- Pike-automation - lists.lysator.liu.se

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 05 Jul '24

05 Jul '24

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1609623: (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1609623: (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.1-snapshot/src/threads.c: 3318 in exit_mutex_key_obj() 3312 ITEM(a)[0].u.object->prog) { 3313 /* Linkely: Valid entry. */ 3314 int is_shared = 0; 3315 3316 push_int(2); 3317 if ((a->size < 2) || SAFE_IS_ZERO(ITEM(a) + 1)) { >>> CID 1609623: (FORWARD_NULL) >>> Passing null pointer "mutex_obj" to "apply", which dereferences it. 3318 apply(mutex_obj, "trylock", 1); 3319 } else { 3320 is_shared = 1; 3321 apply(mutex_obj, "try_shared_lock", 1); 3322 } 3323 /home/covbuilder/pike/Pike-v9.1-snapshot/src/threads.c: 3321 in exit_mutex_key_obj() 3315 3316 push_int(2); 3317 if ((a->size < 2) || SAFE_IS_ZERO(ITEM(a) + 1)) { 3318 apply(mutex_obj, "trylock", 1); 3319 } else { 3320 is_shared = 1; >>> CID 1609623: (FORWARD_NULL) >>> Passing null pointer "mutex_obj" to "apply", which dereferences it. 3321 apply(mutex_obj, "try_shared_lock", 1); 3322 } 3323 3324 if (SAFE_IS_ZERO(Pike_sp - 1)) { 3325 pop_stack(); 3326 pop_stack(); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 30 Jun '24

30 Jun '24

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1606004: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1606004: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.1-snapshot/src/program.c: 7216 in add_typed_constant() 7210 return define_alias(name, id->type, flags, depth, n); 7211 } 7212 } 7213 } 7214 7215 if (type) { >>> CID 1606004: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "c" to "get_type_of_svalue", which dereferences it. 7216 struct pike_type *tmp = get_type_of_svalue(c); 7217 struct pike_type *tmp2 = and_pike_types(type, tmp); 7218 if (tmp2) { 7219 if (flags & ID_INLINE) { 7220 type = tmp2; 7221 } else { ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 11 Jun '24

11 Jun '24

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1603596: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3059 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3059 in pike_gethex() ________________________________________________________________________________________________________ *** CID 1603596: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3059 in pike_gethex() 3053 else if (k > 0) 3054 lostbits = any_on(b,k); 3055 #ifdef IEEE_Arith 3056 else if (check_denorm) 3057 goto no_lostbits; 3058 #endif >>> CID 1603596: (USE_AFTER_FREE) >>> Using freed pointer "x". 3059 if (x[k>>kshift] & 1 << (k & kmask)) 3060 lostbits |= 2; 3061 #ifdef IEEE_Arith 3062 no_lostbits: 3063 #endif 3064 nbits -= n; /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3059 in pike_gethex() 3053 else if (k > 0) 3054 lostbits = any_on(b,k); 3055 #ifdef IEEE_Arith 3056 else if (check_denorm) 3057 goto no_lostbits; 3058 #endif >>> CID 1603596: (USE_AFTER_FREE) >>> Using freed pointer "x". 3059 if (x[k>>kshift] & 1 << (k & kmask)) 3060 lostbits |= 2; 3061 #ifdef IEEE_Arith 3062 no_lostbits: 3063 #endif 3064 nbits -= n; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…

1 0

New Defects reported by Coverity Scan for Pike-stable
by scan-admin＠coverity.com 01 Jun '24

