Hi,
Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan.
53 new defect(s) introduced to Pike-master found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 20 of 53 defect(s)
** CID 1601767: (RESOURCE_LEAK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3023 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3035 in pike_gethex()
________________________________________________________________________________________________________ *** CID 1601767: (RESOURCE_LEAK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3023 in pike_gethex() 3017 k = n - 1; 3018 #ifdef IEEE_Arith 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) {
CID 1601767: (RESOURCE_LEAK) Ignoring storage allocated by "multadd(b, 1, 1)" leaks it.
3023 multadd(b, 1, 1 MTa); 3024 emin_check: 3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3035 in pike_gethex() 3029 } 3030 } 3031 break; 3032 case Round_up: 3033 if (!sign && (lostbits || (b->x[0] & 1))) { 3034 incr_denorm:
CID 1601767: (RESOURCE_LEAK) Ignoring storage allocated by "multadd(b, 1, 2)" leaks it.
3035 multadd(b, 1, 2 MTa); 3036 check_denorm = 1; 3037 lostbits = 0; 3038 goto emin_check; 3039 } 3040 break;
** CID 1601766: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/program.c: 2096 in add_identifier()
________________________________________________________________________________________________________ *** CID 1601766: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/program.c: 2096 in add_identifier() 2090 if ((identifier_flags & (IDENTIFIER_VARIABLE|IDENTIFIER_ALIAS)) == 2091 IDENTIFIER_VARIABLE) { 2092 add_to_variable_index(ref.identifier_offset); 2093 } 2094 2095 n = Pike_compiler->new_program->num_identifier_references;
CID 1601766: Uninitialized variables (UNINIT) Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references".
2096 add_to_identifier_references(ref); 2097 2098 return n; 2099 } 2100 2101 void use_module(struct svalue *s)
** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 4239 in th_num_idle_farmers()
________________________________________________________________________________________________________ *** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 4239 in th_num_idle_farmers() 4233 } while(1); 4234 UNREACHABLE(); 4235 } 4236 4237 int th_num_idle_farmers(void) 4238 {
CID 1601765: Concurrent data access violations (MISSING_LOCK) Accessing "_num_idle_farmers" without holding lock "rosie". Elsewhere, "_num_idle_farmers" is written to with "rosie" held 3 out of 3 times.
4239 return _num_idle_farmers; 4240 } 4241 4242 4243 int th_num_farmers(void) 4244 {
** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply()
________________________________________________________________________________________________________ *** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply() 57 58 void drop_reply(int ok) 59 //! Drop reply. 60 { 61 INT_TYPE t,o; 62 get_all_args(NULL,args,"%i",&o);
CID 1601764: High impact quality (Y2K38_SAFETY) A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "guint32".
63 gdk_drop_reply((GdkDragContext *)THIS->obj,o,time(NULL)); 64 RETURN_THIS(); 65 } 66 67 void drag_set_icon_widget(GTK2.Widget widget, int hot_x, int hot_y) 68 //! Set the drag widget. This is a widget that will be shown, and then
** CID 1601763: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex()
________________________________________________________________________________________________________ *** CID 1601763: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check:
CID 1601763: (USE_AFTER_FREE) Dereferencing freed pointer "b".
3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check:
CID 1601763: (USE_AFTER_FREE) Dereferencing freed pointer "b".
3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check:
CID 1601763: (USE_AFTER_FREE) Dereferencing freed pointer "b".
3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3025 in pike_gethex() 3019 if (!k) { 3020 switch(rounding) { 3021 case Round_near: 3022 if (((b->x[0] & 3) == 3) || (lostbits && (b->x[0] & 1))) { 3023 multadd(b, 1, 1 MTa); 3024 emin_check:
CID 1601763: (USE_AFTER_FREE) Dereferencing freed pointer "b".
3025 if (b->x[1] == (1 << (Exp_shift + 1))) { 3026 rshift(b,1); 3027 e = emin; 3028 goto normal; 3029 } 3030 }
** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time()
________________________________________________________________________________________________________ *** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time() 41 //! Get the flags. 42 43 int get_initial_time(); 44 //! Queries the initial time that was set using set_time() or during creation. 45 46
CID 1601762: High impact quality (Y2K38_SAFETY) A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_initial_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint".
