 MAKE_CONST_STRING (ind, "collect_direct_externals"); /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6097 in f_count_memory() 6091 assert (m->flags & MC_FLAG_LA_VISITED); 6092 if (type <= MAX_TYPE) { 6093 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6094 add_ref ((struct ref_dummy *) m->thing); 6095 dmalloc_touch_svalue (Pike_sp); 6096 Pike_sp++; >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6097 DO_AGGREGATE_ARRAY (120); 6098 } 6099 } 6100 } END_AGGREGATE_ARRAY; 6101 args++; 6102 mapping_string_insert (opts, ind, Pike_sp - 1); /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6100 in f_count_memory() 6094 add_ref ((struct ref_dummy *) m->thing); 6095 dmalloc_touch_svalue (Pike_sp); 6096 Pike_sp++; 6097 DO_AGGREGATE_ARRAY (120); 6098 } 6099 } >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6100 } END_AGGREGATE_ARRAY; 6101 args++; 6102 mapping_string_insert (opts, ind, Pike_sp - 1); 6103 } 6104 } 6105 /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6071 in f_count_memory() 6065 assert (m->flags & MC_FLAG_LA_VISITED); 6066 if (type <= MAX_TYPE) { 6067 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6068 add_ref ((struct ref_dummy *) m->thing); 6069 dmalloc_touch_svalue (Pike_sp); 6070 Pike_sp++; >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6071 DO_AGGREGATE_ARRAY (120); 6072 } 6073 } 6074 if (list == &mc_incomplete) list = &mc_indirect; 6075 else break; 6076 } ** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time() ________________________________________________________________________________________________________ *** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time() 28 //! be the one represented by the_time. 29 30 int get_time(); 31 //! Return the time entered in the widget. 32 33 void set_popup_range(int low_hour, int up_hour); >>> CID 1601755: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint". 34 //! Sets the range of times that will be provide by the time popup 35 //! selectors. 36 37 void set_flags(int flags); 38 //! Bitwise or of CONST(GNOME_DATE_EDIT_). 39 ** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/timeout.c: 230 in aap_exit_timeouts() ________________________________________________________________________________________________________ *** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/timeout.c: 230 in aap_exit_timeouts() 224 #ifdef AAP_DEBUG 225 fprintf(stderr, "AAP: aap_exit_timeouts.\n"); 226 #endif /* AAP_DEBUG */ 227 THREADS_ALLOW(); 228 mt_lock (&aap_timeout_mutex); 229 aap_time_to_die = 1; >>> CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) >>> The wait condition prompting the wait upon "aap_timeout_mutex" is not checked correctly. This code can wait for a condition that has already been satisfied, which can cause a never-ending wait. 230 co_wait (&aap_timeout_thread_is_dead, &aap_timeout_mutex); 231 mt_unlock (&aap_timeout_mutex); 232 THREADS_DISALLOW(); 233 mt_destroy (&aap_timeout_mutex); 234 co_destroy (&aap_timeout_thread_is_dead); 235 #ifdef AAP_DEBUG ** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/log.c: 117 in f_aap_log_exists() ________________________________________________________________________________________________________ *** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/log.c: 117 in f_aap_log_exists() 111 f_aggregate(n); 112 } 113 } 114 115 void f_aap_log_exists(INT32 UNUSED(args)) 116 { >>> CID 1601753: Concurrent data access violations (MISSING_LOCK) >>> Accessing "((struct args *)Pike_interpreter_pointer->frame_pointer->current_storage)->log->log_head" without holding lock "log.log_lock". Elsewhere, "log.log_head" is written to with "log.log_lock" held 5 out of 5 times. 117 if(LTHIS->log->log_head) 118 push_int(1); 119 else 120 push_int(0); 121 } 122 ** CID 1601752: Insecure data handling (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1601752: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/ilbm.c: 541 in image_ilbm__decode() 535 push_object(clone_object(image_colortable_program,1)); 536 ctable=get_storage(sp[-1].u.object, 537 image_colortable_program); 538 n++; 539 } 540 >>> CID 1601752: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted expression "bmhd.h" to "parse_body", which uses it as a loop boundary. 541 parse_body(&bmhd, STR0(ITEM(arr)[5].u.string), ITEM(arr)[5].u.string->len, 542 img, alpha, ctable, !!(camg & CAMG_HAM)); 543 544 f_aggregate_mapping(2*n); 545 stack_swap(); 546 pop_stack(); ** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_WhiteFish/blob.c: 122 in wf_blob_hit() ________________________________________________________________________________________________________ *** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_WhiteFish/blob.c: 122 in wf_blob_hit() 116 { 117 Hit hit; 118 if( b->eof ) 119 { 120 hit.type = HIT_NOTHING; 121 hit.raw = 0; >>> CID 1601751: Uninitialized variables (UNINIT) >>> Using uninitialized value "hit". Field "hit.u" is uninitialized. 122 return hit; 123 } 124 else 125 { 126 int off = b->b->rpos + 5 + n*2; 127 unsigned char h = b->b->data[ off ]; ** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 703 in init_gz_deflate() ________________________________________________________________________________________________________ *** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 703 in init_gz_deflate() 697 mt_init(& THIS->lock); 698 memset(& THIS->gz, 0, sizeof(THIS->gz)); 699 THIS->gz.zalloc=Z_NULL; 700 THIS->gz.zfree=Z_NULL; 701 THIS->gz.opaque=(void *)THIS; 702 THIS->state=0; >>> CID 1601750: Error handling issues (CHECKED_RETURN) >>> Calling "deflateInit_(&((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->gz, ((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->level = -1, "1.2.8", 112)" without checking return value. It wraps a library function that may fail and return an error code. 703 deflateInit(& THIS->gz, THIS->level = Z_DEFAULT_COMPRESSION); 704 THIS->epilogue = NULL; 705 } 706 707 static void exit_gz_deflate(struct object *UNUSED(o)) 708 { ** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_Stdio/sendfile.c: 692 in low_do_sendfile() ________________________________________________________________________________________________________ *** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_Stdio/sendfile.c: 692 in low_do_sendfile() 686 len = DO_NOT_WARN ((ptrdiff_t) this->len); 687 while ((buflen = fd_read(this->from_fd, this->buffer, len)) > 0) { 688 char *buf = this->buffer; 689 this->len -= buflen; 690 this->offset += buflen; 691 while (buflen) { >>> CID 1601749: Memory - corruptions (OVERRUN) >>> Calling "write" with "buf" and "buflen" is suspicious because of the very large index, 9223372036854775807. The index may be due to a negative parameter being interpreted as unsigned. 692 ptrdiff_t wrlen = fd_write(this->to_fd, buf, buflen); 693 if ((wrlen < 0) && (errno == EINTR)) { 694 continue; 695 } else if (wrlen < 0) { 696 goto send_trailers; 697 } ** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 987 in low_init_threads_disable() ________________________________________________________________________________________________________ *** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 987 in low_init_threads_disable() 981 } 982 } 983 984 THREADS_FPRINTF(0, (stderr, 985 "low_init_threads_disable(): Disabling threads.\n")); 986 >>> CID 1601748: Data race undermines locking (LOCK_EVASION) >>> Thread1 sets "threads_disabled" to a new value. Now the two threads have an inconsistent view of "threads_disabled" and updates to fields correlated with "threads_disabled" may be lost. 987 threads_disabled = 1; 988 threads_disabled_start = get_real_time(); 989 #ifdef PIKE_DEBUG 990 threads_disabled_thread = th_self(); 991 #endif 992 } else { ** CID 1601745: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/DVB/dvb.c: 860 in f_parse_pat() ________________________________________________________________________________________________________ *** CID 1601745: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/DVB/dvb.c: 860 in f_parse_pat() 854 if (n < 2) { 855 push_int(0); 856 return; 857 } 858 859 length = ((buffer[2] & 0x0F) << 8) | buffer[3]; >>> CID 1601745: Insecure data handling (TAINTED_SCALAR) >>> Using tainted variable "length - 4" as a loop boundary. 