01 Jun '24

Hi, Please find the latest report on new defect(s) introduced to Pike-stable found with Coverity Scan. 41 new defect(s) introduced to Pike-stable found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 41 defect(s) ** CID 1601773: Uninitialized variables (UNINIT) ________________________________________________________________________________________________________ *** CID 1601773: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/requestobject.c: 192 in f_aap_scan_for_query() 186 } 187 } 188 work_area[j++]=c; 189 } 190 191 done: >>> CID 1601773: Uninitialized variables (UNINIT) >>> Using uninitialized value "work_area[begin]" when calling "debug_make_shared_binary_string". 192 TINSERT(THIS->misc_variables, s_not_query, work_area+begin, j-begin+1); 193 free(work_area); 194 195 if(i < len) 196 TINSERT(THIS->misc_variables, s_query, s+i+1, (len-i)-1); 197 else ** CID 1601772: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() ________________________________________________________________________________________________________ *** CID 1601772: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() 1384 }); 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->u.dummy". 1390 HANDLE_PARAM("done_cb", { 1391 assign_svalue(&gc_done_cb, set); 1392 }, { 1393 assign_svalue(&get, &gc_done_cb); 1394 }); 1395 /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() 1369 HANDLE_FLOAT_FACTOR ("garbage_ratio_low", gc_garbage_ratio_low); 1370 HANDLE_FLOAT_FACTOR ("time_ratio", gc_time_ratio); 1371 HANDLE_FLOAT_FACTOR ("garbage_ratio_high", gc_garbage_ratio_high); 1372 HANDLE_FLOAT_FACTOR ("min_gc_time_ratio", gc_min_time_ratio); 1373 HANDLE_FLOAT_FACTOR ("average_slowness", gc_average_slowness); 1374 >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->tu.t.type". 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); 1380 HANDLE_PARAM("post_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() 1379 }); 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "get" when calling "mapping_string_insert". 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); 1390 HANDLE_PARAM("done_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() 1384 }); 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->tu.t.type". 1390 HANDLE_PARAM("done_cb", { 1391 assign_svalue(&gc_done_cb, set); 1392 }, { 1393 assign_svalue(&get, &gc_done_cb); 1394 }); 1395 /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() 1379 }); 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->tu.t.type". 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); 1390 HANDLE_PARAM("done_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() 1379 }); 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->u.dummy". 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); 1390 HANDLE_PARAM("done_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() 1369 HANDLE_FLOAT_FACTOR ("garbage_ratio_low", gc_garbage_ratio_low); 1370 HANDLE_FLOAT_FACTOR ("time_ratio", gc_time_ratio); 1371 HANDLE_FLOAT_FACTOR ("garbage_ratio_high", gc_garbage_ratio_high); 1372 HANDLE_FLOAT_FACTOR ("min_gc_time_ratio", gc_min_time_ratio); 1373 HANDLE_FLOAT_FACTOR ("average_slowness", gc_average_slowness); 1374 >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->u.dummy". 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); 1380 HANDLE_PARAM("post_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() 1374 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->u.dummy". 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); 1385 HANDLE_PARAM("destruct_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() 1369 HANDLE_FLOAT_FACTOR ("garbage_ratio_low", gc_garbage_ratio_low); 1370 HANDLE_FLOAT_FACTOR ("time_ratio", gc_time_ratio); 1371 HANDLE_FLOAT_FACTOR ("garbage_ratio_high", gc_garbage_ratio_high); 1372 HANDLE_FLOAT_FACTOR ("min_gc_time_ratio", gc_min_time_ratio); 1373 HANDLE_FLOAT_FACTOR ("average_slowness", gc_average_slowness); 1374 >>> CID 1601772: (UNINIT) >>> Using uninitialized value "get" when calling "mapping_string_insert". 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); 1380 HANDLE_PARAM("post_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() 1374 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "get" when calling "mapping_string_insert". 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); 1385 HANDLE_PARAM("destruct_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() 1384 }); 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "get" when calling "mapping_string_insert". 1390 HANDLE_PARAM("done_cb", { 1391 assign_svalue(&gc_done_cb, set); 1392 }, { 1393 assign_svalue(&get, &gc_done_cb); 1394 }); 1395 /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() 1374 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); >>> CID 1601772: (UNINIT) >>> Using uninitialized value "_s->tu.t.type". 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); 1385 HANDLE_PARAM("destruct_cb", { ** CID 1601771: Uninitialized variables (UNINIT) ________________________________________________________________________________________________________ *** CID 1601771: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Inotify/inotify.cmod: 298 in f_Inotify_cq__Instance_add_watch() 292 ev.mask |= IN_ISDIR; 293 } 294 /* FIXME: Handle DT_UNKNOWN. */ 295 #endif /* HAVE_DIRENT_T_TYPE */ 296 297 string_build_mkspace(&THIS->buf, sizeof(ev) + ev.len, 0); >>> CID 1601771: Uninitialized variables (UNINIT) >>> Using uninitialized value "ev". Field "ev.name" is uninitialized when calling "string_builder_binary_strcat0". 298 string_builder_binary_strcat0(&THIS->buf, 299 (p_wchar0 *)&ev, 300 sizeof(ev)); 301 string_builder_strcat(&THIS->buf, dirent->d_name); 302 string_builder_fill(&THIS->buf, pad+1, 303 MKPCHARP("\0\0\0\0\0\0\0\0", 0), 8, 0); ** CID 1601770: (UNINIT) ________________________________________________________________________________________________________ *** CID 1601770: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5912 in add_constant() 5906 { 5907 my_yyerror("Identifier %S defined twice.", name); 5908 return n; 5909 } 5910 5911 /* override */ >>> CID 1601770: (UNINIT) >>> Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "override_identifier". 5912 if ((overridden = override_identifier (&ref, name, 0)) >= 0) { 5913 #ifdef PIKE_DEBUG 5914 struct reference *oref = 5915 Pike_compiler->new_program->identifier_references+overridden; 5916 if((oref->inherit_offset != ref.inherit_offset) || 5917 (oref->identifier_offset != ref.identifier_offset) || /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5926 in add_constant() 5920 } 5921 #endif 5922 return overridden; 5923 } 5924 } 5925 n=Pike_compiler->new_program->num_identifier_references; >>> CID 1601770: (UNINIT) >>> Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references". 5926 add_to_identifier_references(ref); 5927 5928 return n; 5929 } 5930 5931 PMOD_EXPORT int simple_add_constant(const char *name, ** CID 1601769: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5455 in low_define_variable() ________________________________________________________________________________________________________ *** CID 1601769: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5455 in low_define_variable() 5449 5450 add_to_variable_index(ref.identifier_offset); 5451 5452 debug_add_to_identifiers(dummy); 5453 5454 n=Pike_compiler->new_program->num_identifier_references; >>> CID 1601769: Uninitialized variables (UNINIT) >>> Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references". 5455 add_to_identifier_references(ref); 5456 5457 return n; 5458 } 5459 5460 /* type is a textual type */ ** CID 1601768: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5320 in low_define_alias() ________________________________________________________________________________________________________ *** CID 1601768: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5320 in low_define_alias() 5314 ref.inherit_offset=0; 5315 ref.run_time_type = PIKE_T_UNKNOWN; 5316 5317 debug_add_to_identifiers(dummy); 5318 5319 n = Pike_compiler->new_program->num_identifier_references; >>> CID 1601768: Uninitialized variables (UNINIT) >>> Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references". 5320 add_to_identifier_references(ref); 5321 5322 return n; 5323 } 5324 5325 PMOD_EXPORT int define_alias(struct pike_string *name, struct pike_type *type, ** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 3471 in th_num_idle_farmers() ________________________________________________________________________________________________________ *** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 3471 in th_num_idle_farmers() 3465 /* NOT_REACHED */ 3466 return 0;/* Keep the compiler happy. */ 3467 } 3468 3469 int th_num_idle_farmers(void) 3470 { >>> CID 1601765: Concurrent data access violations (MISSING_LOCK) >>> Accessing "_num_idle_farmers" without holding lock "rosie". Elsewhere, "_num_idle_farmers" is written to with "rosie" held 3 out of 3 times. 3471 return _num_idle_farmers; 3472 } 3473 3474 3475 int th_num_farmers(void) 3476 { ** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply() ________________________________________________________________________________________________________ *** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply() 57 58 void drop_reply(int ok) 59 //! Drop reply. 60 { 61 INT_TYPE t,o; 62 get_all_args("reply",args,"%i",&o); >>> CID 1601764: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "guint32". 63 gdk_drop_reply((GdkDragContext *)THIS->obj,o,time(NULL)); 64 RETURN_THIS(); 65 } 66 67 void drag_set_icon_widget(GTK2.Widget widget, int hot_x, int hot_y) 68 //! Set the drag widget. This is a widget that will be shown, and then ** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time() ________________________________________________________________________________________________________ *** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time() 41 //! Get the flags. 42 43 int get_initial_time(); 44 //! Queries the initial time that was set using set_time() or during creation. 