** CID 1601761: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________ *** CID 1601761: Null pointer dereferences (NULL_RETURNS) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/system/system.c: 2129 in describe_hostent() 2123 INT32 nelem = 0; 2124 2125 for (p = hp->h_addr_list; *p != 0; p++) { 2126 #ifdef fd_inet_ntop 2127 char buffer[64]; 2128
CID 1601761: Null pointer dereferences (NULL_RETURNS) Dereferencing a pointer that might be "NULL" "inet_ntop(hp->h_addrtype, *p, buffer, 64U)" when calling "push_text".
2129 push_text(fd_inet_ntop(hp->h_addrtype, *p, buffer, sizeof(buffer))); 2130 #else 2131 struct in_addr in; 2132 2133 memcpy(&in.s_addr, *p, sizeof (in.s_addr)); 2134 push_text(inet_ntoa(in));
** CID 1601760: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/builtin_functions.c: 6328 in mktime_zone()
________________________________________________________________________________________________________ *** CID 1601760: Integer handling issues (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/builtin_functions.c: 6328 in mktime_zone() 6322 /* Restore tm_year. */ 6323 date->tm_year -= ydelta; 6324 #endif 6325 6326 retval += ret; 6327
CID 1601760: Integer handling issues (CONSTANT_EXPRESSION_RESULT) "retval < -9223372036854775808L /* -9223372036854775807L - 1L */" is always false regardless of the values of its operands. This occurs as the logical first operand of "||".
6328 if ((retval < MIN_TIME_T) || (retval > MAX_TIME_T)) { 6329 #ifdef EOVERFLOW 6330 errno = EOVERFLOW; 6331 #else 6332 /* NT does not have EOVERFLOW. */ 6333 errno = ERANGE;
** CID 1601759: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3090 in pike_gethex()
________________________________________________________________________________________________________ *** CID 1601759: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/dtoa.c: 3090 in pike_gethex() 3084 x = b->x; 3085 if (!denorm && (b->wds > k 3086 || ((n = nbits & kmask) !=0 3087 && hi0bits(x[k-1]) < 32-n))) { 3088 rshift(b,1); 3089 if (++e > Emax)
CID 1601759: Control flow issues (DEADCODE) Execution cannot reach this statement: "goto ovfl;".
3090 goto ovfl; 3091 } 3092 } 3093 } 3094 #ifdef IEEE_Arith 3095 if (denorm)
** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6064 in f_count_memory() /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6084 in f_count_memory() /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6058 in f_count_memory() /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6087 in f_count_memory()
________________________________________________________________________________________________________ *** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6064 in f_count_memory() 6058 DO_AGGREGATE_ARRAY (120); 6059 } 6060 } 6061 if (list == &mc_incomplete) list = &mc_indirect; 6062 else break; 6063 }
CID 1601758: (CONSTANT_EXPRESSION_RESULT) "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment.
6064 } END_AGGREGATE_ARRAY; 6065 args++; 6066 mapping_string_insert (opts, ind, Pike_sp - 1); 6067 } 6068 6069 MAKE_CONST_STRING (ind, "collect_direct_externals"); /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6084 in f_count_memory() 6078 assert (m->flags & MC_FLAG_LA_VISITED); 6079 if (type <= MAX_TYPE) { 6080 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6081 add_ref ((struct ref_dummy *) m->thing); 6082 dmalloc_touch_svalue (Pike_sp); 6083 Pike_sp++;
CID 1601758: (CONSTANT_EXPRESSION_RESULT) "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment.
6084 DO_AGGREGATE_ARRAY (120); 6085 } 6086 } 6087 } END_AGGREGATE_ARRAY; 6088 args++; 6089 mapping_string_insert (opts, ind, Pike_sp - 1); /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6058 in f_count_memory() 6052 assert (m->flags & MC_FLAG_LA_VISITED); 6053 if (type <= MAX_TYPE) { 6054 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6055 add_ref ((struct ref_dummy *) m->thing); 6056 dmalloc_touch_svalue (Pike_sp); 6057 Pike_sp++;
CID 1601758: (CONSTANT_EXPRESSION_RESULT) "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment.
6058 DO_AGGREGATE_ARRAY (120); 6059 } 6060 } 6061 if (list == &mc_incomplete) list = &mc_indirect; 6062 else break; 6063 } /home/covbuilder/pike/Pike-v9.0-snapshot/src/gc.c: 6087 in f_count_memory() 6081 add_ref ((struct ref_dummy *) m->thing); 6082 dmalloc_touch_svalue (Pike_sp); 6083 Pike_sp++; 6084 DO_AGGREGATE_ARRAY (120); 6085 } 6086 }
CID 1601758: (CONSTANT_EXPRESSION_RESULT) "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << PIKE_T_UNFINISHED) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment.
