Hi,
Please find the latest report on new defect(s) introduced to Pike-stable found with Coverity Scan.
41 new defect(s) introduced to Pike-stable found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 20 of 41 defect(s)
** CID 1601773: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________ *** CID 1601773: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/requestobject.c: 192 in f_aap_scan_for_query() 186 } 187 } 188 work_area[j++]=c; 189 } 190 191 done:
CID 1601773: Uninitialized variables (UNINIT) Using uninitialized value "work_area[begin]" when calling "debug_make_shared_binary_string".
192 TINSERT(THIS->misc_variables, s_not_query, work_area+begin, j-begin+1); 193 free(work_area); 194 195 if(i < len) 196 TINSERT(THIS->misc_variables, s_query, s+i+1, (len-i)-1); 197 else
** CID 1601772: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters()
________________________________________________________________________________________________________ *** CID 1601772: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() 1384 }); 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 });
CID 1601772: (UNINIT) Using uninitialized value "_s->u.dummy".
1390 HANDLE_PARAM("done_cb", { 1391 assign_svalue(&gc_done_cb, set); 1392 }, { 1393 assign_svalue(&get, &gc_done_cb); 1394 }); 1395 /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() 1369 HANDLE_FLOAT_FACTOR ("garbage_ratio_low", gc_garbage_ratio_low); 1370 HANDLE_FLOAT_FACTOR ("time_ratio", gc_time_ratio); 1371 HANDLE_FLOAT_FACTOR ("garbage_ratio_high", gc_garbage_ratio_high); 1372 HANDLE_FLOAT_FACTOR ("min_gc_time_ratio", gc_min_time_ratio); 1373 HANDLE_FLOAT_FACTOR ("average_slowness", gc_average_slowness); 1374
CID 1601772: (UNINIT) Using uninitialized value "_s->tu.t.type".
1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); 1380 HANDLE_PARAM("post_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() 1379 }); 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 });
CID 1601772: (UNINIT) Using uninitialized value "get" when calling "mapping_string_insert".
1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); 1390 HANDLE_PARAM("done_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() 1384 }); 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 });
CID 1601772: (UNINIT) Using uninitialized value "_s->tu.t.type".
1390 HANDLE_PARAM("done_cb", { 1391 assign_svalue(&gc_done_cb, set); 1392 }, { 1393 assign_svalue(&get, &gc_done_cb); 1394 }); 1395 /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() 1379 }); 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 });
CID 1601772: (UNINIT) Using uninitialized value "_s->tu.t.type".
1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); 1390 HANDLE_PARAM("done_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1385 in f_gc_parameters() 1379 }); 1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 });
CID 1601772: (UNINIT) Using uninitialized value "_s->u.dummy".
1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 }); 1390 HANDLE_PARAM("done_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() 1369 HANDLE_FLOAT_FACTOR ("garbage_ratio_low", gc_garbage_ratio_low); 1370 HANDLE_FLOAT_FACTOR ("time_ratio", gc_time_ratio); 1371 HANDLE_FLOAT_FACTOR ("garbage_ratio_high", gc_garbage_ratio_high); 1372 HANDLE_FLOAT_FACTOR ("min_gc_time_ratio", gc_min_time_ratio); 1373 HANDLE_FLOAT_FACTOR ("average_slowness", gc_average_slowness); 1374
CID 1601772: (UNINIT) Using uninitialized value "_s->u.dummy".
1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); 1380 HANDLE_PARAM("post_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() 1374 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 });
CID 1601772: (UNINIT) Using uninitialized value "_s->u.dummy".
1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); 1385 HANDLE_PARAM("destruct_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1375 in f_gc_parameters() 1369 HANDLE_FLOAT_FACTOR ("garbage_ratio_low", gc_garbage_ratio_low); 1370 HANDLE_FLOAT_FACTOR ("time_ratio", gc_time_ratio); 1371 HANDLE_FLOAT_FACTOR ("garbage_ratio_high", gc_garbage_ratio_high); 1372 HANDLE_FLOAT_FACTOR ("min_gc_time_ratio", gc_min_time_ratio); 1373 HANDLE_FLOAT_FACTOR ("average_slowness", gc_average_slowness); 1374
CID 1601772: (UNINIT) Using uninitialized value "get" when calling "mapping_string_insert".
1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 }); 1380 HANDLE_PARAM("post_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() 1374 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 });
CID 1601772: (UNINIT) Using uninitialized value "get" when calling "mapping_string_insert".