45 46 >>> CID 1601762: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_initial_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint". ** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6077 in f_count_memory() /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6097 in f_count_memory() /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6100 in f_count_memory() /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6071 in f_count_memory() ________________________________________________________________________________________________________ *** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6077 in f_count_memory() 6071 DO_AGGREGATE_ARRAY (120); 6072 } 6073 } 6074 if (list == &mc_incomplete) list = &mc_indirect; 6075 else break; 6076 } >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6077 } END_AGGREGATE_ARRAY; 6078 args++; 6079 mapping_string_insert (opts, ind, Pike_sp - 1); 6080 } 6081 6082 MAKE_CONST_STRING (ind, "collect_direct_externals"); /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6097 in f_count_memory() 6091 assert (m->flags & MC_FLAG_LA_VISITED); 6092 if (type <= MAX_TYPE) { 6093 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6094 add_ref ((struct ref_dummy *) m->thing); 6095 dmalloc_touch_svalue (Pike_sp); 6096 Pike_sp++; >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6097 DO_AGGREGATE_ARRAY (120); 6098 } 6099 } 6100 } END_AGGREGATE_ARRAY; 6101 args++; 6102 mapping_string_insert (opts, ind, Pike_sp - 1); /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6100 in f_count_memory() 6094 add_ref ((struct ref_dummy *) m->thing); 6095 dmalloc_touch_svalue (Pike_sp); 6096 Pike_sp++; 6097 DO_AGGREGATE_ARRAY (120); 6098 } 6099 } >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6100 } END_AGGREGATE_ARRAY; 6101 args++; 6102 mapping_string_insert (opts, ind, Pike_sp - 1); 6103 } 6104 } 6105 /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6071 in f_count_memory() 6065 assert (m->flags & MC_FLAG_LA_VISITED); 6066 if (type <= MAX_TYPE) { 6067 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6068 add_ref ((struct ref_dummy *) m->thing); 6069 dmalloc_touch_svalue (Pike_sp); 6070 Pike_sp++; >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6071 DO_AGGREGATE_ARRAY (120); 6072 } 6073 } 6074 if (list == &mc_incomplete) list = &mc_indirect; 6075 else break; 6076 } ** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time() ________________________________________________________________________________________________________ *** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time() 28 //! be the one represented by the_time. 29 30 int get_time(); 31 //! Return the time entered in the widget. 32 33 void set_popup_range(int low_hour, int up_hour); >>> CID 1601755: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint". 34 //! Sets the range of times that will be provide by the time popup 35 //! selectors. 36 37 void set_flags(int flags); 38 //! Bitwise or of CONST(GNOME_DATE_EDIT_). 39 ** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/timeout.c: 230 in aap_exit_timeouts() ________________________________________________________________________________________________________ *** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/timeout.c: 230 in aap_exit_timeouts() 224 #ifdef AAP_DEBUG 225 fprintf(stderr, "AAP: aap_exit_timeouts.\n"); 226 #endif /* AAP_DEBUG */ 227 THREADS_ALLOW(); 228 mt_lock (&aap_timeout_mutex); 229 aap_time_to_die = 1; >>> CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) >>> The wait condition prompting the wait upon "aap_timeout_mutex" is not checked correctly. This code can wait for a condition that has already been satisfied, which can cause a never-ending wait. 230 co_wait (&aap_timeout_thread_is_dead, &aap_timeout_mutex); 231 mt_unlock (&aap_timeout_mutex); 232 THREADS_DISALLOW(); 233 mt_destroy (&aap_timeout_mutex); 234 co_destroy (&aap_timeout_thread_is_dead); 235 #ifdef AAP_DEBUG ** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/log.c: 117 in f_aap_log_exists() ________________________________________________________________________________________________________ *** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/log.c: 117 in f_aap_log_exists() 111 f_aggregate(n); 112 } 113 } 114 115 void f_aap_log_exists(INT32 UNUSED(args)) 116 { >>> CID 1601753: Concurrent data access violations (MISSING_LOCK) >>> Accessing "((struct args *)Pike_interpreter_pointer->frame_pointer->current_storage)->log->log_head" without holding lock "log.log_lock". Elsewhere, "log.log_head" is written to with "log.log_lock" held 5 out of 5 times. 117 if(LTHIS->log->log_head) 118 push_int(1); 119 else 120 push_int(0); 121 } 122 ** CID 1601752: Insecure data handling (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1601752: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/ilbm.c: 541 in image_ilbm__decode() 535 push_object(clone_object(image_colortable_program,1)); 536 ctable=get_storage(sp[-1].u.object, 537 image_colortable_program); 538 n++; 539 } 540 >>> CID 1601752: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted expression "bmhd.h" to "parse_body", which uses it as a loop boundary. 541 parse_body(&bmhd, STR0(ITEM(arr)[5].u.string), ITEM(arr)[5].u.string->len, 542 img, alpha, ctable, !!(camg & CAMG_HAM)); 543 544 f_aggregate_mapping(2*n); 545 stack_swap(); 546 pop_stack(); ** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_WhiteFish/blob.c: 122 in wf_blob_hit() ________________________________________________________________________________________________________ *** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_WhiteFish/blob.c: 122 in wf_blob_hit() 116 { 117 Hit hit; 118 if( b->eof ) 119 { 120 hit.type = HIT_NOTHING; 121 hit.raw = 0; >>> CID 1601751: Uninitialized variables (UNINIT) >>> Using uninitialized value "hit". Field "hit.u" is uninitialized. 122 return hit; 123 } 124 else 125 { 126 int off = b->b->rpos + 5 + n*2; 127 unsigned char h = b->b->data[ off ]; ** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 703 in init_gz_deflate() ________________________________________________________________________________________________________ *** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 703 in init_gz_deflate() 697 mt_init(& THIS->lock); 698 memset(& THIS->gz, 0, sizeof(THIS->gz)); 699 THIS->gz.zalloc=Z_NULL; 700 THIS->gz.zfree=Z_NULL; 701 THIS->gz.opaque=(void *)THIS; 702 THIS->state=0; >>> CID 1601750: Error handling issues (CHECKED_RETURN) >>> Calling "deflateInit_(&((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->gz, ((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->level = -1, "1.2.8", 112)" without checking return value. It wraps a library function that may fail and return an error code. 703 deflateInit(& THIS->gz, THIS->level = Z_DEFAULT_COMPRESSION); 704 THIS->epilogue = NULL; 705 } 706 707 static void exit_gz_deflate(struct object *UNUSED(o)) 708 { ** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_Stdio/sendfile.c: 692 in low_do_sendfile() ________________________________________________________________________________________________________ *** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_Stdio/sendfile.c: 692 in low_do_sendfile() 686 len = DO_NOT_WARN ((ptrdiff_t) this->len); 687 while ((buflen = fd_read(this->from_fd, this->buffer, len)) > 0) { 688 char *buf = this->buffer; 689 this->len -= buflen; 690 this->offset += buflen; 691 while (buflen) { >>> CID 1601749: Memory - corruptions (OVERRUN) >>> Calling "write" with "buf" and "buflen" is suspicious because of the very large index, 9223372036854775807. The index may be due to a negative parameter being interpreted as unsigned. 692 ptrdiff_t wrlen = fd_write(this->to_fd, buf, buflen); 693 if ((wrlen < 0) && (errno == EINTR)) { 694 continue; 695 } else if (wrlen < 0) { 696 goto send_trailers; 697 } ** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 987 in low_init_threads_disable() ________________________________________________________________________________________________________ *** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 987 in low_init_threads_disable() 981 } 982 } 983 984 THREADS_FPRINTF(0, (stderr, 985 "low_init_threads_disable(): Disabling threads.\n")); 986 >>> CID 1601748: Data race undermines locking (LOCK_EVASION) >>> Thread1 sets "threads_disabled" to a new value. Now the two threads have an inconsistent view of "threads_disabled" and updates to fields correlated with "threads_disabled" may be lost. 987 threads_disabled = 1; 988 threads_disabled_start = get_real_time(); 989 #ifdef PIKE_DEBUG 990 threads_disabled_thread = th_self(); 991 #endif 992 } else { ** CID 1601745: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/DVB/dvb.c: 860 in f_parse_pat() ________________________________________________________________________________________________________ *** CID 1601745: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/DVB/dvb.c: 860 in f_parse_pat() 854 if (n < 2) { 855 push_int(0); 856 return; 857 } 858 859 length = ((buffer[2] & 0x0F) << 8) | buffer[3]; >>> CID 1601745: Insecure data handling (TAINTED_SCALAR) >>> Using tainted variable "length - 4" as a loop boundary. 860 for (index=9; index<length-4 && index<184; index +=4) 861 { 862 p = (buffer[index] << 8) | buffer[index+1]; 863 push_int(p); 864 pid = ((buffer[index+2] << 8) | buffer[index+3]) & 0x1FFF; 865 push_int(pid); ** CID 1601744: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 923 in i_img_bmp__decode() ________________________________________________________________________________________________________ *** CID 1601744: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 923 in i_img_bmp__decode() 917 } 918 break; 919 default: 920 #ifdef RLE_DEBUG 921 fprintf(stderr,"rle data %02x %02x\n",s[0],s[1]); 922 #endif >>> CID 1601744: Insecure data handling (TAINTED_SCALAR) >>> Using tainted variable "s[0]" as a loop boundary. 923 for (i=0; i<s[0] && d<maxd; i++) 924 if (s[1] > nct->u.flat.numentries) 925 d++; 926 else 927 *(d++) = nct->u.flat.entries[s[1]].color; 928 break; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 01 Jun '24