860 for (index=9; index<length-4 && index<184; index +=4) 861 { 862 p = (buffer[index] << 8) | buffer[index+1]; 863 push_int(p); 864 pid = ((buffer[index+2] << 8) | buffer[index+3]) & 0x1FFF; 865 push_int(pid); ** CID 1601744: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 923 in i_img_bmp__decode() ________________________________________________________________________________________________________ *** CID 1601744: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 923 in i_img_bmp__decode() 917 } 918 break; 919 default: 920 #ifdef RLE_DEBUG 921 fprintf(stderr,"rle data %02x %02x\n",s[0],s[1]); 922 #endif >>> CID 1601744: Insecure data handling (TAINTED_SCALAR) >>> Using tainted variable "s[0]" as a loop boundary. 923 for (i=0; i<s[0] && d<maxd; i++) 924 if (s[1] > nct->u.flat.numentries) 925 d++; 926 else 927 *(d++) = nct->u.flat.entries[s[1]].color; 928 break; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…
1
0
0
0
New Defects reported by Coverity Scan for Pike-master
by scan-admin@coverity.com
01 Jun '24
01 Jun '24
Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 53 new defect(s) introduced to Pike-master found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 53 defect(s) ** CID 1601767: (RESOURCE_LEAK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3023 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3035 in pike_gethex() ________________________________________________________________________________________________________ *** CID 1601767: (RESOURCE_LEAK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3023 in pike_gethex() 3017 k = n - 1; 3018 #ifdef IEEE_Arith 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { >>> CID 1601767: (RESOURCE_LEAK) >>> Ignoring storage allocated by "multadd(b, 1, 1)" leaks it. 3023 multadd(b, 1, 1 MTa); 3024 emin_check: 3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3035 in pike_gethex() 3029 } 3030 } 3031 break; 3032 case Round_up: 3033 if (!sign && (lostbits || (b->x[0] & 1))) { 3034 incr_denorm: >>> CID 1601767: (RESOURCE_LEAK) >>> Ignoring storage allocated by "multadd(b, 1, 2)" leaks it. 3035 multadd(b, 1, 2 MTa); 3036 check_denorm = 1; 3037 lostbits = 0; 3038 goto emin_check; 3039 } 3040 break; ** CID 1601766: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/program.c: 2096 in add_identifier() ________________________________________________________________________________________________________ *** CID 1601766: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/program.c: 2096 in add_identifier() 2090 if ((identifier_flags & (IDENTIFIER_VARIABLE|IDENTIFIER_ALIAS)) == 2091 IDENTIFIER_VARIABLE) { 2092 add_to_variable_index(ref.identifier_offset); 2093 } 2094 2095 n = Pike_compiler->new_program->num_identifier_references; >>> CID 1601766: Uninitialized variables (UNINIT) >>> Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references". 2096 add_to_identifier_references(ref); 2097 2098 return n; 2099 } 2100 2101 void use_module(struct svalue *s) ** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 4239 in th_num_idle_farmers() ________________________________________________________________________________________________________ *** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 4239 in th_num_idle_farmers() 4233 } while(1); 4234 UNREACHABLE(); 4235 } 4236 4237 int th_num_idle_farmers(void) 4238 { >>> CID 1601765: Concurrent data access violations (MISSING_LOCK) >>> Accessing "_num_idle_farmers" without holding lock "rosie". Elsewhere, "_num_idle_farmers" is written to with "rosie" held 3 out of 3 times. 4239 return _num_idle_farmers; 4240 } 4241 4242 4243 int th_num_farmers(void) 4244 { ** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply() ________________________________________________________________________________________________________ *** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply() 57 58 void drop_reply(int ok) 59 //! Drop reply. 60 { 61 INT_TYPE t,o; 62 get_all_args(NULL,args,"%i",&o); >>> CID 1601764: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "guint32". 63 gdk_drop_reply((GdkDragContext *)THIS->obj,o,time(NULL)); 64 RETURN_THIS(); 65 } 66 67 void drag_set_icon_widget(GTK2.Widget widget, int hot_x, int hot_y) 68 //! Set the drag widget. This is a widget that will be shown, and then ** CID 1601763: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() ________________________________________________________________________________________________________ *** CID 1601763: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check: >>> CID 1601763: (USE_AFTER_FREE) >>> Dereferencing freed pointer "b". 3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check: >>> CID 1601763: (USE_AFTER_FREE) >>> Dereferencing freed pointer "b". 3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check: >>> CID 1601763: (USE_AFTER_FREE) >>> Dereferencing freed pointer "b". 3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check: >>> CID 1601763: (USE_AFTER_FREE) >>> Dereferencing freed pointer "b". 3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 } ** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time() ________________________________________________________________________________________________________ *** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time() 41 //! Get the flags. 42 43 int get_initial_time(); 44 //! Queries the initial time that was set using set_time() or during creation. 45 46 >>> CID 1601762: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_initial_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint". ** CID 1601761: Null pointer dereferences (NULL_RETURNS) ________________________________________________________________________________________________________ *** CID 1601761: Null pointer dereferences (NULL_RETURNS) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/system/system.c: 2129 in describe_hostent() 2123 INT32 nelem = 0; 2124 2125 for (p = hp->h_addr_list; *p != 0; p++) { 2126 #ifdef fd_inet_ntop 2127 char buffer[64]; 2128 >>> CID 1601761: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing a pointer that might be "NULL" "inet_ntop(hp->h_addrtype, *p, buffer, 64U)" when calling "push_text". 2129 push_text(fd_inet_ntop(hp->h_addrtype, *p, buffer, sizeof(buffer))); 2130 #else 2131 struct in_addr in; 2132 2133 memcpy(&in.s_addr, *p, sizeof (in.s_addr)); 2134 push_text(inet_ntoa(in)); ** CID 1601760: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/builtin_functions.c: 6328 in mktime_zone() ________________________________________________________________________________________________________ *** CID 1601760: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/builtin_functions.c: 6328 in mktime_zone() 6322 /* Restore tm_year. */ 6323 date->tm_year -= ydelta; 6324 #endif 6325 6326 retval += ret; 6327 >>> CID 1601760: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "retval < -9223372036854775808L /* -9223372036854775807L - 1L */" is always false regardless of the values of its operands. This occurs as the logical first operand of "||". 6328 if ((retval < MIN_TIME_T) || (retval > MAX_TIME_T)) { 6329 #ifdef EOVERFLOW 6330 errno = EOVERFLOW; 6331 #else 6332 /* NT does not have EOVERFLOW. */ 6333 errno = ERANGE; ** CID 1601759: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3090 in pike_gethex() ________________________________________________________________________________________________________ *** CID 1601759: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3090 in pike_gethex() 3084 x = b->x; 3085 if (!denorm && (b->wds > k 3086 || ((n = nbits & kmask) !