1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); 1385 HANDLE_PARAM("destruct_cb", { /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1390 in f_gc_parameters() 1384 }); 1385 HANDLE_PARAM("destruct_cb", { 1386 assign_svalue(&gc_destruct_cb, set); 1387 }, { 1388 assign_svalue(&get, &gc_destruct_cb); 1389 });
CID 1601772: (UNINIT) Using uninitialized value "get" when calling "mapping_string_insert".
1390 HANDLE_PARAM("done_cb", { 1391 assign_svalue(&gc_done_cb, set); 1392 }, { 1393 assign_svalue(&get, &gc_done_cb); 1394 }); 1395 /home/covbuilder/pike/Pike-v8.0-snapshot/src/builtin.cmod: 1380 in f_gc_parameters() 1374 1375 HANDLE_PARAM("pre_cb", { 1376 assign_svalue(&gc_pre_cb, set); 1377 }, { 1378 assign_svalue(&get, &gc_pre_cb); 1379 });
CID 1601772: (UNINIT) Using uninitialized value "_s->tu.t.type".
1380 HANDLE_PARAM("post_cb", { 1381 assign_svalue(&gc_post_cb, set); 1382 }, { 1383 assign_svalue(&get, &gc_post_cb); 1384 }); 1385 HANDLE_PARAM("destruct_cb", {
** CID 1601771: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________ *** CID 1601771: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Inotify/inotify.cmod: 298 in f_Inotify_cq__Instance_add_watch() 292 ev.mask |= IN_ISDIR; 293 } 294 /* FIXME: Handle DT_UNKNOWN. */ 295 #endif /* HAVE_DIRENT_T_TYPE */ 296 297 string_build_mkspace(&THIS->buf, sizeof(ev) + ev.len, 0);
CID 1601771: Uninitialized variables (UNINIT) Using uninitialized value "ev". Field "ev.name" is uninitialized when calling "string_builder_binary_strcat0".
298 string_builder_binary_strcat0(&THIS->buf, 299 (p_wchar0 *)&ev, 300 sizeof(ev)); 301 string_builder_strcat(&THIS->buf, dirent->d_name); 302 string_builder_fill(&THIS->buf, pad+1, 303 MKPCHARP("\0\0\0\0\0\0\0\0", 0), 8, 0);
** CID 1601770: (UNINIT)
________________________________________________________________________________________________________ *** CID 1601770: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5912 in add_constant() 5906 { 5907 my_yyerror("Identifier %S defined twice.", name); 5908 return n; 5909 } 5910 5911 /* override */
CID 1601770: (UNINIT) Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "override_identifier".
5912 if ((overridden = override_identifier (&ref, name, 0)) >= 0) { 5913 #ifdef PIKE_DEBUG 5914 struct reference *oref = 5915 Pike_compiler->new_program->identifier_references+overridden; 5916 if((oref->inherit_offset != ref.inherit_offset) || 5917 (oref->identifier_offset != ref.identifier_offset) || /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5926 in add_constant() 5920 } 5921 #endif 5922 return overridden; 5923 } 5924 } 5925 n=Pike_compiler->new_program->num_identifier_references;
CID 1601770: (UNINIT) Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references".
5926 add_to_identifier_references(ref); 5927 5928 return n; 5929 } 5930 5931 PMOD_EXPORT int simple_add_constant(const char *name,
** CID 1601769: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5455 in low_define_variable()
________________________________________________________________________________________________________ *** CID 1601769: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5455 in low_define_variable() 5449 5450 add_to_variable_index(ref.identifier_offset); 5451 5452 debug_add_to_identifiers(dummy); 5453 5454 n=Pike_compiler->new_program->num_identifier_references;
CID 1601769: Uninitialized variables (UNINIT) Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references".
5455 add_to_identifier_references(ref); 5456 5457 return n; 5458 } 5459 5460 /* type is a textual type */
** CID 1601768: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5320 in low_define_alias()
________________________________________________________________________________________________________ *** CID 1601768: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/program.c: 5320 in low_define_alias() 5314 ref.inherit_offset=0; 5315 ref.run_time_type = PIKE_T_UNKNOWN; 5316 5317 debug_add_to_identifiers(dummy); 5318 5319 n = Pike_compiler->new_program->num_identifier_references;
CID 1601768: Uninitialized variables (UNINIT) Using uninitialized value "ref". Field "ref.func" is uninitialized when calling "add_to_identifier_references".