01 Jun '24

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 53 new defect(s) introduced to Pike-master found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 53 defect(s) ** CID 1601767: (RESOURCE_LEAK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3023 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3035 in pike_gethex() ________________________________________________________________________________________________________ *** CID 1601767: (RESOURCE_LEAK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3023 in pike_gethex() 3017 k = n - 1; 3018 #ifdef IEEE_Arith 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { >>> CID 1601767: (RESOURCE_LEAK) >>> Ignoring storage allocated by "multadd(b, 1, 1)" leaks it. 3023 multadd(b, 1, 1 MTa); 3024 emin_check: 3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3035 in pike_gethex() 3029 } 3030 } 3031 break; 3032 case Round_up: 3033 if (!sign && (lostbits || (b->x[0] & 1))) { 3034 incr_denorm: >>> CID 1601767: (RESOURCE_LEAK) >>> Ignoring storage allocated by "multadd(b, 1, 2)" leaks it. 3035 multadd(b, 1, 2 MTa); 3036 check_denorm = 1; 3037 lostbits = 0; 3038 goto emin_check; 3039 } 3040 break; ** CID 1601766: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/program.c: 2096 in add_identifier() ________________________________________________________________________________________________________ *** CID 1601766: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/program.c: 2096 in add_identifier() 2090 if ((identifier_flags & (IDENTIFIER_VARIABLE|IDENTIFIER_ALIAS)) == 2091 IDENTIFIER_VARIABLE) { 2092 add_to_variable_index(ref.identifier_offset); 2093 } 2094 2095 n = Pike_compiler->new_program->num_identifier_references; >>> CID 1601766: Uninitialized variables (UNINIT) >>> Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references". 2096 add_to_identifier_references(ref); 2097 2098 return n; 2099 } 2100 2101 void use_module(struct svalue *s) ** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 4239 in th_num_idle_farmers() ________________________________________________________________________________________________________ *** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 4239 in th_num_idle_farmers() 4233 } while(1); 4234 UNREACHABLE(); 4235 } 4236 4237 int th_num_idle_farmers(void) 4238 { >>> CID 1601765: Concurrent data access violations (MISSING_LOCK) >>> Accessing "_num_idle_farmers" without holding lock "rosie". Elsewhere, "_num_idle_farmers" is written to with "rosie" held 3 out of 3 times. 4239 return _num_idle_farmers; 4240 } 4241 4242 4243 int th_num_farmers(void) 4244 { ** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply() ________________________________________________________________________________________________________ *** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply() 57 58 void drop_reply(int ok) 59 //! Drop reply. 60 { 61 INT_TYPE t,o; 62 get_all_args(NULL,args,"%i",&o); >>> CID 1601764: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "guint32". 63 gdk_drop_reply((GdkDragContext *)THIS->obj,o,time(NULL)); 64 RETURN_THIS(); 65 } 66 67 void drag_set_icon_widget(GTK2.Widget widget, int hot_x, int hot_y) 68 //! Set the drag widget. This is a widget that will be shown, and then ** CID 1601763: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() ________________________________________________________________________________________________________ *** CID 1601763: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check: >>> CID 1601763: (USE_AFTER_FREE) >>> Dereferencing freed pointer "b". 3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check: >>> CID 1601763: (USE_AFTER_FREE) >>> Dereferencing freed pointer "b". 3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check: >>> CID 1601763: (USE_AFTER_FREE) >>> Dereferencing freed pointer "b". 3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check: >>> CID 1601763: (USE_AFTER_FREE) >>> Dereferencing freed pointer "b". 3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 } ** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time() ________________________________________________________________________________________________________ *** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time() 41 //! Get the flags. 42 43 int get_initial_time(); 44 //! Queries the initial time that was set using set_time() or during creation. 45 46 >>> CID 1601762: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_initial_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint". ** CID 1601761: Null pointer dereferences (NULL_RETURNS) ________________________________________________________________________________________________________ *** CID 1601761: Null pointer dereferences (NULL_RETURNS) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/system/system.c: 2129 in describe_hostent() 2123 INT32 nelem = 0; 2124 2125 for (p = hp->h_addr_list; *p != 0; p++) { 2126 #ifdef fd_inet_ntop 2127 char buffer[64]; 2128 >>> CID 1601761: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing a pointer that might be "NULL" "inet_ntop(hp->h_addrtype, *p, buffer, 64U)" when calling "push_text". 2129 push_text(fd_inet_ntop(hp->h_addrtype, *p, buffer, sizeof(buffer))); 2130 #else 2131 struct in_addr in; 2132 2133 memcpy(&in.s_addr, *p, sizeof (in.s_addr)); 2134 push_text(inet_ntoa(in)); ** CID 1601760: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/builtin_functions.c: 6328 in mktime_zone() ________________________________________________________________________________________________________ *** CID 1601760: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/builtin_functions.c: 6328 in mktime_zone() 6322 /* Restore tm_year. */ 6323 date->tm_year -= ydelta; 6324 #endif 6325 6326 retval += ret; 6327 >>> CID 1601760: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "retval < -9223372036854775808L /* -9223372036854775807L - 1L */" is always false regardless of the values of its operands. This occurs as the logical first operand of "||". 6328 if ((retval < MIN_TIME_T) || (retval > MAX_TIME_T)) { 6329 #ifdef EOVERFLOW 6330 errno = EOVERFLOW; 6331 #else 6332 /* NT does not have EOVERFLOW. */ 6333 errno = ERANGE; ** CID 1601759: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3090 in pike_gethex() ________________________________________________________________________________________________________ *** CID 1601759: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3090 in pike_gethex() 3084 x = b->x; 3085 if (!denorm && (b->wds > k 3086 || ((n = nbits & kmask) !=0 3087 && hi0bits(x[k-1]) < 32-n))) { 3088 rshift(b,1); 3089 if (++e > Emax) >>> CID 1601759: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "goto ovfl;". 3090 goto ovfl; 3091 } 3092 } 3093 } 3094 #ifdef IEEE_Arith 3095 if (denorm) ** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6064 in f_count_memory() /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6084 in f_count_memory() /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6058 in f_count_memory() /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6087 in f_count_memory() ________________________________________________________________________________________________________ *** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6064 in f_count_memory() 6058 DO_AGGREGATE_ARRAY (120); 6059 } 6060 } 6061 if (list == &mc_incomplete) list = &mc_indirect; 6062 else break; 6063 } >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6064 } END_AGGREGATE_ARRAY; 6065 args++; 6066 mapping_string_insert (opts, ind, Pike_sp - 1); 6067 } 6068 6069 MAKE_CONST_STRING (ind, "collect_direct_externals"); /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6084 in f_count_memory() 6078 assert (m->flags & MC_FLAG_LA_VISITED); 6079 if (type <= MAX_TYPE) { 6080 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6081 add_ref ((struct ref_dummy *) m->thing); 6082 dmalloc_touch_svalue (Pike_sp); 6083 Pike_sp++; >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6084 DO_AGGREGATE_ARRAY (120); 6085 } 6086 } 6087 } END_AGGREGATE_ARRAY; 6088 args++; 6089 mapping_string_insert (opts, ind, Pike_sp - 1); /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6058 in f_count_memory() 6052 assert (m->flags & MC_FLAG_LA_VISITED); 6053 if (type <= MAX_TYPE) { 6054 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6055 add_ref ((struct ref_dummy *) m->thing); 6056 dmalloc_touch_svalue (Pike_sp); 6057 Pike_sp++; >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6058 DO_AGGREGATE_ARRAY (120); 6059 } 6060 } 6061 if (list == &mc_incomplete) list = &mc_indirect; 6062 else break; 6063 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6087 in f_count_memory() 6081 add_ref ((struct ref_dummy *) m->thing); 6082 dmalloc_touch_svalue (Pike_sp); 6083 Pike_sp++; 6084 DO_AGGREGATE_ARRAY (120); 6085 } 6086 } >>> CID 1601758: (CONSTANT_EXPRESSION_RESULT) >>> "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment. 6087 } END_AGGREGATE_ARRAY; 6088 args++; 6089 mapping_string_insert (opts, ind, Pike_sp - 1); 6090 } 6091 } 6092 ** CID 1601757: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/Shuffler/Shuffler.cmod: 464 in f_Shuffle_set_done_callback() ________________________________________________________________________________________________________ *** CID 1601757: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/Shuffler/Shuffler.cmod: 464 in f_Shuffle_set_done_callback() 458 *! 459 */ 460 optflags OPT_SIDE_EFFECT; 461 { 462 SHUFFLE_DEBUG2("set_done_callback(%p)\n", THIS, cb->u.object ); 463 assign_svalue( &THIS->done_callback,cb); >>> CID 1601757: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "_from". 464 } 465 466 PIKEFUN void set_request_arg( mixed arg ) 467 /*! @decl void set_request_arg( mixed arg ) 468 *! 469 *! Sets the extra argument sent to @[Throttler()->request()] and ** CID 1601756: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() ________________________________________________________________________________________________________ *** CID 1601756: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() 2007 else 2008 switch (find_type) { 2009 case FIND_LESS: 2010 case FIND_GREATER: 2011 sub_extra_ref (msd); 2012 if (prepare_for_add (l, 1)) { >>> CID 1601756: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2013 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2014 msd = l->msd; 2015 } 2016 ALLOC_MSNODE (msd, l->node_refs, new); 2017 goto add; 2018 /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() 2007 else 2008 switch (find_type) { 2009 case FIND_LESS: 2010 case FIND_GREATER: 2011 sub_extra_ref (msd); 2012 if (prepare_for_add (l, 1)) { >>> CID 1601756: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2013 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2014 msd = l->msd; 2015 } 2016 ALLOC_MSNODE (msd, l->node_refs, new); 2017 goto add; 2018 /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() 2007 else 2008 switch (find_type) { 2009 case FIND_LESS: 2010 case FIND_GREATER: 2011 sub_extra_ref (msd); 2012 if (prepare_for_add (l, 1)) { >>> CID 1601756: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2013 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2014 msd = l->msd; 2015 } 2016 ALLOC_MSNODE (msd, l->node_refs, new); 2017 goto add; 2018 ** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time() ________________________________________________________________________________________________________ *** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time() 28 //! be the one represented by the_time. 29 30 int get_time(); 31 //! Return the time entered in the widget. 32 33 void set_popup_range(int low_hour, int up_hour); >>> CID 1601755: High impact quality (Y2K38_SAFETY) >>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint". 34 //! Sets the range of times that will be provide by the time popup 35 //! selectors. 36 37 void set_flags(int flags); 38 //! Bitwise or of CONST(GNOME_DATE_EDIT_). 39 ** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/timeout.c: 222 in aap_exit_timeouts() ________________________________________________________________________________________________________ *** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/timeout.c: 222 in aap_exit_timeouts() 216 { 217 void *res; 218 DWERROR("AAP: aap_exit_timeouts.\n"); 219 THREADS_ALLOW(); 220 mt_lock (&aap_timeout_mutex); 221 aap_time_to_die = 1; >>> CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) >>> The wait condition prompting the wait upon "aap_timeout_mutex" is not checked correctly. This code can wait for a condition that has already been satisfied, which can cause a never-ending wait. 222 co_wait (&aap_timeout_thread_is_dead, &aap_timeout_mutex); 223 mt_unlock (&aap_timeout_mutex); 224 THREADS_DISALLOW(); 225 mt_destroy (&aap_timeout_mutex); 226 co_destroy (&aap_timeout_thread_is_dead); 227 DWERROR("AAP: aap_exit_timeouts done.\n"); 228 } 229 #endif ** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/log.c: 113 in f_aap_log_exists() ________________________________________________________________________________________________________ *** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/log.c: 113 in f_aap_log_exists() 107 f_aggregate(n); 108 } 109 } 110 111 void f_aap_log_exists(INT32 UNUSED(args)) 112 { >>> CID 1601753: Concurrent data access violations (MISSING_LOCK) >>> Accessing "((struct args *)Pike_interpreter_pointer->frame_pointer->current_storage)->log->log_head" without holding lock "log.log_lock". Elsewhere, "log.log_head" is written to with "log.log_lock" held 5 out of 5 times. 113 if(LTHIS->log->log_head) 114 push_int(1); 115 else 116 push_int(0); 117 } 118 ** CID 1601752: Insecure data handling (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1601752: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/Image/encodings/ilbm.c: 547 in image_ilbm__decode() 541 push_object(clone_object(image_colortable_program,1)); 542 ctable=get_storage(sp[-1].u.object, 543 image_colortable_program); 544 n++; 545 } 546 >>> CID 1601752: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted expression "bmhd.h" to "parse_body", which uses it as a loop boundary. 547 parse_body(&bmhd, STR0(ITEM(arr)[5].u.string), ITEM(arr)[5].u.string->len, 548 img, alpha, ctable, !!(camg & CAMG_HAM)); 549 550 f_aggregate_mapping(2*n); 551 stack_swap(); 552 pop_stack(); ** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_WhiteFish/blob.c: 127 in wf_blob_hit() ________________________________________________________________________________________________________ *** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_WhiteFish/blob.c: 127 in wf_blob_hit() 121 { 122 Hit hit; 123 if( b->eof ) 124 { 125 hit.type = HIT_NOTHING; 126 hit.raw = 0; >>> CID 1601751: Uninitialized variables (UNINIT) >>> Using uninitialized value "hit". Field "hit.u" is uninitialized. 127 return hit; 128 } 129 else 130 { 131 int off = b->b->rpos + 5 + n*2; 132 unsigned char h = b->b->data[ off ]; ** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Gz/zlibmod.c: 695 in init_gz_deflate() ________________________________________________________________________________________________________ *** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Gz/zlibmod.c: 695 in init_gz_deflate() 689 { 690 mt_init(& THIS->lock); 691 THIS->gz.zalloc=Z_NULL; 692 THIS->gz.zfree=Z_NULL; 693 THIS->gz.opaque=(void *)THIS; 694 THIS->state=0; >>> CID 1601750: Error handling issues (CHECKED_RETURN) >>> Calling "deflateInit_(&((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->gz, ((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->level = -1, "1.2.8", 112)" without checking return value. It wraps a library function that may fail and return an error code. 695 deflateInit(& THIS->gz, THIS->level = Z_DEFAULT_COMPRESSION); 696 THIS->epilogue = NULL; 697 } 698 699 static void exit_gz_deflate(struct object *UNUSED(o)) 700 { ** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Stdio/sendfile.c: 612 in low_do_sendfile() ________________________________________________________________________________________________________ *** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Stdio/sendfile.c: 612 in low_do_sendfile() 606 len = (ptrdiff_t) this->len; 607 while ((buflen = fd_read(this->from_fd, this->buffer, len)) > 0) { 608 char *buf = this->buffer; 609 this->len -= buflen; 610 this->offset += buflen; 611 while (buflen) { >>> CID 1601749: Memory - corruptions (OVERRUN) >>> Calling "write" with "buf" and "buflen" is suspicious because of the very large index, 9223372036854775807. The index may be due to a negative parameter being interpreted as unsigned. 612 ptrdiff_t wrlen = fd_write(this->to_fd, buf, buflen); 613 if ((wrlen < 0) && (errno == EINTR)) { 614 continue; 615 } else if (wrlen < 0) { 616 goto send_trailers; 617 } ** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 965 in low_init_threads_disable() ________________________________________________________________________________________________________ *** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 965 in low_init_threads_disable() 959 im = im->next; 960 } 961 } 962 963 THREADS_FPRINTF(0, "low_init_threads_disable(): Disabling threads.\n"); 964 >>> CID 1601748: Data race undermines locking (LOCK_EVASION) >>> Thread1 sets "threads_disabled" to a new value. Now the two threads have an inconsistent view of "threads_disabled" and updates to fields correlated with "threads_disabled" may be lost. 965 threads_disabled = 1; 966 threads_disabled_start = get_real_time(); 967 #ifdef PIKE_DEBUG 968 threads_disabled_thread = th_self(); 969 #endif 970 } else { ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 13 Nov '20

