Hi,
Please find the latest report on new defect(s) introduced to Pike-master found with Coverity Scan.
8 new defect(s) introduced to Pike-master found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 8 of 8 defect(s)
** CID 1400859: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/encodings/bmp.c: 748 in i_img_bmp__decode() /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/encodings/bmp.c: 761 in i_img_bmp__decode()
________________________________________________________________________________________________________ *** CID 1400859: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/encodings/bmp.c: 748 in i_img_bmp__decode() 742 push_string(make_shared_binary_string((char *)s,(4<<bpp))); 743 push_int(2); 744 push_object(o=clone_object(image_colortable_program,2)); 745 nct=get_storage(o,image_colortable_program); 746 747 s+=(4<<bpp);
CID 1400859: (UNUSED_VALUE) Assigning value from "len - (4 << bpp)" to "len" here, but that stored value is overwritten before it can be used.
748 len-=(4<<bpp); 749 } 750 else 751 { 752 if ((3<<bpp)>len) 753 Pike_error("Image.BMP.decode: unexpected EOF in palette\n"); /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/encodings/bmp.c: 761 in i_img_bmp__decode() 755 push_string(make_shared_binary_string((char *)s,(3<<bpp))); 756 push_int(1); 757 push_object(o=clone_object(image_colortable_program,2)); 758 nct=get_storage(o,image_colortable_program); 759 760 s+=(3<<bpp);
CID 1400859: (UNUSED_VALUE) Assigning value from "len - (3 << bpp)" to "len" here, but that stored value is overwritten before it can be used.
761 len-=(3<<bpp); 762 } 763 764 n++; 765 } 766
** CID 1400858: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/encodings/bmp.c: 747 in i_img_bmp__decode() /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/encodings/bmp.c: 760 in i_img_bmp__decode()
________________________________________________________________________________________________________ *** CID 1400858: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/encodings/bmp.c: 747 in i_img_bmp__decode() 741 742 push_string(make_shared_binary_string((char *)s,(4<<bpp))); 743 push_int(2); 744 push_object(o=clone_object(image_colortable_program,2)); 745 nct=get_storage(o,image_colortable_program); 746
CID 1400858: (UNUSED_VALUE) Assigning value from "s + (4 << bpp)" to "s" here, but that stored value is overwritten before it can be used.
747 s+=(4<<bpp); 748 len-=(4<<bpp); 749 } 750 else 751 { 752 if ((3<<bpp)>len) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/encodings/bmp.c: 760 in i_img_bmp__decode() 754 755 push_string(make_shared_binary_string((char *)s,(3<<bpp))); 756 push_int(1); 757 push_object(o=clone_object(image_colortable_program,2)); 758 nct=get_storage(o,image_colortable_program); 759
CID 1400858: (UNUSED_VALUE) Assigning value from "s + (3 << bpp)" to "s" here, but that stored value is overwritten before it can be used.
760 s+=(3<<bpp); 761 len-=(3<<bpp); 762 } 763 764 n++; 765 }
** CID 1400857: (UNINIT) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/image.c: 4152 in image_apply_curve() /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/image.c: 4232 in image_apply_curve()
________________________________________________________________________________________________________ *** CID 1400857: (UNINIT) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/image.c: 4152 in image_apply_curve() 4146 pop_n_elems( args ); 4147 image_apply_curve_3( curve ); 4148 return; 4149 } 4150 case 2: 4151 {
CID 1400857: (UNINIT) Declaring variable "curve" without initializer.
4152 unsigned char curve[256]; 4153 int chan = 0, co = 0; 4154 struct object *o; 4155 4156 if( TYPEOF(sp[-args]) != T_STRING ) 4157 SIMPLE_ARG_TYPE_ERROR("apply_curve", 1, "string"); /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Image/image.c: 4232 in image_apply_curve() 4226 pop_stack(); 4227 } 4228 return; 4229 } 4230 case 1: 4231 {
CID 1400857: (UNINIT) Declaring variable "curve" without initializer.
4232 unsigned char curve[256]; 4233 if( TYPEOF(sp[-args]) != T_ARRAY || 4234 sp[-args].u.array->size != 256 ) 4235 bad_arg_error("apply_curve", 4236 sp-args, args, 0, "", sp-args, 4237 "Bad arguments to apply_curve.\n" );
** CID 1400856: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Gz/zlibmod.c: 948 in low_zlibmod_unpack()
________________________________________________________________________________________________________ *** CID 1400856: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Gz/zlibmod.c: 948 in low_zlibmod_unpack() 942 else 943 Pike_error("Failed to initialize Gz.uncompress (%d).\n", ret); 944 } 945 946 mt_init(&z.lock); 947 ret = do_inflate(buf, &z, Z_SYNC_FLUSH);
CID 1400856: API usage errors (LOCK) "pthread_mutex_destroy" destroys "z.lock" while it is locked.