5320 add_to_identifier_references(ref); 5321 5322 return n; 5323 } 5324 5325 PMOD_EXPORT int define_alias(struct pike_string *name, struct pike_type *type,
** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 3471 in th_num_idle_farmers()
________________________________________________________________________________________________________ *** CID 1601765: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 3471 in th_num_idle_farmers() 3465 /* NOT_REACHED */ 3466 return 0;/* Keep the compiler happy. */ 3467 } 3468 3469 int th_num_idle_farmers(void) 3470 {
CID 1601765: Concurrent data access violations (MISSING_LOCK) Accessing "_num_idle_farmers" without holding lock "rosie". Elsewhere, "_num_idle_farmers" is written to with "rosie" held 3 out of 3 times.
3471 return _num_idle_farmers; 3472 } 3473 3474 3475 int th_num_farmers(void) 3476 {
** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply()
________________________________________________________________________________________________________ *** CID 1601764: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gdkdragcontext.pre: 63 in pgdk2_drag_context_drop_reply() 57 58 void drop_reply(int ok) 59 //! Drop reply. 60 { 61 INT_TYPE t,o; 62 get_all_args("reply",args,"%i",&o);
CID 1601764: High impact quality (Y2K38_SAFETY) A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "guint32".
63 gdk_drop_reply((GdkDragContext *)THIS->obj,o,time(NULL)); 64 RETURN_THIS(); 65 } 66 67 void drag_set_icon_widget(GTK2.Widget widget, int hot_x, int hot_y) 68 //! Set the drag widget. This is a widget that will be shown, and then
** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time()
________________________________________________________________________________________________________ *** CID 1601762: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 47 in pgnome2_date_edit_get_initial_time() 41 //! Get the flags. 42 43 int get_initial_time(); 44 //! Queries the initial time that was set using set_time() or during creation. 45 46
CID 1601762: High impact quality (Y2K38_SAFETY) A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_initial_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint".
** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6077 in f_count_memory() /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6097 in f_count_memory() /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6100 in f_count_memory() /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6071 in f_count_memory()
________________________________________________________________________________________________________ *** CID 1601758: (CONSTANT_EXPRESSION_RESULT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6077 in f_count_memory() 6071 DO_AGGREGATE_ARRAY (120); 6072 } 6073 } 6074 if (list == &mc_incomplete) list = &mc_indirect; 6075 else break; 6076 }
CID 1601758: (CONSTANT_EXPRESSION_RESULT) "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment.
6077 } END_AGGREGATE_ARRAY; 6078 args++; 6079 mapping_string_insert (opts, ind, Pike_sp - 1); 6080 } 6081 6082 MAKE_CONST_STRING (ind, "collect_direct_externals"); /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6097 in f_count_memory() 6091 assert (m->flags & MC_FLAG_LA_VISITED); 6092 if (type <= MAX_TYPE) { 6093 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6094 add_ref ((struct ref_dummy *) m->thing); 6095 dmalloc_touch_svalue (Pike_sp); 6096 Pike_sp++;
CID 1601758: (CONSTANT_EXPRESSION_RESULT) "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment.
6097 DO_AGGREGATE_ARRAY (120); 6098 } 6099 } 6100 } END_AGGREGATE_ARRAY; 6101 args++; 6102 mapping_string_insert (opts, ind, Pike_sp - 1); /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6100 in f_count_memory() 6094 add_ref ((struct ref_dummy *) m->thing); 6095 dmalloc_touch_svalue (Pike_sp); 6096 Pike_sp++; 6097 DO_AGGREGATE_ARRAY (120); 6098 } 6099 }
CID 1601758: (CONSTANT_EXPRESSION_RESULT) "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment.
6100 } END_AGGREGATE_ARRAY; 6101 args++; 6102 mapping_string_insert (opts, ind, Pike_sp - 1); 6103 } 6104 } 6105 /home/covbuilder/pike/Pike-v8.0-snapshot/src/gc.c: 6071 in f_count_memory() 6065 assert (m->flags & MC_FLAG_LA_VISITED); 6066 if (type <= MAX_TYPE) { 6067 SET_SVAL(*Pike_sp, type, 0, ptr, m->thing); 6068 add_ref ((struct ref_dummy *) m->thing); 6069 dmalloc_touch_svalue (Pike_sp); 6070 Pike_sp++;
CID 1601758: (CONSTANT_EXPRESSION_RESULT) "base__[-1].u.array->type_field | (65535 /* 0xff7f | (1 << 7) */)" is always 0xffff regardless of the values of its operands. This occurs as the operand of assignment.