13 Nov '20

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 3 new defect(s) introduced to Pike-master found with Coverity Scan. 2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1458076: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3724 in yysyntax_error() ________________________________________________________________________________________________________ *** CID 1458076: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3724 in yysyntax_error() 3718 } 3719 3720 if (*yymsg_alloc < yysize) 3721 { 3722 *yymsg_alloc = 2 * yysize; 3723 if (! (yysize <= *yymsg_alloc >>> CID 1458076: Integer handling issues (CONSTANT_EXPRESSION_RESULT) >>> "*yymsg_alloc <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&". 3724 && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM)) 3725 *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM; 3726 return 1; 3727 } 3728 3729 /* Avoid sprintf, as that infringes on the user's name space. ** CID 1458072: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3714 in yysyntax_error() /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3685 in yysyntax_error() ________________________________________________________________________________________________________ *** CID 1458072: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3714 in yysyntax_error() 3708 } 3709 3710 { 3711 /* Don't count the "%s"s in the final size, but reserve room for 3712 the terminator. */ 3713 YYPTRDIFF_T yysize1 = yysize + (yystrlen (yyformat) - 2 * yycount) + 1; >>> CID 1458072: (CONSTANT_EXPRESSION_RESULT) >>> "yysize1 <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&". 3714 if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) 3715 yysize = yysize1; 3716 else 3717 return 2; 3718 } 3719 /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3685 in yysyntax_error() 3679 break; 3680 } 3681 yyarg[yycount++] = yytname[yyx]; 3682 { 3683 YYPTRDIFF_T yysize1 3684 = yysize + yytnamerr (YY_NULLPTR, yytname[yyx]); >>> CID 1458072: (CONSTANT_EXPRESSION_RESULT) >>> "yysize1 <= 9223372036854775807L /* (long)((9223372036854775807L < (unsigned long)-1) ? 9223372036854775807L : (unsigned long)-1) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&". 3685 if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM) 3686 yysize = yysize1; 3687 else 3688 return 2; 3689 } 3690 } ** CID 20290: Control flow issues (MISSING_BREAK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3580 in yytnamerr() ________________________________________________________________________________________________________ *** CID 20290: Control flow issues (MISSING_BREAK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/language.c_src: 3580 in yytnamerr() 3574 switch (*++yyp) 3575 { 3576 case '\'': 3577 case ',': 3578 goto do_not_strip_quotes; 3579 >>> CID 20290: Control flow issues (MISSING_BREAK) >>> The case for value "'\\'" is not terminated by a 'break' statement. 3580 case '\\': 3581 if (*++yyp != '\\') 3582 goto do_not_strip_quotes; 3583 else 3584 goto append; 3585 ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P…

1 0

New Defects reported by Coverity Scan for Pike-stable
by scan-admin＠coverity.com 01 Jul '20