=0 3087 && hi0bits(x[k-1]) < 32-n))) { 3088 rshift(b,1); 3089 if (++e > Emax) >>> CID 1601759: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "goto ovfl;". 3090 goto ovfl; 3091 } 3092 } 3093 } 3094 #ifdef IEEE_Arith 3095 if (denorm) ** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6064 in f_count_memory() /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6084 in f_count_memory() /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6058 in f_count_memory() /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6087 in f_count_memory() ________________________________________________________________________________________________________ *** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6064 in f_count_memory() 6058 DO_AGGREGATE_ARRAY (120); 6059 } 6060 } 6061 if (list == &mc_incomplete) list = &mc_indirect; 6062 else break; 6063 } >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6064 } END_AGGREGATE_ARRAY; 6065 args++; 6066 mapping_string_insert (opts, ind, Pike_sp - 1); 6067 } 6068 6069 MAKE_CONST_STRING (ind, "collect_direct_externals"); /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6084 in f_count_memory() 6078 assert (m->flags & MC_FLAG_LA_VISITED); 6079 if (type <= MAX_TYPE) { 6080 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6081 add_ref ((struct ref_dummy *) m->thing); 6082 dmalloc_touch_svalue (Pike_sp); 6083 Pike_sp++; >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6084 DO_AGGREGATE_ARRAY (120); 6085 } 6086 } 6087 } END_AGGREGATE_ARRAY; 6088 args++; 6089 mapping_string_insert (opts, ind, Pike_sp - 1); /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6058 in f_count_memory() 6052 assert (m->flags & MC_FLAG_LA_VISITED); 6053 if (type <= MAX_TYPE) { 6054 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6055 add_ref ((struct ref_dummy *) m->thing); 6056 dmalloc_touch_svalue (Pike_sp); 6057 Pike_sp++; >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6058 DO_AGGREGATE_ARRAY (120); 6059 } 6060 } 6061 if (list == &mc_incomplete) list = &mc_indirect; 6062 else break; 6063 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6087 in f_count_memory() 6081 add_ref ((struct ref_dummy *) m->thing); 6082 dmalloc_touch_svalue (Pike_sp); 6083 Pike_sp++; 6084 DO_AGGREGATE_ARRAY (120); 6085 } 6086 } >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6087 } END_AGGREGATE_ARRAY; 6088 args++; 6089 mapping_string_insert (opts, ind, Pike_sp - 1); 6090 } 6091 } 6092 ** CID 1601757: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/Shuffler/Shuffler.cmod: 464 in f_Shuffle_set_done_callback() ________________________________________________________________________________________________________ *** CID 1601757: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/Shuffler/Shuffler.cmod: 464 in f_Shuffle_set_done_callback() 458 *! 459 */ 460 optflags OPT_SIDE_EFFECT; 461 { 462 SHUFFLE_DEBUG2("set_done_callback(%p)\n", THIS, cb->u.object ); 463 assign_svalue( &THIS->done_callback,cb); >>> CID 1601757: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "_from". 464 } 465 466 PIKEFUN void set_request_arg( mixed arg ) 467 /*! @decl void set_request_arg( mixed arg ) 468 *! 469 *! Sets the extra argument sent to @[Throttler()->request()] and ** CID 1601756: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() ________________________________________________________________________________________________________ *** CID 1601756: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() 2007 else 2008 switch (find_type) { 2009 case FIND_LESS: 2010 case FIND_GREATER: 2011 sub_extra_ref (msd); 2012 if (prepare_for_add (l, 1)) { >>> CID 1601756: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2013 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2014 msd = l->msd; 2015 } 2016 ALLOC_MSNODE (msd, l->node_refs, new); 2017 goto add; 2018 /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() 2007 else 2008 switch (find_type) { 2009 case FIND_LESS: 2010 case FIND_GREATER: 2011 sub_extra_ref (msd); 2012 if (prepare_for_add (l, 1)) { >>> CID 1601756: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2013 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2014 msd = l->msd; 2015 } 2016 ALLOC_MSNODE (msd, l->node_refs, new); 2017 goto add; 2018 /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() 2007 else 2008 switch (find_type) { 2009 case FIND_LESS: 2010 case FIND_GREATER: 2011 sub_extra_ref (msd); 2012 if (prepare_for_add (l, 1)) { >>> CID 1601756: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2013 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2014 msd = l->msd; 2015 } 2016 ALLOC_MSNODE (msd, l->node_refs, new); 2017 goto add; 2018 ** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time() ________________________________________________________________________________________________________ *** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time() 28 //! be the one represented by the_time. 29 30 int get_time(); 31 //! Return the time entered in the widget. 32 33 void set_popup_range(int low_hour, int up_hour); >>> CID 1601755: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint". 34 //! Sets the range of times that will be provide by the time popup 35 //! selectors. 36 37 void set_flags(int flags); 38 //! Bitwise or of CONST(GNOME_DATE_EDIT_). 39 ** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/timeout.c: 222 in aap_exit_timeouts() ________________________________________________________________________________________________________ *** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/timeout.c: 222 in aap_exit_timeouts() 216 { 217 void *res; 218 DWERROR("AAP: aap_exit_timeouts.\n"); 219 THREADS_ALLOW(); 220 mt_lock (&aap_timeout_mutex); 221 aap_time_to_die = 1; >>> CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) >>> The wait condition prompting the wait upon "aap_timeout_mutex" is not checked correctly. This code can wait for a condition that has already been satisfied, which can cause a never-ending wait. 222 co_wait (&aap_timeout_thread_is_dead, &aap_timeout_mutex); 223 mt_unlock (&aap_timeout_mutex); 224 THREADS_DISALLOW(); 225 mt_destroy (&aap_timeout_mutex); 226 co_destroy (&aap_timeout_thread_is_dead); 227 DWERROR("AAP: aap_exit_timeouts done.\n"); 228 } 229 #endif ** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/log.c: 113 in f_aap_log_exists() ________________________________________________________________________________________________________ *** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/log.c: 113 in f_aap_log_exists() 107 f_aggregate(n); 108 } 109 } 110 111 void f_aap_log_exists(INT32 UNUSED(args)) 112 { >>> CID 1601753: Concurrent data access violations (MISSING_LOCK) >>> Accessing "((struct args *)Pike_interpreter_pointer->frame_pointer->current_storage)->log->log_head" without holding lock "log.log_lock". Elsewhere, "log.log_head" is written to with "log.log_lock" held 5 out of 5 times. 113 if(LTHIS->log->log_head) 114 push_int(1); 115 else 116 push_int(0); 117 } 118 ** CID 1601752: Insecure data handling (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1601752: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/Image/encodings/ilbm.c: 547 in image_ilbm__decode() 541 push_object(clone_object(image_colortable_program,1)); 542 ctable=get_storage(sp[-1].u.object, 543 image_colortable_program); 544 n++; 545 } 546 >>> CID 1601752: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted expression "bmhd.h" to "parse_body", which uses it as a loop boundary. 547 parse_body(&bmhd, STR0(ITEM(arr)[5].u.string), ITEM(arr)[5].u.string->len, 548 img, alpha, ctable, !!(camg & CAMG_HAM)); 549 550 f_aggregate_mapping(2*n); 551 stack_swap(); 552 pop_stack(); ** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_WhiteFish/blob.c: 127 in wf_blob_hit() ________________________________________________________________________________________________________ *** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_WhiteFish/blob.c: 127 in wf_blob_hit() 121 { 122 Hit hit; 123 if( b->eof ) 124 { 125 hit.type = HIT_NOTHING; 126 hit.raw = 0; >>> CID 1601751: Uninitialized variables (UNINIT) >>> Using uninitialized value "hit". Field "hit.u" is uninitialized. 