6071 DO_AGGREGATE_ARRAY (120); 6072 } 6073 } 6074 if (list == &mc_incomplete) list = &mc_indirect; 6075 else break; 6076 }
** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time()
________________________________________________________________________________________________________ *** CID 1601755: High impact quality (Y2K38_SAFETY) /home/covbuilder/pike/Pike-v8.0-snapshot/src/post_modules/GTK2/source/gnomedateedit.pre: 34 in pgnome2_date_edit_get_time() 28 //! be the one represented by the_time. 29 30 int get_time(); 31 //! Return the time entered in the widget. 32 33 void set_popup_range(int low_hour, int up_hour);
CID 1601755: High impact quality (Y2K38_SAFETY) A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "gnome_date_edit_get_time((GnomeDateEdit *)g_type_check_instance_cast((GTypeInstance *)((struct object_wrapper *)Pike_interpreter_pointer->frame_pointer->current_storage)->obj, gnome_date_edit_get_type()))" is cast to "gint".
34 //! Sets the range of times that will be provide by the time popup 35 //! selectors. 36 37 void set_flags(int flags); 38 //! Bitwise or of CONST(GNOME_DATE_EDIT_). 39
** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/timeout.c: 230 in aap_exit_timeouts()
________________________________________________________________________________________________________ *** CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/timeout.c: 230 in aap_exit_timeouts() 224 #ifdef AAP_DEBUG 225 fprintf(stderr, "AAP: aap_exit_timeouts.\n"); 226 #endif /* AAP_DEBUG */ 227 THREADS_ALLOW(); 228 mt_lock (&aap_timeout_mutex); 229 aap_time_to_die = 1;
CID 1601754: Program hangs (BAD_CHECK_OF_WAIT_COND) The wait condition prompting the wait upon "aap_timeout_mutex" is not checked correctly. This code can wait for a condition that has already been satisfied, which can cause a never-ending wait.
230 co_wait (&aap_timeout_thread_is_dead, &aap_timeout_mutex); 231 mt_unlock (&aap_timeout_mutex); 232 THREADS_DISALLOW(); 233 mt_destroy (&aap_timeout_mutex); 234 co_destroy (&aap_timeout_thread_is_dead); 235 #ifdef AAP_DEBUG
** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/log.c: 117 in f_aap_log_exists()
________________________________________________________________________________________________________ *** CID 1601753: Concurrent data access violations (MISSING_LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/HTTPLoop/log.c: 117 in f_aap_log_exists() 111 f_aggregate(n); 112 } 113 } 114 115 void f_aap_log_exists(INT32 UNUSED(args)) 116 {
CID 1601753: Concurrent data access violations (MISSING_LOCK) Accessing "((struct args *)Pike_interpreter_pointer->frame_pointer->current_storage)->log->log_head" without holding lock "log.log_lock". Elsewhere, "log.log_head" is written to with "log.log_lock" held 5 out of 5 times.
117 if(LTHIS->log->log_head) 118 push_int(1); 119 else 120 push_int(0); 121 } 122
** CID 1601752: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________ *** CID 1601752: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/ilbm.c: 541 in image_ilbm__decode() 535 push_object(clone_object(image_colortable_program,1)); 536 ctable=get_storage(sp[-1].u.object, 537 image_colortable_program); 538 n++; 539 } 540
CID 1601752: Insecure data handling (TAINTED_SCALAR) Passing tainted expression "bmhd.h" to "parse_body", which uses it as a loop boundary.
541 parse_body(&bmhd, STR0(ITEM(arr)[5].u.string), ITEM(arr)[5].u.string->len, 542 img, alpha, ctable, !!(camg & CAMG_HAM)); 543 544 f_aggregate_mapping(2*n); 545 stack_swap(); 546 pop_stack();
** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_WhiteFish/blob.c: 122 in wf_blob_hit()
________________________________________________________________________________________________________ *** CID 1601751: Uninitialized variables (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_WhiteFish/blob.c: 122 in wf_blob_hit() 116 { 117 Hit hit; 118 if( b->eof ) 119 { 120 hit.type = HIT_NOTHING; 121 hit.raw = 0;
CID 1601751: Uninitialized variables (UNINIT) Using uninitialized value "hit". Field "hit.u" is uninitialized.