01 Jul '20

Hi, Please find the latest report on new defect(s) introduced to Pike-stable found with Coverity Scan. 21 new defect(s) introduced to Pike-stable found with Coverity Scan. 13 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 21 defect(s) ** CID 1465079: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() ________________________________________________________________________________________________________ *** CID 1465079: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() 2012 else 2013 switch (find_type) { 2014 case FIND_LESS: 2015 case FIND_GREATER: 2016 sub_extra_ref (msd); 2017 if (prepare_for_add (l, 1)) { >>> CID 1465079: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2018 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2019 msd = l->msd; 2020 } 2021 ALLOC_MSNODE (msd, l->node_refs, new); 2022 goto insert; 2023 /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() 2012 else 2013 switch (find_type) { 2014 case FIND_LESS: 2015 case FIND_GREATER: 2016 sub_extra_ref (msd); 2017 if (prepare_for_add (l, 1)) { >>> CID 1465079: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2018 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2019 msd = l->msd; 2020 } 2021 ALLOC_MSNODE (msd, l->node_refs, new); 2022 goto insert; 2023 /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2018 in multiset_insert_2() 2012 else 2013 switch (find_type) { 2014 case FIND_LESS: 2015 case FIND_GREATER: 2016 sub_extra_ref (msd); 2017 if (prepare_for_add (l, 1)) { >>> CID 1465079: (USE_AFTER_FREE) >>> Dereferencing freed pointer "msd". 2018 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2019 msd = l->msd; 2020 } 2021 ALLOC_MSNODE (msd, l->node_refs, new); 2022 goto insert; 2023 ** CID 1465078: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2871 in merge_multisets() /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2824 in merge_multisets() /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2824 in merge_multisets() /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2871 in merge_multisets() ________________________________________________________________________________________________________ *** CID 1465078: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2871 in merge_multisets() 2865 val_types |= 1 << TYPEOF(RBNODE (m.b_node)->iv.val); 2866 } 2867 }, { /* Free m.b_node. */ 2868 }); 2869 2870 else /* Destructive on a. */ >>> CID 1465078: (USE_AFTER_FREE) >>> Passing freed pointer "res_msd" as an argument to "merge_shift_ptrs". 2871 LOW_RB_MERGE ( 2872 ic_da, m.a_node, m.b_node, 2873 m.res_list, m.res_length, operation, 2874 2875 { 2876 low_use_multiset_index (RBNODE (m.a_node), a_ind); /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2824 in merge_multisets() 2818 if (TYPEOF(m.res->msd->cmp_less) == T_INT) { 2819 struct multiset_data *res_msd = m.res->msd; 2820 struct svalue a_ind, b_ind; 2821 m.a_node = HDR (m.a->msd->root), m.b_node = HDR (m.rd.b_msd->root); 2822 2823 if (m.rd.a_msd) /* Not destructive on a. */ >>> CID 1465078: (USE_AFTER_FREE) >>> Passing freed pointer "res_msd" as an argument to "merge_shift_ptrs". 2824 LOW_RB_MERGE ( 2825 ic_nd, m.a_node, m.b_node, 2826 m.res_list, m.res_length, operation, 2827 2828 { 2829 low_use_multiset_index (RBNODE (m.a_node), a_ind); /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2824 in merge_multisets() 2818 if (TYPEOF(m.res->msd->cmp_less) == T_INT) { 2819 struct multiset_data *res_msd = m.res->msd; 2820 struct svalue a_ind, b_ind; 2821 m.a_node = HDR (m.a->msd->root), m.b_node = HDR (m.rd.b_msd->root); 2822 2823 if (m.rd.a_msd) /* Not destructive on a. */ >>> CID 1465078: (USE_AFTER_FREE) >>> Passing freed pointer "res_msd" as an argument to "merge_shift_ptrs". 2824 LOW_RB_MERGE ( 2825 ic_nd, m.a_node, m.b_node, 2826 m.res_list, m.res_length, operation, 2827 2828 { 2829 low_use_multiset_index (RBNODE (m.a_node), a_ind); /home/covbuilder/pike/Pike-v8.0-snapshot/src/multiset.c: 2871 in merge_multisets() 2865 val_types |= 1 << TYPEOF(RBNODE (m.b_node)->iv.val); 2866 } 2867 }, { /* Free m.b_node. */ 2868 }); 2869 2870 else /* Destructive on a. */ >>> CID 1465078: (USE_AFTER_FREE) >>> Passing freed pointer "res_msd" as an argument to "merge_shift_ptrs". 2871 LOW_RB_MERGE ( 2872 ic_da, m.a_node, m.b_node, 2873 m.res_list, m.res_length, operation, 2874 2875 { 2876 low_use_multiset_index (RBNODE (m.a_node), a_ind); ** CID 1465072: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 431 in f_exp() ________________________________________________________________________________________________________ *** CID 1465072: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 431 in f_exp() 425 *! 426 *! @seealso 427 *! @[pow()], @[log()] 428 */ 429 void f_exp(INT32 args) 430 { >>> CID 1465072: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 431 ARG_CHECK("exp"); 432 SET_SVAL(sp[-1], T_FLOAT, 0, float_number, FL1(exp,sp[-1].u.float_number)); 433 } 434 435 /*! @decl int|float pow(float|int n, float|int x) 436 *! @decl mixed pow(object n, float|int|object x) ** CID 1465071: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 414 in f_log() ________________________________________________________________________________________________________ *** CID 1465071: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 414 in f_log() 408 *! 409 *! @seealso 410 *! @[pow()], @[exp()] 411 */ 412 void f_log(INT32 args) 413 { >>> CID 1465071: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 414 ARG_CHECK("log"); 415 if(sp[-1].u.float_number <=0.0) 416 Pike_error("Log on number less or equal to zero.\n"); 417 418 sp[-1].u.float_number = FL1(log,sp[-1].u.float_number); 419 } ** CID 1465069: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 495 in f_floor() ________________________________________________________________________________________________________ *** CID 1465069: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 495 in f_floor() 489 *! 490 *! @seealso 491 *! @[ceil()], @[round()] 492 */ 493 void f_floor(INT32 args) 494 { >>> CID 1465069: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 495 ARG_CHECK("floor"); 496 sp[-1].u.float_number = FL1(floor,sp[-1].u.float_number); 497 } 498 499 /*! @decl float ceil(int|float f) 500 *! ** CID 1465068: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 161 in f_acos() ________________________________________________________________________________________________________ *** CID 1465068: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 161 in f_acos() 155 *! 156 *! @seealso 157 *! @[cos()], @[asin()] 158 */ 159 void f_acos(INT32 args) 160 { >>> CID 1465068: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 161 ARG_CHECK("acos"); 162 if ((sp[-1].u.float_number >= -1.0) && 163 (sp[-1].u.float_number <= 1.0)) { 164 sp[-1].u.float_number = FL1(acos,sp[-1].u.float_number); 165 } else { 166 DECLARE_NAN; ** CID 1465067: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 182 in f_tan() ________________________________________________________________________________________________________ *** CID 1465067: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 182 in f_tan() 176 *! @seealso 177 *! @[atan()], @[sin()], @[cos()] 178 */ 179 void f_tan(INT32 args) 180 { 181 FLOAT_ARG_TYPE f; >>> CID 1465067: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 182 ARG_CHECK("tan"); 183 184 f = (sp[-1].u.float_number-M_PI/2) / M_PI; 185 if(f==floor(f+0.5)) 186 { 187 Pike_error("Impossible tangent.\n"); ** CID 1465066: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 239 in f_sinh() ________________________________________________________________________________________________________ *** CID 1465066: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 239 in f_sinh() 233 *! @seealso 234 *! @[asinh()], @[cosh()], @[tanh()] 235 */ 236 void f_sinh(INT32 args) 237 { 238 FLOAT_ARG_TYPE x; >>> CID 1465066: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 239 ARG_CHECK("sinh"); 240 x=sp[-1].u.float_number; 241 242 sp[-1].u.float_number = 243 DO_NOT_WARN ((FLOAT_TYPE) (0.5*(FA1(exp,x)-FA1(exp,-x)))); 244 } ** CID 1465065: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 512 in f_ceil() ________________________________________________________________________________________________________ *** CID 1465065: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 512 in f_ceil() 506 *! 507 *! @seealso 508 *! @[floor()], @[round()] 509 */ 510 void f_ceil(INT32 args) 511 { >>> CID 1465065: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 512 ARG_CHECK("ceil"); 513 sp[-1].u.float_number = FL1(ceil,sp[-1].u.float_number); 514 } 515 516 /*! @decl float round(int|float f) 517 *! ** CID 1465064: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 1864 in image_tuned_box_topbottom() ________________________________________________________________________________________________________ *** CID 1465064: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 1864 in image_tuned_box_topbottom() 1858 memcpy(dest,dest-xsize,length*sizeof(rgb_group)); 1859 dest+=xsize; 1860 } else { 1861 from = dest; 1862 for(x=0; x<64; x++) *(dest++) = color; 1863 for(;x<length-64;x+=64,dest+=64) >>> CID 1465064: Memory - corruptions (OVERLAPPING_COPY) >>> Copying 192 bytes from "from" to "dest", which point to overlapping memory locations. 1864 memcpy(dest, from, 64*sizeof(rgb_group)); 1865 for(;x<length; x++) *(dest++) = color; 1866 dest += xsize-length; 1867 old = color; 1868 } 1869 } ** CID 1465063: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 203 in f_atan() ________________________________________________________________________________________________________ *** CID 1465063: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 203 in f_atan() 197 *! 198 *! @seealso 199 *! @[tan()], @[asin()], @[acos()], @[atan2()] 200 */ 201 void f_atan(INT32 args) 202 { >>> CID 1465063: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 203 ARG_CHECK("atan"); 204 sp[-1].u.float_number = FL1(atan,sp[-1].u.float_number); 205 } 206 207 /*! @decl float atan2(float f1, float f2) 208 *! ** CID 1465062: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 113 in f_sin() ________________________________________________________________________________________________________ *** CID 1465062: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 113 in f_sin() 107 *! 108 *! @seealso 109 *! @[asin()], @[cos()], @[tan()] 110 */ 111 void f_sin(INT32 args) 112 { >>> CID 1465062: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 113 ARG_CHECK("sin"); 114 sp[-1].u.float_number = FL1(sin,sp[-1].u.float_number); 115 } 116 117 /*! @decl float asin(int|float f) 118 *! ** CID 1465061: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 290 in f_acosh() ________________________________________________________________________________________________________ *** CID 1465061: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 290 in f_acosh() 284 *! @seealso 285 *! @[cosh()], @[asinh()] 286 */ 287 void f_acosh(INT32 args) 288 { 289 FLOAT_ARG_TYPE x; >>> CID 1465061: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 290 ARG_CHECK("acosh"); 291 x=sp[-1].u.float_number; 292 293 sp[-1].u.float_number = 294 DO_NOT_WARN ((FLOAT_TYPE) (2*FA1(log,FA1(sqrt,0.5*(x+1))+FA1(sqrt,0.5*(x-1))))); 295 } ** CID 1465060: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 324 in f_atanh() ________________________________________________________________________________________________________ *** CID 1465060: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 324 in f_atanh() 318 *! @seealso 319 *! @[tanh()], @[asinh()], @[acosh()] 320 */ 321 void f_atanh(INT32 args) 322 { 323 FLOAT_ARG_TYPE x; >>> CID 1465060: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 324 ARG_CHECK("atanh"); 325 x=sp[-1].u.float_number; 326 327 sp[-1].u.float_number = 328 DO_NOT_WARN ((FLOAT_TYPE) (0.5*(FA1(log,1+x)-FA1(log,1-x)))); 329 } ** CID 1465059: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 127 in f_asin() ________________________________________________________________________________________________________ *** CID 1465059: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 127 in f_asin() 121 *! 122 *! @seealso 123 *! @[sin()], @[acos()] 124 */ 125 void f_asin(INT32 args) 126 { >>> CID 1465059: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 127 ARG_CHECK("asin"); 128 if ((sp[-1].u.float_number >= -1.0) && 129 (sp[-1].u.float_number <= 1.0)) { 130 sp[-1].u.float_number = FL1(asin,sp[-1].u.float_number); 131 } else { 132 DECLARE_NAN; ** CID 1465058: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 273 in f_cosh() ________________________________________________________________________________________________________ *** CID 1465058: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 273 in f_cosh() 267 *! @seealso 268 *! @[acosh()], @[sinh()], @[tanh()] 269 */ 270 void f_cosh(INT32 args) 271 { 272 FLOAT_ARG_TYPE x; >>> CID 1465058: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 273 ARG_CHECK("cosh"); 274 x=sp[-1].u.float_number; 275 276 sp[-1].u.float_number = 277 DO_NOT_WARN ((FLOAT_TYPE) (0.5*(FA1(exp,x)+FA1(exp,-x)))); 278 } ** CID 1465057: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 147 in f_cos() ________________________________________________________________________________________________________ *** CID 1465057: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 147 in f_cos() 141 *! 142 *! @seealso 143 *! @[acos()], @[sin()], @[tan()] 144 */ 145 void f_cos(INT32 args) 146 { >>> CID 1465057: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 147 ARG_CHECK("cos"); 148 sp[-1].u.float_number = FL1(cos,sp[-1].u.float_number); 149 } 150 151 /*! @decl float acos(int|float f) 152 *! ** CID 1465056: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 256 in f_asinh() ________________________________________________________________________________________________________ *** CID 1465056: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 256 in f_asinh() 250 *! @seealso 251 *! @[sinh()], @[acosh()] 252 */ 253 void f_asinh(INT32 args) 254 { 255 FLOAT_ARG_TYPE x; >>> CID 1465056: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 256 ARG_CHECK("asinh"); 257 x=sp[-1].u.float_number; 258 259 sp[-1].u.float_number = 260 DO_NOT_WARN ((FLOAT_TYPE) (FA1(log,x+FA1(sqrt,1+x*x)))); 261 } ** CID 1465055: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 307 in f_tanh() ________________________________________________________________________________________________________ *** CID 1465055: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_math/math.c: 307 in f_tanh() 301 *! @seealso 302 *! @[atanh()], @[sinh()], @[cosh()] 303 */ 304 void f_tanh(INT32 args) 305 { 306 FLOAT_ARG_TYPE x; >>> CID 1465055: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 307 ARG_CHECK("tanh"); 308 x=sp[-1].u.float_number; 309 310 sp[-1].u.float_number = 311 DO_NOT_WARN ((FLOAT_TYPE) ((FA1(exp,x)-FA1(exp,-x))/(FA1(exp,x)+FA1(exp,-x)))); 312 } ** CID 1465054: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 2233 in float_promote() /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 2228 in float_promote() ________________________________________________________________________________________________________ *** CID 1465054: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 2233 in float_promote() 2227 { 2228 SET_SVAL(sp[-2], T_FLOAT, 0, float_number, (FLOAT_TYPE)sp[-2].u.integer); 2229 return 1; 2230 } 2231 else if(TYPEOF(sp[-1]) == T_INT && TYPEOF(sp[-2]) == T_FLOAT) 2232 { >>> CID 1465054: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 2233 SET_SVAL(sp[-1], T_FLOAT, 0, float_number, (FLOAT_TYPE)sp[-1].u.integer); 2234 return 1; 2235 } 2236 2237 if(is_bignum_object_in_svalue(sp-2) && TYPEOF(sp[-1]) == T_FLOAT) 2238 { /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 2228 in float_promote() 2222 } 2223 2224 static int float_promote(void) 2225 { 2226 if(TYPEOF(sp[-2]) == T_INT && TYPEOF(sp[-1]) == T_FLOAT) 2227 { >>> CID 1465054: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-2].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 2228 SET_SVAL(sp[-2], T_FLOAT, 0, float_number, (FLOAT_TYPE)sp[-2].u.integer); 2229 return 1; 2230 } 2231 else if(TYPEOF(sp[-1]) == T_INT && TYPEOF(sp[-2]) == T_FLOAT) 2232 { 2233 SET_SVAL(sp[-1], T_FLOAT, 0, float_number, (FLOAT_TYPE)sp[-1].u.integer); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPkl…