127 return hit; 128 } 129 else 130 { 131 int off = b->b->rpos + 5 + n*2; 132 unsigned char h = b->b->data[ off ]; ** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Gz/zlibmod.c: 695 in init_gz_deflate() ________________________________________________________________________________________________________ *** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Gz/zlibmod.c: 695 in init_gz_deflate() 689 { 690 mt_init(& THIS->lock); 691 THIS->gz.zalloc=Z_NULL; 692 THIS->gz.zfree=Z_NULL; 693 THIS->gz.opaque=(void *)THIS; 694 THIS->state=0; >>> CID 1601750: Error handling issues (CHECKED_RETURN) >>> Calling "deflateInit_(&((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->gz, ((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->level = -1, "1.2.8", 112)" without checking return value. It wraps a library function that may fail and return an error code. 695 deflateInit(& THIS->gz, THIS->level = Z_DEFAULT_COMPRESSION); 696 THIS->epilogue = NULL; 697 } 698 699 static void exit_gz_deflate(struct object *UNUSED(o)) 700 { ** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Stdio/sendfile.c: 612 in low_do_sendfile() ________________________________________________________________________________________________________ *** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Stdio/sendfile.c: 612 in low_do_sendfile() 606 len = (ptrdiff_t) this->len; 607 while ((buflen = fd_read(this->from_fd, this->buffer, len)) > 0) { 608 char *buf = this->buffer; 609 this->len -= buflen; 610 this->offset += buflen; 611 while (buflen) { >>> CID 1601749: Memory - corruptions (OVERRUN) >>> Calling "write" with "buf" and "buflen" is suspicious because of the very large index, 9223372036854775807. The index may be due to a negative parameter being interpreted as unsigned. 612 ptrdiff_t wrlen = fd_write(this->to_fd, buf, buflen); 613 if ((wrlen < 0) && (errno == EINTR)) { 614 continue; 615 } else if (wrlen < 0) { 616 goto send_trailers; 617 } ** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 965 in low_init_threads_disable() ________________________________________________________________________________________________________ *** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 965 in low_init_threads_disable() 959 im = im->next; 960 } 961 } 962 963 THREADS_FPRINTF(0, "low_init_threads_disable(): Disabling threads.\n"); 964 >>> CID 1601748: Data race undermines locking (LOCK_EVASION) >>> Thread1 sets "threads_disabled" to a new value. Now the two threads have an inconsistent view of "threads_disabled" and updates to fields correlated with "threads_disabled" may be lost. 965 threads_disabled = 1; 966 threads_disabled_start = get_real_time(); 967 #ifdef PIKE_DEBUG 968 threads_disabled_thread = th_self(); 969 #endif 970 } else { ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…
1
0
0
0
New Defects reported by Coverity Scan for Pike-master
by scan-admin@coverity.com
13 Nov '20
13 Nov '20
Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 3 new defect(s) introduced to Pike-master found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1458076: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3724 in yysyntax_error() ________________________________________________________________________________________________________ *** CID 1458076: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3724 in yysyntax_error() 3718 } 3719 3720 if (*yymsg_alloc < yysize) 3721 { 3722 *yymsg_alloc = 2 * yysize; 3723 if (! (yysize <= *yymsg_alloc >>> CID 1458076: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "*yymsg_alloc <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&". 3724 && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) 3725 *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; 3726 return 1; 3727 } 3728 3729 /* Avoid sprintf, as that infringes on the user's name space. ** CID 1458072: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3714 in yysyntax_error() /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3685 in yysyntax_error() ________________________________________________________________________________________________________ *** CID 1458072: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3714 in yysyntax_error() 3708 } 3709 3710 { 3711 /* Don't count the "%s"s in the final size, but reserve room for 3712 the terminator. */ 3713 YYPTRDIFF_T yysize1 = yysize + (yystrlen (yyformat) - 2 * yycount) + 1; >>> CID 1458072: (CONSTANT_EXPRESSION_RESULT) >>> "yysize1 <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&". 3714 if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) 3715 yysize = yysize1; 3716 else 3717 return 2; 3718 } 3719 /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3685 in yysyntax_error() 3679 break; 3680 } 3681 yyarg[yycount++] = yytname[yyx]; 3682 { 3683 YYPTRDIFF_T yysize1 3684 = yysize + yytnamerr (YY_NULLPTR, yytname[yyx]); >>> CID 1458072: (CONSTANT_EXPRESSION_RESULT) >>> "yysize1 <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&". 3685 if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) 3686 yysize = yysize1; 3687 else 3688 return 2; 3689 } 3690 } ** CID 20290: Control flow issues (MISSING_BREAK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3580 in yytnamerr() ________________________________________________________________________________________________________ *** CID 20290: Control flow issues (MISSING_BREAK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3580 in yytnamerr() 3574 switch (*++yyp) 3575 { 3576 case '\'': 3577 case ',': 3578 goto do_not_strip_quotes; 3579 >>> CID 20290: Control flow issues (MISSING_BREAK) >>> The case for value "'\\'" is not terminated by a 'break' statement. 3580 case '\\': 3581 if (*++yyp != '\\') 3582 goto do_not_strip_quotes; 3583 else 3584 goto append; 3585 ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…
1
0
0
0
New Defects reported by Coverity Scan for Pike-stable
by scan-admin@coverity.com
01 Jul '20
01 Jul '20
Hi, Please find the latest report on new defect(s) introduced to Pike-stable found with Coverity Scan. 21 new defect(s) introduced to Pike-stable found with Coverity Scan. 13 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 21 defect(s) ** CID 1465079: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() ________________________________________________________________________________________________________ *** CID 1465079: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() 2012 else 2013 switch (find_type) { 2014 case FIND_LESS: 2015 case FIND_GREATER: 2016 sub_extra_ref (msd); 2017 if (prepare_for_add (l, 1)) { >>> CID 1465079: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2018 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2019 msd = l->msd; 2020 } 2021 ALLOC_MSNODE (msd, l->node_refs, new); 2022 goto insert; 2023 /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() 2012 else 2013 switch (find_type) { 2014 case FIND_LESS: 2015 case FIND_GREATER: 2016 sub_extra_ref (msd); 2017 if (prepare_for_add (l, 1)) { >>> CID 1465079: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2018 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2019 msd = l->msd; 2020 } 2021 ALLOC_MSNODE (msd, l->node_refs, new); 2022 goto insert; 2023 /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() 2012 else 2013 switch (find_type) { 2014 case FIND_LESS: 2015 case FIND_GREATER: 2016 sub_extra_ref (msd); 2017 if (prepare_for_add (l, 1)) { >>> CID 1465079: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2018 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2019 msd = l->msd; 2020 } 2021 ALLOC_MSNODE (msd, l->node_refs, new); 2022 goto insert; 2023 ** CID 1465078: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2871 in merge_multisets() /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2824 in merge_multisets() /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2824 in merge_multisets() /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2871 in merge_multisets() ________________________________________________________________________________________________________ *** CID 1465078: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2871 in merge_multisets() 2865 val_types |= 1 << TYPEOF(RBNODE (m.b_node)->iv.val); 2866 } 2867 }, { /* Free m.b_node. */ 2868 }); 2869 2870 else /* Destructive on a. */ >>> CID 1465078: (USE_AFTER_FREE) >>> Passing freed pointer "res_msd" as an argument to "merge_shift_ptrs". 