122 return hit; 123 } 124 else 125 { 126 int off = b->b->rpos + 5 + n*2; 127 unsigned char h = b->b->data[ off ];
** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 703 in init_gz_deflate()
________________________________________________________________________________________________________ *** CID 1601750: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 703 in init_gz_deflate() 697 mt_init(& THIS->lock); 698 memset(& THIS->gz, 0, sizeof(THIS->gz)); 699 THIS->gz.zalloc=Z_NULL; 700 THIS->gz.zfree=Z_NULL; 701 THIS->gz.opaque=(void *)THIS; 702 THIS->state=0;
CID 1601750: Error handling issues (CHECKED_RETURN) Calling "deflateInit_(&((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->gz, ((struct zipper *)Pike_interpreter_pointer->frame_pointer->current_storage)->level = -1, "1.2.8", 112)" without checking return value. It wraps a library function that may fail and return an error code.
703 deflateInit(& THIS->gz, THIS->level = Z_DEFAULT_COMPRESSION); 704 THIS->epilogue = NULL; 705 } 706 707 static void exit_gz_deflate(struct object *UNUSED(o)) 708 {
** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_Stdio/sendfile.c: 692 in low_do_sendfile()
________________________________________________________________________________________________________ *** CID 1601749: Memory - corruptions (OVERRUN) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/_Stdio/sendfile.c: 692 in low_do_sendfile() 686 len = DO_NOT_WARN ((ptrdiff_t) this->len); 687 while ((buflen = fd_read(this->from_fd, this->buffer, len)) > 0) { 688 char *buf = this->buffer; 689 this->len -= buflen; 690 this->offset += buflen; 691 while (buflen) {
CID 1601749: Memory - corruptions (OVERRUN) Calling "write" with "buf" and "buflen" is suspicious because of the very large index, 9223372036854775807. The index may be due to a negative parameter being interpreted as unsigned.
692 ptrdiff_t wrlen = fd_write(this->to_fd, buf, buflen); 693 if ((wrlen < 0) && (errno == EINTR)) { 694 continue; 695 } else if (wrlen < 0) { 696 goto send_trailers; 697 }
** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 987 in low_init_threads_disable()
________________________________________________________________________________________________________ *** CID 1601748: Data race undermines locking (LOCK_EVASION) /home/covbuilder/pike/Pike-v8.0-snapshot/src/threads.c: 987 in low_init_threads_disable() 981 } 982 } 983 984 THREADS_FPRINTF(0, (stderr, 985 "low_init_threads_disable(): Disabling threads.\n")); 986
CID 1601748: Data race undermines locking (LOCK_EVASION) Thread1 sets "threads_disabled" to a new value. Now the two threads have an inconsistent view of "threads_disabled" and updates to fields correlated with "threads_disabled" may be lost.
987 threads_disabled = 1; 988 threads_disabled_start = get_real_time(); 989 #ifdef PIKE_DEBUG 990 threads_disabled_thread = th_self(); 991 #endif 992 } else {
** CID 1601745: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/DVB/dvb.c: 860 in f_parse_pat()
________________________________________________________________________________________________________ *** CID 1601745: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/DVB/dvb.c: 860 in f_parse_pat() 854 if (n < 2) { 855 push_int(0); 856 return; 857 } 858 859 length = ((buffer[2] & 0x0F) << 8) | buffer[3];
CID 1601745: Insecure data handling (TAINTED_SCALAR) Using tainted variable "length - 4" as a loop boundary.
860 for (index=9; index<length-4 && index<184; index +=4) 861 { 862 p = (buffer[index] << 8) | buffer[index+1]; 863 push_int(p); 864 pid = ((buffer[index+2] << 8) | buffer[index+3]) & 0x1FFF; 865 push_int(pid);
** CID 1601744: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 923 in i_img_bmp__decode()
________________________________________________________________________________________________________ *** CID 1601744: Insecure data handling (TAINTED_SCALAR) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 923 in i_img_bmp__decode() 917 } 918 break; 919 default: 920 #ifdef RLE_DEBUG 921 fprintf(stderr,"rle data %02x %02x\n",s[0],s[1]); 922 #endif
CID 1601744: Insecure data handling (TAINTED_SCALAR) Using tainted variable "s[0]" as a loop boundary.
923 for (i=0; i<s[0] && d<maxd; i++) 924 if (s[1] > nct->u.flat.numentries) 925 d++; 926 else 927 *(d++) = nct->u.flat.entries[s[1]].color; 928 break;
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2B...