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 01 Jul '20

01 Jul '20

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 20 new defect(s) introduced to Pike-master found with Coverity Scan. 12 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 20 defect(s) ** CID 1465072: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 355 in f_exp() ________________________________________________________________________________________________________ *** CID 1465072: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 355 in f_exp() 349 *! 350 *! @seealso 351 *! @[pow()], @[log()] 352 */ 353 void f_exp(INT32 args) 354 { >>> CID 1465072: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 355 ARG_CHECK("exp"); 356 SET_SVAL(sp[-1], T_FLOAT, 0, float_number, FL(exp)(sp[-1].u.float_number)); 357 } 358 359 /*! @decl int|float pow(float|int n, float|int x) 360 *! @decl mixed pow(object n, float|int|object x) ** CID 1465071: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 338 in f_log() ________________________________________________________________________________________________________ *** CID 1465071: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 338 in f_log() 332 *! 333 *! @seealso 334 *! @[pow()], @[exp()] 335 */ 336 void f_log(INT32 args) 337 { >>> CID 1465071: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 338 ARG_CHECK("log"); 339 if(sp[-1].u.float_number <=0.0) 340 Pike_error("Log on number less or equal to zero.\n"); 341 342 sp[-1].u.float_number = FL(log)(sp[-1].u.float_number); 343 } ** CID 1465070: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 1466 in pair_add() /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 1458 in pair_add() ________________________________________________________________________________________________________ *** CID 1465070: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 1466 in pair_add() 1460 } 1461 } 1462 else if( TYPEOF(Pike_sp[-1]) == PIKE_T_FLOAT ) 1463 { 1464 if( TYPEOF(Pike_sp[-2]) == PIKE_T_INT ) 1465 { >>> CID 1465070: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-2].u.integer" to "Pike_interpreter_pointer->stack_pointer[-2].u.float_number", which have overlapping memory locations and different types. 1466 Pike_sp[-2].u.float_number = Pike_sp[-2].u.integer; 1467 TYPEOF(Pike_sp[-2]) = PIKE_T_FLOAT; 1468 } 1469 } 1470 1471 if (TYPEOF(Pike_sp[-2]) != TYPEOF(Pike_sp[-1])) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 1458 in pair_add() 1452 stack_swap(); 1453 } 1454 else if( TYPEOF(Pike_sp[-2]) == PIKE_T_FLOAT ) 1455 { 1456 if( TYPEOF(Pike_sp[-1]) == PIKE_T_INT ) 1457 { >>> CID 1465070: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "Pike_interpreter_pointer->stack_pointer[-1].u.float_number", which have overlapping memory locations and different types. 1458 Pike_sp[-1].u.float_number = Pike_sp[-1].u.integer; 1459 TYPEOF(Pike_sp[-1]) = PIKE_T_FLOAT; 1460 } 1461 } 1462 else if( TYPEOF(Pike_sp[-1]) == PIKE_T_FLOAT ) 1463 { ** CID 1465069: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 384 in f_floor() ________________________________________________________________________________________________________ *** CID 1465069: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 384 in f_floor() 378 *! 379 *! @seealso 380 *! @[ceil()], @[round()] 381 */ 382 void f_floor(INT32 args) 383 { >>> CID 1465069: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 384 ARG_CHECK("floor"); 385 sp[-1].u.float_number = FL(floor)(sp[-1].u.float_number); 386 } 387 388 /*! @decl float ceil(int|float f) 389 *! ** CID 1465068: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 115 in f_acos() ________________________________________________________________________________________________________ *** CID 1465068: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 115 in f_acos() 109 *! 110 *! @seealso 111 *! @[cos()], @[asin()] 112 */ 113 void f_acos(INT32 args) 114 { >>> CID 1465068: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 115 ARG_CHECK("acos"); 116 if ((sp[-1].u.float_number >= -1.0) && 117 (sp[-1].u.float_number <= 1.0)) { 118 sp[-1].u.float_number = FL(acos)(sp[-1].u.float_number); 119 } else { 120 sp[-1].u.float_number = (FLOAT_TYPE) MAKE_NAN(); ** CID 1465067: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 135 in f_tan() ________________________________________________________________________________________________________ *** CID 1465067: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 135 in f_tan() 129 *! @seealso 130 *! @[atan()], @[sin()], @[cos()] 131 */ 132 void f_tan(INT32 args) 133 { 134 FLOAT_ARG_TYPE f; >>> CID 1465067: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 135 ARG_CHECK("tan"); 136 137 f = (sp[-1].u.float_number-M_PI/2) / M_PI; 138 if(f==floor(f+0.5)) 139 { 140 Pike_error("Impossible tangent.\n"); ** CID 1465066: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 191 in f_sinh() ________________________________________________________________________________________________________ *** CID 1465066: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 191 in f_sinh() 185 *! 186 *! @seealso 187 *! @[asinh()], @[cosh()], @[tanh()] 188 */ 189 void f_sinh(INT32 args) 190 { >>> CID 1465066: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 191 ARG_CHECK("sinh"); 192 sp[-1].u.float_number = FL(sinh)(sp[-1].u.float_number); 193 } 194 195 /*! @decl float asinh(int|float f) 196 *! ** CID 1465065: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 401 in f_ceil() ________________________________________________________________________________________________________ *** CID 1465065: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 401 in f_ceil() 395 *! 396 *! @seealso 397 *! @[floor()], @[round()] 398 */ 399 void f_ceil(INT32 args) 400 { >>> CID 1465065: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 401 ARG_CHECK("ceil"); 402 sp[-1].u.float_number = FL(ceil)(sp[-1].u.float_number); 403 } 404 405 /*! @decl float round(int|float f) 406 *! ** CID 1465064: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/image.c: 1784 in image_tuned_box_topbottom() ________________________________________________________________________________________________________ *** CID 1465064: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/image.c: 1784 in image_tuned_box_topbottom() 1778 memcpy(dest,dest-xsize,length*sizeof(rgb_group)); 1779 dest+=xsize; 1780 } else { 1781 from = dest; 1782 for(x=0; x<64; x++) *(dest++) = color; 1783 for(;x<length-64;x+=64,dest+=64) >>> CID 1465064: Memory - corruptions (OVERLAPPING_COPY) >>> Copying 192 bytes from "from" to "dest", which point to overlapping memory locations. 1784 memcpy(dest, from, 64*sizeof(rgb_group)); 1785 for(;x<length; x++) *(dest++) = color; 1786 dest += xsize-length; 1787 old = color; 1788 } 1789 } ** CID 1465063: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 156 in f_atan() ________________________________________________________________________________________________________ *** CID 1465063: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 156 in f_atan() 150 *! 151 *! @seealso 152 *! @[tan()], @[asin()], @[acos()], @[atan2()] 153 */ 154 void f_atan(INT32 args) 155 { >>> CID 1465063: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 156 ARG_CHECK("atan"); 157 sp[-1].u.float_number = FL(atan)(sp[-1].u.float_number); 158 } 159 160 /*! @decl float atan2(float f1, float f2) 161 *! ** CID 1465062: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 68 in f_sin() ________________________________________________________________________________________________________ *** CID 1465062: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 68 in f_sin() 62 *! 63 *! @seealso 64 *! @[asin()], @[cos()], @[tan()] 65 */ 66 void f_sin(INT32 args) 67 { >>> CID 1465062: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 68 ARG_CHECK("sin"); 69 sp[-1].u.float_number = FL(sin)(sp[-1].u.float_number); 70 } 71 72 /*! @decl float asin(int|float f) 73 *! ** CID 1465061: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 230 in f_acosh() ________________________________________________________________________________________________________ *** CID 1465061: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 230 in f_acosh() 224 *! 225 *! @seealso 226 *! @[cosh()], @[asinh()] 227 */ 228 void f_acosh(INT32 args) 229 { >>> CID 1465061: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 230 ARG_CHECK("acosh"); 231 sp[-1].u.float_number = FL(acosh)(sp[-1].u.float_number); 232 } 233 234 /*! @decl float tanh(int|float f) 235 *! ** CID 1465060: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 256 in f_atanh() ________________________________________________________________________________________________________ *** CID 1465060: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 256 in f_atanh() 250 *! 251 *! @seealso 252 *! @[tanh()], @[asinh()], @[acosh()] 253 */ 254 void f_atanh(INT32 args) 255 { >>> CID 1465060: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 256 ARG_CHECK("atanh"); 257 sp[-1].u.float_number = FL(atanh)(sp[-1].u.float_number); 258 } 259 260 /*! @decl float sqrt(float f) 261 *! @decl int sqrt(int i) ** CID 1465059: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 82 in f_asin() ________________________________________________________________________________________________________ *** CID 1465059: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 82 in f_asin() 76 *! 77 *! @seealso 78 *! @[sin()], @[acos()] 79 */ 80 void f_asin(INT32 args) 81 { >>> CID 1465059: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 82 ARG_CHECK("asin"); 83 if ((sp[-1].u.float_number >= -1.0) && 84 (sp[-1].u.float_number <= 1.0)) { 85 sp[-1].u.float_number = FL(asin)(sp[-1].u.float_number); 86 } else { 87 sp[-1].u.float_number = (FLOAT_TYPE) MAKE_NAN(); ** CID 1465058: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 217 in f_cosh() ________________________________________________________________________________________________________ *** CID 1465058: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 217 in f_cosh() 211 *! 212 *! @seealso 213 *! @[acosh()], @[sinh()], @[tanh()] 214 */ 215 void f_cosh(INT32 args) 216 { >>> CID 1465058: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 217 ARG_CHECK("cosh"); 218 sp[-1].u.float_number = FL(cosh)(sp[-1].u.float_number); 219 } 220 221 /*! @decl float acosh(int|float f) 222 *! ** CID 1465057: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 101 in f_cos() ________________________________________________________________________________________________________ *** CID 1465057: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 101 in f_cos() 95 *! 96 *! @seealso 97 *! @[acos()], @[sin()], @[tan()] 98 */ 99 void f_cos(INT32 args) 100 { >>> CID 1465057: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 101 ARG_CHECK("cos"); 102 sp[-1].u.float_number = FL(cos)(sp[-1].u.float_number); 103 } 104 105 /*! @decl float acos(int|float f) 106 *! ** CID 1465056: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 204 in f_asinh() ________________________________________________________________________________________________________ *** CID 1465056: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 204 in f_asinh() 198 *! 199 *! @seealso 200 *! @[sinh()], @[acosh()] 201 */ 202 void f_asinh(INT32 args) 203 { >>> CID 1465056: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 204 ARG_CHECK("asinh"); 205 sp[-1].u.float_number = FL(asinh)(sp[-1].u.float_number); 206 } 207 208 /*! @decl float cosh(int|float f) 209 *! ** CID 1465055: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 243 in f_tanh() ________________________________________________________________________________________________________ *** CID 1465055: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 243 in f_tanh() 237 *! 238 *! @seealso 239 *! @[atanh()], @[sinh()], @[cosh()] 240 */ 241 void f_tanh(INT32 args) 242 { >>> CID 1465055: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 243 ARG_CHECK("tanh"); 244 sp[-1].u.float_number = FL(tanh)(sp[-1].u.float_number); 245 } 246 247 /*! @decl float atanh(int|float f) 248 *! ** CID 1465054: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 2104 in float_promote() /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 2099 in float_promote() ________________________________________________________________________________________________________ *** CID 1465054: (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 2104 in float_promote() 2098 { 2099 SET_SVAL(Pike_sp[-2], T_FLOAT, 0, float_number, (FLOAT_TYPE)Pike_sp[-2].u.integer); 2100 return 1; 2101 } 2102 else if(TYPEOF(Pike_sp[-1]) == T_INT && TYPEOF(Pike_sp[-2]) == T_FLOAT) 2103 { >>> CID 1465054: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 2104 SET_SVAL(Pike_sp[-1], T_FLOAT, 0, float_number, (FLOAT_TYPE)Pike_sp[-1].u.integer); 2105 return 1; 2106 } 2107 2108 if(is_bignum_object_in_svalue(Pike_sp-2) && TYPEOF(Pike_sp[-1]) == T_FLOAT) 2109 { /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 2099 in float_promote() 2093 } 2094 2095 static int float_promote(void) 2096 { 2097 if(TYPEOF(Pike_sp[-2]) == T_INT && TYPEOF(Pike_sp[-1]) == T_FLOAT) 2098 { >>> CID 1465054: (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-2].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 2099 SET_SVAL(Pike_sp[-2], T_FLOAT, 0, float_number, (FLOAT_TYPE)Pike_sp[-2].u.integer); 2100 return 1; 2101 } 2102 else if(TYPEOF(Pike_sp[-1]) == T_INT && TYPEOF(Pike_sp[-2]) == T_FLOAT) 2103 { 2104 SET_SVAL(Pike_sp[-1], T_FLOAT, 0, float_number, (FLOAT_TYPE)Pike_sp[-1].u.integer); ** CID 1465053: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 418 in f_round() ________________________________________________________________________________________________________ *** CID 1465053: Memory - corruptions (OVERLAPPING_COPY) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_math/math.c: 418 in f_round() 412 *! 413 *! @seealso 414 *! @[floor()], @[ceil()] 415 */ 416 void f_round(INT32 args) 417 { >>> CID 1465053: Memory - corruptions (OVERLAPPING_COPY) >>> Assigning "Pike_interpreter_pointer->stack_pointer[-1].u.integer" to "__sv_ptr->u.float_number", which have overlapping memory locations and different types. 418 ARG_CHECK("round"); 419 sp[-1].u.float_number = FL(rint)(sp[-1].u.float_number); 420 } 421 422 423 /*! @decl int|float|object limit(int|float|object minval, int|float|object x, int|float|object maxval) ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPkl…