2871 LOW_RB_MERGE ( 2872 ic_da, m.a_node, m.b_node, 2873 m.res_list, m.res_length, operation, 2874 2875 { 2876 low_use_multiset_index (RBNODE (m.a_node), a_ind); /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2824 in merge_multisets() 2818 if (TYPEOF(m.res->msd->cmp_less) == T_INT) { 2819 struct multiset_data *res_msd = m.res->msd; 2820 struct svalue a_ind, b_ind; 2821 m.a_node = HDR (m.a->msd->root), m.b_node = HDR (m.rd.b_msd->root); 2822 2823 if (m.rd.a_msd) /* Not destructive on a. */ >>> CID 1465078: (USE_AFTER_FREE) >>> Passing freed pointer "res_msd" as an argument to "merge_shift_ptrs". 2824 LOW_RB_MERGE ( 2825 ic_nd, m.a_node, m.b_node, 2826 m.res_list, m.res_length, operation, 2827 2828 { 2829 low_use_multiset_index (RBNODE (m.a_node), a_ind); /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2824 in merge_multisets() 2818 if (TYPEOF(m.res->msd->cmp_less) == T_INT) { 2819 struct multiset_data *res_msd = m.res->msd; 2820 struct svalue a_ind, b_ind; 2821 m.a_node = HDR (m.a->msd->root), m.b_node = HDR (m.rd.b_msd->root); 2822 2823 if (m.rd.a_msd) /* Not destructive on a. */ >>> CID 1465078: (USE_AFTER_FREE) >>> Passing freed pointer "res_msd" as an argument to "merge_shift_ptrs". 2824 LOW_RB_MERGE ( 2825 ic_nd, m.a_node, m.b_node, 2826 m.res_list, m.res_length, operation, 2827 2828 { 2829 low_use_multiset_index (RBNODE (m.a_node), a_ind); /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2871 in merge_multisets() 2865 val_types |= 1 << TYPEOF(RBNODE (m.b_node)->iv.val); 2866 } 2867 }, { /* Free m.b_node. */ 2868 }); 2869 2870 else /* Destructive on a. */ >>> CID 1465078: (USE_AFTER_FREE) >>> Passing freed pointer "res_msd" as an argument to "merge_shift_ptrs". 2871 LOW_RB_MERGE ( 2872 ic_da, m.a_node, m.b_node, 2873 m.res_list, m.res_length, operation, 2874 2875 { 2876 low_use_multiset_index (RBNODE (m.a_node), a_ind); ** CID 1465072: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 431 in f_exp() ________________________________________________________________________________________________________ *** CID 1465072: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 431 in f_exp() 425 *! 426 *! @seealso 427 *! @[pow()], @[log()] 428 */ 429 void f_exp(INT32 args) 430 { >>> CID 1465072: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 431 ARG_CHECK("exp"); 432 SET_SVAL(sp[-1], T_FLOAT, 0, float_number, FL1(exp,sp[-1].u.float_number)); 433 } 434 435 /*! @decl int|float pow(float|int n, float|int x) 436 *! @decl mixed pow(object n, float|int|object x) ** CID 1465071: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 414 in f_log() ________________________________________________________________________________________________________ *** CID 1465071: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 414 in f_log() 408 *! 409 *! @seealso 410 *! @[pow()], @[exp()] 411 */ 412 void f_log(INT32 args) 413 { >>> CID 1465071: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 414 ARG_CHECK("log"); 415 if(sp[-1].u.float_number <=0.0) 416 Pike_error("Log on number less or equal to zero.\n"); 417 418 sp[-1].u.float_number = FL1(log,sp[-1].u.float_number); 419 } ** CID 1465069: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 495 in f_floor() ________________________________________________________________________________________________________ *** CID 1465069: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 495 in f_floor() 489 *! 490 *! @seealso 491 *! @[ceil()], @[round()] 492 */ 493 void f_floor(INT32 args) 494 { >>> CID 1465069: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 495 ARG_CHECK("floor"); 496 sp[-1].u.float_number = FL1(floor,sp[-1].u.float_number); 497 } 498 499 /*! @decl float ceil(int|float f) 500 *! ** CID 1465068: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 161 in f_acos() ________________________________________________________________________________________________________ *** CID 1465068: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 161 in f_acos() 155 *! 156 *! @seealso 157 *! @[cos()], @[asin()] 158 */ 159 void f_acos(INT32 args) 160 { >>> CID 1465068: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 161 ARG_CHECK("acos"); 162 if ((sp[-1].u.float_number >= -1.0) && 163 (sp[-1].u.float_number <= 1.0)) { 164 sp[-1].u.float_number = FL1(acos,sp[-1].u.float_number); 165 } else { 166 DECLARE_NAN; ** CID 1465067: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 182 in f_tan() ________________________________________________________________________________________________________ *** CID 1465067: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 182 in f_tan() 176 *! @seealso 177 *! @[atan()], @[sin()], @[cos()] 178 */ 179 void f_tan(INT32 args) 180 { 181 FLOAT_ARG_TYPE f; >>> CID 1465067: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 182 ARG_CHECK("tan"); 183 184 f = (sp[-1].u.float_number-M_PI/2) / M_PI; 185 if(f==floor(f+0.5)) 186 { 187 Pike_error("Impossible tangent.\n"); ** CID 1465066: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 239 in f_sinh() ________________________________________________________________________________________________________ *** CID 1465066: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 239 in f_sinh() 233 *! @seealso 234 *! @[asinh()], @[cosh()], @[tanh()] 235 */ 236 void f_sinh(INT32 args) 237 { 238 FLOAT_ARG_TYPE x; >>> CID 1465066: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 239 ARG_CHECK("sinh"); 240 x=sp[-1].u.float_number; 241 242 sp[-1].u.float_number = 243 DO_NOT_WARN ((FLOAT_TYPE) (0.5*(FA1(exp,x)-FA1(exp,-x)))); 244 } ** CID 1465065: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 512 in f_ceil() ________________________________________________________________________________________________________ *** CID 1465065: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 512 in f_ceil() 506 *! 507 *! @seealso 508 *! @[floor()], @[round()] 509 */ 510 void f_ceil(INT32 args) 511 { >>> CID 1465065: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 512 ARG_CHECK("ceil"); 513 sp[-1].u.float_number = FL1(ceil,sp[-1].u.float_number); 514 } 515 516 /*! @decl float round(int|float f) 517 *! ** CID 1465064: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 1864 in image_tuned_box_topbottom() ________________________________________________________________________________________________________ *** CID 1465064: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 1864 in image_tuned_box_topbottom() 1858 memcpy(dest,dest-xsize,length*sizeof(rgb_group)); 1859 dest+=xsize; 1860 } else { 1861 from = dest; 1862 for(x=0; x<64; x++) *(dest++) = color; 1863 for(;x<length-64;x+=64,dest+=64) >>> CID 1465064: Memory - corruptions (OVERLAPPING_COPY) >>> Copying 192 bytes from "from" to "dest", which point to overlapping memory locations. 1864 memcpy(dest, from, 64*sizeof(rgb_group)); 1865 for(;x<length; x++) *(dest++) = color; 1866 dest += xsize-length; 1867 old = color; 1868 } 1869 } ** CID 1465063: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 203 in f_atan() ________________________________________________________________________________________________________ *** CID 1465063: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 203 in f_atan() 197 *! 