6087 } END_AGGREGATE_ARRAY; 6088 args++; 6089 mapping_string_insert (opts, ind, Pike_sp - 1); 6090 } 6091 } 6092
** CID 1601757: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/Shuffler/Shuffler.cmod: 464 in f_Shuffle_set_done_callback()
________________________________________________________________________________________________________ *** CID 1601757: Null pointer dereferences (FORWARD_NULL) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/Shuffler/Shuffler.cmod: 464 in f_Shuffle_set_done_callback() 458 *! 459 */ 460 optflags OPT_SIDE_EFFECT; 461 { 462 SHUFFLE_DEBUG2("set_done_callback(%p)\n", THIS, cb->u.object ); 463 assign_svalue( &THIS->done_callback,cb);
CID 1601757: Null pointer dereferences (FORWARD_NULL) Dereferencing null pointer "_from".
464 } 465 466 PIKEFUN void set_request_arg( mixed arg ) 467 /*! @decl void set_request_arg( mixed arg ) 468 *! 469 *! Sets the extra argument sent to @[Throttler()->request()] and
** CID 1601756: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add()
________________________________________________________________________________________________________ *** CID 1601756: (USE_AFTER_FREE) /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() 2007 else 2008 switch (find_type) { 2009 case FIND_LESS: 2010 case FIND_GREATER: 2011 sub_extra_ref (msd); 2012 if (prepare_for_add (l, 1)) {
CID 1601756: (USE_AFTER_FREE) Dereferencing freed pointer "msd".
2013 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2014 msd = l->msd; 2015 } 2016 ALLOC_MSNODE (msd, l->node_refs, new); 2017 goto add; 2018 /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() 2007 else 2008 switch (find_type) { 2009 case FIND_LESS: 2010 case FIND_GREATER: 2011 sub_extra_ref (msd); 2012 if (prepare_for_add (l, 1)) {
CID 1601756: (USE_AFTER_FREE) Dereferencing freed pointer "msd".
2013 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2014 msd = l->msd; 2015 } 2016 ALLOC_MSNODE (msd, l->node_refs, new); 2017 goto add; 2018 /home/covbuilder/pike/Pike-v9.0-snapshot/src/multiset.c: 2013 in multiset_add() 2007 else 2008 switch (find_type) { 2009 case FIND_LESS: 2010 case FIND_GREATER: 2011 sub_extra_ref (msd); 2012 if (prepare_for_add (l, 1)) {
CID 1601756: (USE_AFTER_FREE) Dereferencing freed pointer "msd".
2013 rbstack_shift (rbstack, HDR (msd->nodes), HDR (l->msd->nodes)); 2014 msd = l->msd; 2015 } 2016 ALLOC_MSNODE (msd, l->node_refs, new); 2017 goto add; 2018
** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time()
________________________________________________________________________________________________________ *** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v9.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time() 28 //! be the one represented by the_time. 29 30 int get_time(); 31 //! Return the time entered in the widget. 32 33 void set_popup_range(int low_hour, int up_hour);
CID 1601755: High impact quality (Y2K38_SAFETY) A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint".
34 //! Sets the range of times that will be provide by the time popup 35 //! selectors. 36 37 void set_flags(int flags); 38 //! Bitwise or of CONST(GNOME_DATE_EDIT_). 39
** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/timeout.c: 222 in aap_exit_timeouts()
________________________________________________________________________________________________________ *** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/timeout.c: 222 in aap_exit_timeouts() 216 { 217 void *res; 218 DWERROR("AAP: aap_exit_timeouts.\n"); 219 THREADS_ALLOW(); 220 mt_lock (&aap_timeout_mutex); 221 aap_time_to_die = 1;
CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) The wait condition prompting the wait upon "aap_timeout_mutex" is not checked correctly. This code can wait for a condition that has already been satisfied, which can cause a never-ending wait.
222 co_wait (&aap_timeout_thread_is_dead, &aap_timeout_mutex); 223 mt_unlock (&aap_timeout_mutex); 224 THREADS_DISALLOW(); 225 mt_destroy (&aap_timeout_mutex); 226 co_destroy (&aap_timeout_thread_is_dead); 227 DWERROR("AAP: aap_exit_timeouts done.\n"); 228 } 229 #endif
** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/log.c: 113 in f_aap_log_exists()
________________________________________________________________________________________________________ *** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/HTTPLoop/log.c: 113 in f_aap_log_exists() 107 f_aggregate(n); 108 } 109 } 110 111 void f_aap_log_exists(INT32 UNUSED(args)) 112 {
CID 1601753: Concurrent data access violations (MISSING_LOCK) Accessing "((struct args *)Pike_interpreter_pointer->frame_pointer->current_storage)->log->log_head" without holding lock "log.log_lock". Elsewhere, "log.log_head" is written to with "log.log_lock" held 5 out of 5 times.