948 mt_destroy(&z.lock); 949 inflateEnd( &z.gz ); 950 951 if(ret==Z_OK) 952 Pike_error("Compressed data is truncated.\n"); 953 if(ret!=Z_STREAM_END)
** CID 1400855: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Gz/zlibmod.c: 447 in low_zlibmod_pack()
________________________________________________________________________________________________________ *** CID 1400855: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.1-snapshot/src/modules/Gz/zlibmod.c: 447 in low_zlibmod_pack() 441 442 mt_init(&z.lock); 443 444 ret = do_deflate(buf, &z, Z_FINISH); 445 446 deflateEnd(&z.gz);
CID 1400855: API usage errors (LOCK) "pthread_mutex_destroy" destroys "z.lock" while it is locked.
447 mt_destroy(&z.lock); 448 449 if(ret != Z_STREAM_END) 450 Pike_error("Error while deflating data (%d).\n",ret); 451 } 452
** CID 1400854: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v8.1-snapshot/src/array.c: 97 in real_allocate_array()
________________________________________________________________________________________________________ *** CID 1400854: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v8.1-snapshot/src/array.c: 97 in real_allocate_array() 91 /* Limits size to (1<<29)-4 */ 92 if( (size_t)(size+extra_space-1) > 93 (LONG_MAX-sizeof(struct array))/sizeof(struct svalue) ) 94 Pike_error("Too large array (size %ld exceeds %ld).\n", 95 (long)(size+extra_space-1), 96 (long)((LONG_MAX-sizeof(struct array))/sizeof(struct svalue)) );
CID 1400854: Insecure data handling (INTEGER_OVERFLOW) Overflowed or truncated value (or a value computed from an overflowed or truncated value) "56UL + (size + extra_space - 1L) * 16UL" used as critical argument to function.
97 v=malloc(sizeof(struct array)+ 98 (size+extra_space-1)*sizeof(struct svalue)); 99 if(!v) 100 Pike_error(msg_out_of_mem_2, sizeof(struct array)+ 101 (size+extra_space-1)*sizeof(struct svalue)); 102
** CID 1400853: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 2255 in o_subtract()
________________________________________________________________________________________________________ *** CID 1400853: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v8.1-snapshot/src/operators.c: 2255 in o_subtract() 2249 return; 2250 2251 case T_INT: 2252 if(INT_TYPE_SUB_OVERFLOW(sp[-2].u.integer, sp[-1].u.integer)) 2253 { 2254 convert_stack_top_to_bignum();
CID 1400853: Error handling issues (CHECKED_RETURN) Calling "call_lfun" without checking return value (as is done elsewhere 18 out of 22 times).
2255 call_lfun(LFUN_SUBTRACT, LFUN_RSUBTRACT); 2256 return; 2257 } 2258 sp--; 2259 SET_SVAL(sp[-1], PIKE_T_INT, NUMBER_NUMBER, integer, 2260 sp[-1].u.integer - sp[0].u.integer);
** CID 1400852: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v8.1-snapshot/src/post_modules/Nettle/hogweed.cmod: 422 in f_Nettle_ECC_Curve_create()
________________________________________________________________________________________________________ *** CID 1400852: Error handling issues (CHECKED_RETURN) /home/covbuilder/pike/Pike-v8.1-snapshot/src/post_modules/Nettle/hogweed.cmod: 422 in f_Nettle_ECC_Curve_create() 416 Pike_error("Invalid curve\n"); 417 break; 418 } 419 420 ecc_scalar_init(&THIS->scalar_one, THIS->curve); 421 mpz_init_set_si(mpz_one, 1);
CID 1400852: Error handling issues (CHECKED_RETURN) Calling "nettle_ecc_scalar_set" without checking return value (as is done elsewhere 4 out of 5 times).
422 ecc_scalar_set(&THIS->scalar_one, mpz_one); 423 mpz_clear(mpz_one); 424 } 425 426 /*! @decl protected local int(0..1) `==(mixed x) 427 *!
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
To manage Coverity Scan email notifications for "pike-automation@lists.lysator.liu.se", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...