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 02 Apr '20

02 Apr '20

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 2 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 1461177: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3274 in docode() ________________________________________________________________________________________________________ *** CID 1461177: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3274 in docode() 3268 struct byte_buffer instrbuf_save = instrbuf; 3269 struct statement_label *label_save; 3270 3271 PUSH_STATEMENT_LABEL; 3272 label_save = current_label->prev; 3273 current_label->prev = NULL; >>> CID 1461177: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "current_label->prev". 3274 PUSH_CLEANUP_FRAME(NULL, NULL); 3275 label_no=1; 3276 current_stack_depth = 0; 3277 Pike_compiler->compiler_frame->generator_local = -1; 3278 init_bytecode(); 3279 ** CID 1461176: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3033 in do_code_block() ________________________________________________________________________________________________________ *** CID 1461176: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v8.1-snapshot/src/docode.c: 3033 in do_code_block() 3027 3028 init_bytecode(); 3029 label_no=1; 3030 PUSH_STATEMENT_LABEL; 3031 save_label = current_label->prev; 3032 current_label->prev = NULL; >>> CID 1461176: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "current_label->prev". 3033 PUSH_CLEANUP_FRAME(NULL, NULL); 3034 current_stack_depth = 0; 3035 3036 /* NOTE: This is no ordinary label... */ 3037 low_insert_label(0); 3038 emit0(F_ENTRY); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPkl…

1 0

New Defects reported by Coverity Scan for Pike-master
by scan-admin＠coverity.com 21 Jan '20

21 Jan '20

Hi, Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan. 1 new defect(s) introduced to Pike-master found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 1457890: Resource leaks (RESOURCE_LEAK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_Stdio/file.c: 2747 in my_openpty() ________________________________________________________________________________________________________ *** CID 1457890: Resource leaks (RESOURCE_LEAK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/_Stdio/file.c: 2747 in my_openpty() 2741 * Not required on Solaris 11.4 and later. 2742 */ 2743 ioctl(s, I_PUSH, "ptem"); /* Pseudo terminal emulation mode */ 2744 ioctl(s, I_PUSH, "ldterm"); /* Terminal line discipline */ 2745 ioctl(s, I_PUSH, "ttcompat"); /* BSD terminal compatibility */ 2746 #endif >>> CID 1457890: Resource leaks (RESOURCE_LEAK) >>> Handle variable "s" going out of scope leaks the handle. 2747 return 0; 2748 } 2749 } 2750 close(m); 2751 return -1; 2752 } ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V0…

1 0