198 *! @seealso 199 *! @[tan()], @[asin()], @[acos()], @[atan2()] 200 */ 201 void f_atan(INT32 args) 202 { >>> CID 1465063: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 203 ARG_CHECK("atan"); 204 sp[-1].u.float_number = FL1(atan,sp[-1].u.float_number); 205 } 206 207 /*! @decl float atan2(float f1, float f2) 208 *! ** CID 1465062: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 113 in f_sin() ________________________________________________________________________________________________________ *** CID 1465062: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 113 in f_sin() 107 *! 108 *! @seealso 109 *! @[asin()], @[cos()], @[tan()] 110 */ 111 void f_sin(INT32 args) 112 { >>> CID 1465062: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 113 ARG_CHECK("sin"); 114 sp[-1].u.float_number = FL1(sin,sp[-1].u.float_number); 115 } 116 117 /*! @decl float asin(int|float f) 118 *! ** CID 1465061: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 290 in f_acosh() ________________________________________________________________________________________________________ *** CID 1465061: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 290 in f_acosh() 284 *! @seealso 285 *! @[cosh()], @[asinh()] 286 */ 287 void f_acosh(INT32 args) 288 { 289 FLOAT_ARG_TYPE x; >>> CID 1465061: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 290 ARG_CHECK("acosh"); 291 x=sp[-1].u.float_number; 292 293 sp[-1].u.float_number = 294 DO_NOT_WARN ((FLOAT_TYPE) (2*FA1(log,FA1(sqrt,0.5*(x+1))+FA1(sqrt,0.5*(x-1))))); 295 } ** CID 1465060: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 324 in f_atanh() ________________________________________________________________________________________________________ *** CID 1465060: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 324 in f_atanh() 318 *! @seealso 319 *! @[tanh()], @[asinh()], @[acosh()] 320 */ 321 void f_atanh(INT32 args) 322 { 323 FLOAT_ARG_TYPE x; >>> CID 1465060: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 324 ARG_CHECK("atanh"); 325 x=sp[-1].u.float_number; 326 327 sp[-1].u.float_number = 328 DO_NOT_WARN ((FLOAT_TYPE) (0.5*(FA1(log,1+x)-FA1(log,1-x)))); 329 } ** CID 1465059: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 127 in f_asin() ________________________________________________________________________________________________________ *** CID 1465059: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 127 in f_asin() 121 *! 122 *! @seealso 123 *! @[sin()], @[acos()] 124 */ 125 void f_asin(INT32 args) 126 { >>> CID 1465059: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 127 ARG_CHECK("asin"); 128 if ((sp[-1].u.float_number >= -1.0) && 129 (sp[-1].u.float_number <= 1.0)) { 130 sp[-1].u.float_number = FL1(asin,sp[-1].u.float_number); 131 } else { 132 DECLARE_NAN; ** CID 1465058: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 273 in f_cosh() ________________________________________________________________________________________________________ *** CID 1465058: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 273 in f_cosh() 267 *! @seealso 268 *! @[acosh()], @[sinh()], @[tanh()] 269 */ 270 void f_cosh(INT32 args) 271 { 272 FLOAT_ARG_TYPE x; >>> CID 1465058: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 273 ARG_CHECK("cosh"); 274 x=sp[-1].u.float_number; 275 276 sp[-1].u.float_number = 277 DO_NOT_WARN ((FLOAT_TYPE) (0.5*(FA1(exp,x)+FA1(exp,-x)))); 278 } ** CID 1465057: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 147 in f_cos() ________________________________________________________________________________________________________ *** CID 1465057: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 147 in f_cos() 141 *! 142 *! @seealso 143 *! @[acos()], @[sin()], @[tan()] 144 */ 145 void f_cos(INT32 args) 146 { >>> CID 1465057: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 147 ARG_CHECK("cos"); 148 sp[-1].u.float_number = FL1(cos,sp[-1].u.float_number); 149 } 150 151 /*! @decl float acos(int|float f) 152 *! ** CID 1465056: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 256 in f_asinh() ________________________________________________________________________________________________________ *** CID 1465056: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 256 in f_asinh() 250 *! @seealso 251 *! @[sinh()], @[acosh()] 252 */ 253 void f_asinh(INT32 args) 254 { 255 FLOAT_ARG_TYPE x; >>> CID 1465056: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 256 ARG_CHECK("asinh"); 257 x=sp[-1].u.float_number; 258 259 sp[-1].u.float_number = 260 DO_NOT_WARN ((FLOAT_TYPE) (FA1(log,x+FA1(sqrt,1+x*x)))); 261 } ** CID 1465055: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 307 in f_tanh() ________________________________________________________________________________________________________ *** CID 1465055: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 307 in f_tanh() 301 *! @seealso 302 *! @[atanh()], @[sinh()], @[cosh()] 303 */ 304 void f_tanh(INT32 args) 305 { 306 FLOAT_ARG_TYPE x; >>> CID 1465055: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 307 ARG_CHECK("tanh"); 308 x=sp[-1].u.float_number; 309 310 sp[-1].u.float_number = 311 DO_NOT_WARN ((FLOAT_TYPE) ((FA1(exp,x)-FA1(exp,-x))/(FA1(exp,x)+FA1(exp,-x)))); 312 } ** CID 1465054: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 2233 in float_promote() /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 2228 in float_promote() ________________________________________________________________________________________________________ *** CID 1465054: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 2233 in float_promote() 2227 { 2228 SET_SVAL(sp[-2], T_FLOAT, 0, float_number, (FLOAT_TYPE)sp[-2].u.integer); 2229 return 1; 2230 } 2231 else if(TYPEOF(sp[-1]) == T_INT && TYPEOF(sp[-2]) == T_FLOAT) 2232 { >>> CID 1465054: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 2233 SET_SVAL(sp[-1], T_FLOAT, 0, float_number, (FLOAT_TYPE)sp[-1].u.integer); 2234 return 1; 2235 } 2236 2237 if(is_bignum_object_in_svalue(sp-2) && TYPEOF(sp[-1]) == T_FLOAT) 2238 { /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 2228 in float_promote() 2222 } 2223 2224 static int float_promote(void) 2225 { 2226 if(TYPEOF(sp[-2]) == T_INT && TYPEOF(sp[-1]) == T_FLOAT) 2227 { >>> CID 1465054: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-2].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 2228 SET_SVAL(sp[-2], T_FLOAT, 0, float_number, (FLOAT_TYPE)sp[-2].u.integer); 2229 return 1; 2230 } 2231 else if(TYPEOF(sp[-1]) == T_INT && TYPEOF(sp[-2]) == T_FLOAT) 2232 { 2233 SET_SVAL(sp[-1], T_FLOAT, 0, float_number, (FLOAT_TYPE)sp[-1].u.integer); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPkl…
1
0
0
0
New Defects reported by Coverity Scan for Pike-master
by scan-admin@coverity.com
01 Jul '20
01 Jul '20
Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 20 new defect(s) introduced to Pike-master found with Coverity Scan. 12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 20 defect(s) ** CID 1465072: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 355 in f_exp() ________________________________________________________________________________________________________ *** CID 1465072: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 355 in f_exp() 349 *! 350 *! @seealso 351 *! @[pow()], @[log()] 352 */ 353 void f_exp(INT32 args) 354 { >>> CID 1465072: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 355 ARG_CHECK("exp"); 356 SET_SVAL(sp[-1], T_FLOAT, 0, float_number, FL(exp)(sp[-1].u.float_number)); 357 } 358 359 /*! @decl int|float pow(float|int n, float|int x) 360 *! @decl mixed pow(object n, float|int|object x) ** CID 1465071: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 338 in f_log() ________________________________________________________________________________________________________ *** CID 1465071: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 338 in f_log() 332 *! 333 *! @seealso 334 *! @[pow()], @[exp()] 335 */ 336 void f_log(INT32 args) 337 { >>> CID 1465071: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 338 ARG_CHECK("log"); 339 if(sp[-1].u.float_number <=0.0) 340 Pike_error("Log on number less or equal to zero.\n"); 341 342 sp[-1].u.float_number = FL(log)(sp[-1].u.float_number); 343 } ** CID 1465070: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 1466 in pair_add() /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 1458 in pair_add() ________________________________________________________________________________________________________ *** CID 1465070: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 1466 in pair_add() 1460 } 1461 } 1462 else if( TYPEOF(Pike_sp[-1]) == PIKE_T_FLOAT ) 1463 { 1464 if( TYPEOF(Pike_sp[-2]) == PIKE_T_INT ) 1465 { >>> CID 1465070: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-2].u.integer" to "Pike_interpreter_pointer->stack_pointer[-2].u.float_number", which have overlapping memory locations and different types. 1466 Pike_sp[-2].u.float_number = Pike_sp[-2].u.integer; 1467 TYPEOF(Pike_sp[-2]) = PIKE_T_FLOAT; 1468 } 1469 } 1470 1471 if (TYPEOF(Pike_sp[-2]) != TYPEOF(Pike_sp[-1])) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 1458 in pair_add() 1452 stack_swap(); 1453 } 1454 else if( TYPEOF(Pike_sp[-2]) == PIKE_T_FLOAT ) 1455 { 1456 if( TYPEOF(Pike_sp[-1]) == PIKE_T_INT ) 1457 { >>> CID 1465070: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "Pike_interpreter_pointer->stack_pointer[-1].u.float_number", which have overlapping memory locations and different types. 1458 Pike_sp[-1].u.float_number = Pike_sp[-1].u.integer; 1459 TYPEOF(Pike_sp[-1]) = PIKE_T_FLOAT; 1460 } 1461 } 1462 else if( TYPEOF(Pike_sp[-1]) == PIKE_T_FLOAT ) 1463 { ** CID 1465069: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 384 in f_floor() ________________________________________________________________________________________________________ *** CID 1465069: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 384 in f_floor() 378 *! 379 *! @seealso 380 *! @[ceil()], @[round()] 381 */ 382 void f_floor(INT32 args) 383 { >>> CID 1465069: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 384 ARG_CHECK("floor"); 385 sp[-1].u.float_number = FL(floor)(sp[-1].u.float_number); 386 } 387 388 /*! @decl float ceil(int|float f) 389 *! ** CID 1465068: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 115 in f_acos() ________________________________________________________________________________________________________ *** CID 1465068: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 115 in f_acos() 109 *! 110 *! @seealso 111 *! @[cos()], @[asin()] 112 */ 113 void f_acos(INT32 args) 114 { >>> CID 1465068: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 115 ARG_CHECK("acos"); 116 if ((sp[-1].u.float_number >= -1.0) && 117 (sp[-1].u.float_number <= 1.0)) { 118 sp[-1].u.float_number = FL(acos)(sp[-1].u.float_number); 119 } else { 120 sp[-1].u.float_number = (FLOAT_TYPE) MAKE_NAN(); ** CID 1465067: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 135 in f_tan() ________________________________________________________________________________________________________ *** CID 1465067: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 135 in f_tan() 129 *! @seealso 130 *! @[atan()], @[sin()], @[cos()] 131 */ 132 void f_tan(INT32 args) 133 { 134 FLOAT_ARG_TYPE f; >>> CID 1465067: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 135 ARG_CHECK("tan"); 136 137 f = (sp[-1].u.float_number-M_PI/2) / M_PI; 138 if(f==floor(f+0.5)) 139 { 140 Pike_error("Impossible tangent.\n"); ** CID 1465066: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 191 in f_sinh() ________________________________________________________________________________________________________ *** CID 1465066: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 191 in f_sinh() 185 *! 186 *! @seealso 187 *! @[asinh()], @[cosh()], @[tanh()] 188 */ 189 void f_sinh(INT32 args) 190 { >>> CID 1465066: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 191 ARG_CHECK("sinh"); 192 sp[-1].u.float_number = FL(sinh)(sp[-1].u.float_number); 193 } 194 195 /*! @decl float asinh(int|float f) 196 *! ** CID 1465065: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 401 in f_ceil() ________________________________________________________________________________________________________ *** CID 1465065: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 401 in f_ceil() 395 *! 396 *! @seealso 397 *! @[floor()], @[round()] 398 */ 399 void f_ceil(INT32 args) 400 { >>> CID 1465065: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 401 ARG_CHECK("ceil"); 402 sp[-1].u.float_number = FL(ceil)(sp[-1].u.float_number); 403 } 404 405 /*! @decl float round(int|float f) 406 *! ** CID 1465064: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/image.c: 1784 in image_tuned_box_topbottom() ________________________________________________________________________________________________________ *** CID 1465064: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/image.c: 1784 in image_tuned_box_topbottom() 1778 memcpy(dest,dest-xsize,length*sizeof(rgb_group)); 1779 dest+=xsize; 1780 } else { 1781 from = dest; 1782 for(x=0; x<64; x++) *(dest++) = color; 1783 for(;x<length-64;x+=64,dest+=64) >>> CID 1465064: Memory - corruptions (OVERLAPPING_COPY) >>> Copying 192 bytes from "from" to "dest", which point to overlapping memory locations. 1784 memcpy(dest, from, 64*sizeof(rgb_group)); 1785 for(;x<length; x++) *(dest++) = color; 1786 dest += xsize-length; 1787 old = color; 1788 } 1789 } ** CID 1465063: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 156 in f_atan() ________________________________________________________________________________________________________ *** CID 1465063: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 156 in f_atan() 150 *! 151 *! @seealso 152 *! @[tan()], @[asin()], @[acos()], @[atan2()] 153 */ 154 void f_atan(INT32 args) 155 { >>> CID 1465063: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 156 ARG_CHECK("atan"); 157 sp[-1].u.float_number = FL(atan)(sp[-1].u.float_number); 158 } 159 160 /*! @decl float atan2(float f1, float f2) 161 *! ** CID 1465062: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 68 in f_sin() ________________________________________________________________________________________________________ *** CID 1465062: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 68 in f_sin() 62 *! 63 *! @seealso 64 *! @[asin()], @[cos()], @[tan()] 65 */ 66 void f_sin(INT32 args) 67 { >>> CID 1465062: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 68 ARG_CHECK("sin"); 69 sp[-1].u.float_number = FL(sin)(sp[-1].u.float_number); 70 } 71 72 /*! @decl float asin(int|float f) 73 *! ** CID 1465061: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 230 in f_acosh() ________________________________________________________________________________________________________ *** CID 1465061: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 230 in f_acosh() 224 *! 225 *! @seealso 226 *! @[cosh()], @[asinh()] 227 */ 228 void f_acosh(INT32 args) 229 { >>> CID 1465061: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 230 ARG_CHECK("acosh"); 231 sp[-1].u.float_number = FL(acosh)(sp[-1].u.float_number); 232 } 233 234 /*! @decl float tanh(int|float f) 235 *! ** CID 1465060: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 256 in f_atanh() ________________________________________________________________________________________________________ *** CID 1465060: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 256 in f_atanh() 250 *! 251 *! @seealso 252 *! @[tanh()], @[asinh()], @[acosh()] 253 */ 254 void f_atanh(INT32 args) 255 { >>> CID 1465060: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 256 ARG_CHECK("atanh"); 257 sp[-1].u.float_number = FL(atanh)(sp[-1].u.float_number); 258 } 259 260 /*! @decl float sqrt(float f) 261 *! @decl int sqrt(int i) ** CID 1465059: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 82 in f_asin() ________________________________________________________________________________________________________ *** CID 1465059: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 82 in f_asin() 76 *! 