113 if(LTHIS->log->log_head) 114 push_int(1); 115 else 116 push_int(0); 117 } 118
** CID 1601752: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________ *** CID 1601752: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/Image/encodings/ilbm.c: 547 in image_ilbm__decode() 541 push_object(clone_object(image_colortable_program,1)); 542 ctable=get_storage(sp[-1].u.object, 543 image_colortable_program); 544 n++; 545 } 546
CID 1601752: Insecure data handling (TAINTED_SCALAR) Passing tainted expression "bmhd.h" to "parse_body", which uses it as a loop boundary.
547 parse_body(&bmhd, STR0(ITEM(arr)[5].u.string), ITEM(arr)[5].u.string->len, 548 img, alpha, ctable, !!(camg & CAMG_HAM)); 549 550 f_aggregate_mapping(2*n); 551 stack_swap(); 552 pop_stack();
** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_WhiteFish/blob.c: 127 in wf_blob_hit()
________________________________________________________________________________________________________ *** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_WhiteFish/blob.c: 127 in wf_blob_hit() 121 { 122 Hit hit; 123 if( b->eof ) 124 { 125 hit.type = HIT_NOTHING; 126 hit.raw = 0;
CID 1601751: Uninitialized variables (UNINIT) Using uninitialized value "hit". Field "hit.u" is uninitialized.
127 return hit; 128 } 129 else 130 { 131 int off = b->b->rpos + 5 + n*2; 132 unsigned char h = b->b->data[ off ];
** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Gz/zlibmod.c: 695 in init_gz_deflate()
________________________________________________________________________________________________________ *** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Gz/zlibmod.c: 695 in init_gz_deflate() 689 { 690 mt_init(& THIS->lock); 691 THIS->gz.zalloc=Z_NULL; 692 THIS->gz.zfree=Z_NULL; 693 THIS->gz.opaque=(void *)THIS; 694 THIS->state=0;
CID 1601750: Error handling issues (CHECKED_RETURN) Calling "deflateInit_(&((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->gz, ((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->level = -1, "1.2.8", 112)" without checking return value. It wraps a library function that may fail and return an error code.
695 deflateInit(& THIS->gz, THIS->level = Z_DEFAULT_COMPRESSION); 696 THIS->epilogue = NULL; 697 } 698 699 static void exit_gz_deflate(struct object *UNUSED(o)) 700 {
** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Stdio/sendfile.c: 612 in low_do_sendfile()
________________________________________________________________________________________________________ *** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v9.0-snapshot/src/modules/_Stdio/sendfile.c: 612 in low_do_sendfile() 606 len = (ptrdiff_t) this->len; 607 while ((buflen = fd_read(this->from_fd, this->buffer, len)) > 0) { 608 char *buf = this->buffer; 609 this->len -= buflen; 610 this->offset += buflen; 611 while (buflen) {
CID 1601749: Memory - corruptions (OVERRUN) Calling "write" with "buf" and "buflen" is suspicious because of the very large index, 9223372036854775807. The index may be due to a negative parameter being interpreted as unsigned.
612 ptrdiff_t wrlen = fd_write(this->to_fd, buf, buflen); 613 if ((wrlen < 0) && (errno == EINTR)) { 614 continue; 615 } else if (wrlen < 0) { 616 goto send_trailers; 617 }
** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 965 in low_init_threads_disable()
________________________________________________________________________________________________________ *** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v9.0-snapshot/src/threads.c: 965 in low_init_threads_disable() 959 im = im->next; 960 } 961 } 962 963 THREADS_FPRINTF(0, "low_init_threads_disable(): Disabling threads.\n"); 964
CID 1601748: Data race undermines locking (LOCK_EVASION) Thread1 sets "threads_disabled" to a new value. Now the two threads have an inconsistent view of "threads_disabled" and updates to fields correlated with "threads_disabled" may be lost.
965 threads_disabled = 1; 966 threads_disabled_start = get_real_time(); 967 #ifdef PIKE_DEBUG 968 threads_disabled_thread = th_self(); 969 #endif 970 } else {
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2B...