77 *! @seealso 78 *! @[sin()], @[acos()] 79 */ 80 void f_asin(INT32 args) 81 { >>> CID 1465059: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 82 ARG_CHECK("asin"); 83 if ((sp[-1].u.float_number >= -1.0) && 84 (sp[-1].u.float_number <= 1.0)) { 85 sp[-1].u.float_number = FL(asin)(sp[-1].u.float_number); 86 } else { 87 sp[-1].u.float_number = (FLOAT_TYPE) MAKE_NAN(); ** CID 1465058: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 217 in f_cosh() ________________________________________________________________________________________________________ *** CID 1465058: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 217 in f_cosh() 211 *! 212 *! @seealso 213 *! @[acosh()], @[sinh()], @[tanh()] 214 */ 215 void f_cosh(INT32 args) 216 { >>> CID 1465058: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 217 ARG_CHECK("cosh"); 218 sp[-1].u.float_number = FL(cosh)(sp[-1].u.float_number); 219 } 220 221 /*! @decl float acosh(int|float f) 222 *! ** CID 1465057: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 101 in f_cos() ________________________________________________________________________________________________________ *** CID 1465057: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 101 in f_cos() 95 *! 96 *! @seealso 97 *! @[acos()], @[sin()], @[tan()] 98 */ 99 void f_cos(INT32 args) 100 { >>> CID 1465057: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 101 ARG_CHECK("cos"); 102 sp[-1].u.float_number = FL(cos)(sp[-1].u.float_number); 103 } 104 105 /*! @decl float acos(int|float f) 106 *! ** CID 1465056: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 204 in f_asinh() ________________________________________________________________________________________________________ *** CID 1465056: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 204 in f_asinh() 198 *! 199 *! @seealso 200 *! @[sinh()], @[acosh()] 201 */ 202 void f_asinh(INT32 args) 203 { >>> CID 1465056: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 204 ARG_CHECK("asinh"); 205 sp[-1].u.float_number = FL(asinh)(sp[-1].u.float_number); 206 } 207 208 /*! @decl float cosh(int|float f) 209 *! ** CID 1465055: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 243 in f_tanh() ________________________________________________________________________________________________________ *** CID 1465055: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 243 in f_tanh() 237 *! 238 *! @seealso 239 *! @[atanh()], @[sinh()], @[cosh()] 240 */ 241 void f_tanh(INT32 args) 242 { >>> CID 1465055: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 243 ARG_CHECK("tanh"); 244 sp[-1].u.float_number = FL(tanh)(sp[-1].u.float_number); 245 } 246 247 /*! @decl float atanh(int|float f) 248 *! ** CID 1465054: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 2104 in float_promote() /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 2099 in float_promote() ________________________________________________________________________________________________________ *** CID 1465054: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 2104 in float_promote() 2098 { 2099 SET_SVAL(Pike_sp[-2], T_FLOAT, 0, float_number, (FLOAT_TYPE)Pike_sp[-2].u.integer); 2100 return 1; 2101 } 2102 else if(TYPEOF(Pike_sp[-1]) == T_INT && TYPEOF(Pike_sp[-2]) == T_FLOAT) 2103 { >>> CID 1465054: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 2104 SET_SVAL(Pike_sp[-1], T_FLOAT, 0, float_number, (FLOAT_TYPE)Pike_sp[-1].u.integer); 2105 return 1; 2106 } 2107 2108 if(is_bignum_object_in_svalue(Pike_sp-2) && TYPEOF(Pike_sp[-1]) == T_FLOAT) 2109 { /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 2099 in float_promote() 2093 } 2094 2095 static int float_promote(void) 2096 { 2097 if(TYPEOF(Pike_sp[-2]) == T_INT && TYPEOF(Pike_sp[-1]) == T_FLOAT) 2098 { >>> CID 1465054: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-2].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 2099 SET_SVAL(Pike_sp[-2], T_FLOAT, 0, float_number, (FLOAT_TYPE)Pike_sp[-2].u.integer); 2100 return 1; 2101 } 2102 else if(TYPEOF(Pike_sp[-1]) == T_INT && TYPEOF(Pike_sp[-2]) == T_FLOAT) 2103 { 2104 SET_SVAL(Pike_sp[-1], T_FLOAT, 0, float_number, (FLOAT_TYPE)Pike_sp[-1].u.integer); ** CID 1465053: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 418 in f_round() ________________________________________________________________________________________________________ *** CID 1465053: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 418 in f_round() 412 *! 413 *! @seealso 414 *! @[floor()], @[ceil()] 415 */ 416 void f_round(INT32 args) 417 { >>> CID 1465053: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 418 ARG_CHECK("round"); 419 sp[-1].u.float_number = FL(rint)(sp[-1].u.float_number); 420 } 421 422 423 /*! @decl int|float|object limit(int|float|object minval, int|float|object x, int|float|object maxval) ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPkl…
1
0
0
0
New Defects reported by Coverity Scan for Pike-master
by scan-admin@coverity.com
02 Apr '20
02 Apr '20
Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 2 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 1461177: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3274 in docode() ________________________________________________________________________________________________________ *** CID 1461177: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3274 in docode() 3268 struct byte_buffer instrbuf_save = instrbuf; 3269 struct statement_label *label_save; 3270 3271 PUSH_STATEMENT_LABEL; 3272 label_save = current_label->prev; 3273 current_label->prev = NULL; >>> CID 1461177: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "current_label->prev". 3274 PUSH_CLEANUP_FRAME(NULL, NULL); 3275 label_no=1; 3276 current_stack_depth = 0; 3277 Pike_compiler->compiler_frame->generator_local = -1; 3278 init_bytecode(); 3279 ** CID 1461176: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3033 in do_code_block() ________________________________________________________________________________________________________ *** CID 1461176: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3033 in do_code_block() 3027 3028 init_bytecode(); 3029 label_no=1; 3030 PUSH_STATEMENT_LABEL; 3031 save_label = current_label->prev; 3032 current_label->prev = NULL; >>> CID 1461176: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "current_label->prev". 3033 PUSH_CLEANUP_FRAME(NULL, NULL); 3034 current_stack_depth = 0; 3035 3036 /* NOTE: This is no ordinary label... */ 3037 low_insert_label(0); 3038 emit0(F_ENTRY); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPkl…
1
0
0
0
New Defects reported by Coverity Scan for Pike-master
by scan-admin@coverity.com
21 Jan '20
21 Jan '20
Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1457890: Resource leaks (RESOURCE_LEAK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_Stdio/file.c: 2747 in my_openpty() ________________________________________________________________________________________________________ *** CID 1457890: Resource leaks (RESOURCE_LEAK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_Stdio/file.c: 2747 in my_openpty() 2741 * Not required on Solaris 11.4 and later. 2742 */ 2743 ioctl(s, I_PUSH, "ptem"); /* Pseudo terminal emulation mode */ 2744 ioctl(s, I_PUSH, "ldterm"); /* Terminal line discipline */ 2745 ioctl(s, I_PUSH, "ttcompat"); /* BSD terminal compatibility */ 2746 #endif >>> CID 1457890: Resource leaks (RESOURCE_LEAK) >>> Handle variable "s" going out of scope leaks the handle. 2747 return 0; 2748 } 2749 } 2750 close(m); 2751 return -1; 2752 } ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V0…
1
0
0
0
← Newer
1
2
3
4
5
Older →
Jump to page:
1
2
3
4
5
Results per page:
10
25
50
100
200