Hi,
Please find the latest report on new defect(s) introduced to Pike-stable found with Coverity Scan.
7 new defect(s) introduced to Pike-stable found with Coverity Scan. 13 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 7 of 7 defect(s)
** CID 1402583: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 841 in o_cast()
________________________________________________________________________________________________________ *** CID 1402583: Control flow issues (DEADCODE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/operators.c: 841 in o_cast() 835 #ifdef PIKE_DEBUG 836 struct svalue *save_sp=sp+1; 837 #endif 838 839 ptrdiff_t nodepos; 840 if (multiset_indval (tmp))
CID 1402583: Control flow issues (DEADCODE) Execution cannot reach this statement: "Pike_error("FIXME: Casting ...".
841 Pike_error ("FIXME: Casting not implemented for multisets with values.\n"); 842 push_multiset (m = allocate_multiset (multiset_sizeof (tmp), 843 multiset_get_flags (tmp), 844 multiset_get_cmp_less (tmp))); 845 846 SET_CYCLIC_RET(m);
** CID 1400859: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 744 in i_img_bmp__decode() /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 757 in i_img_bmp__decode()
________________________________________________________________________________________________________ *** CID 1400859: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 744 in i_img_bmp__decode() 738 push_string(make_shared_binary_string((char *)s,(4<<bpp))); 739 push_int(2); 740 push_object(o=clone_object(image_colortable_program,2)); 741 nct=get_storage(o,image_colortable_program); 742 743 s+=(4<<bpp);
CID 1400859: (UNUSED_VALUE) Assigning value from "len - (4 << bpp)" to "len" here, but that stored value is overwritten before it can be used.
744 len-=(4<<bpp); 745 } 746 else 747 { 748 if ((3<<bpp)>len) 749 Pike_error("Image.BMP.decode: unexpected EOF in palette\n"); /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 757 in i_img_bmp__decode() 751 push_string(make_shared_binary_string((char *)s,(3<<bpp))); 752 push_int(1); 753 push_object(o=clone_object(image_colortable_program,2)); 754 nct=get_storage(o,image_colortable_program); 755 756 s+=(3<<bpp);
CID 1400859: (UNUSED_VALUE) Assigning value from "len - (3 << bpp)" to "len" here, but that stored value is overwritten before it can be used.
757 len-=(3<<bpp); 758 } 759 760 n++; 761 } 762
** CID 1400858: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 743 in i_img_bmp__decode() /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 756 in i_img_bmp__decode()
________________________________________________________________________________________________________ *** CID 1400858: (UNUSED_VALUE) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 743 in i_img_bmp__decode() 737 738 push_string(make_shared_binary_string((char *)s,(4<<bpp))); 739 push_int(2); 740 push_object(o=clone_object(image_colortable_program,2)); 741 nct=get_storage(o,image_colortable_program); 742
CID 1400858: (UNUSED_VALUE) Assigning value from "s + (4 << bpp)" to "s" here, but that stored value is overwritten before it can be used.
743 s+=(4<<bpp); 744 len-=(4<<bpp); 745 } 746 else 747 { 748 if ((3<<bpp)>len) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/encodings/bmp.c: 756 in i_img_bmp__decode() 750 751 push_string(make_shared_binary_string((char *)s,(3<<bpp))); 752 push_int(1); 753 push_object(o=clone_object(image_colortable_program,2)); 754 nct=get_storage(o,image_colortable_program); 755
CID 1400858: (UNUSED_VALUE) Assigning value from "s + (3 << bpp)" to "s" here, but that stored value is overwritten before it can be used.
756 s+=(3<<bpp); 757 len-=(3<<bpp); 758 } 759 760 n++; 761 }
** CID 1400857: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 4113 in image_apply_curve() /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 4193 in image_apply_curve()
________________________________________________________________________________________________________ *** CID 1400857: (UNINIT) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 4113 in image_apply_curve() 4107 pop_n_elems( args ); 4108 image_apply_curve_3( curve ); 4109 return; 4110 } 4111 case 2: 4112 {
CID 1400857: (UNINIT) Declaring variable "curve" without initializer.
4113 unsigned char curve[256]; 4114 int chan = 0, co = 0; 4115 struct object *o; 4116 4117 if( TYPEOF(sp[-args]) != T_STRING ) 4118 SIMPLE_BAD_ARG_ERROR("apply_curve", 1, "string"); /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Image/image.c: 4193 in image_apply_curve() 4187 pop_stack(); 4188 } 4189 return; 4190 } 4191 case 1: 4192 {
CID 1400857: (UNINIT) Declaring variable "curve" without initializer.
4193 unsigned char curve[256]; 4194 if( TYPEOF(sp[-args]) != T_ARRAY || 4195 sp[-args].u.array->size != 256 ) 4196 bad_arg_error("apply_curve", 4197 sp-args, args, 0, "", sp-args, 4198 "Bad arguments to apply_curve.\n" );
** CID 1400856: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 966 in low_zlibmod_unpack()
________________________________________________________________________________________________________ *** CID 1400856: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 966 in low_zlibmod_unpack() 960 else 961 Pike_error("Failed to initialize Gz.uncompress (%d).\n", ret); 962 } 963 964 mt_init(&z.lock); 965 ret = do_inflate(buf, &z, Z_SYNC_FLUSH);
CID 1400856: API usage errors (LOCK) "pthread_mutex_destroy" destroys "z.lock" while it is locked.
966 mt_destroy(&z.lock); 967 inflateEnd( &z.gz ); 968 969 if(ret==Z_OK) 970 Pike_error("Compressed data is truncated.\n"); 971 if(ret!=Z_STREAM_END)
** CID 1400855: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 448 in low_zlibmod_pack()
________________________________________________________________________________________________________ *** CID 1400855: API usage errors (LOCK) /home/covbuilder/pike/Pike-v8.0-snapshot/src/modules/Gz/zlibmod.c: 448 in low_zlibmod_pack() 442 443 mt_init(&z.lock); 444 445 ret = do_deflate(buf, &z, Z_FINISH); 446 447 deflateEnd(&z.gz);
CID 1400855: API usage errors (LOCK) "pthread_mutex_destroy" destroys "z.lock" while it is locked.
448 mt_destroy(&z.lock); 449 450 if(ret != Z_STREAM_END) 451 Pike_error("Error while deflating data (%d).\n",ret); 452 } 453
** CID 1400854: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v8.0-snapshot/src/array.c: 95 in real_allocate_array()
________________________________________________________________________________________________________ *** CID 1400854: Insecure data handling (INTEGER_OVERFLOW) /home/covbuilder/pike/Pike-v8.0-snapshot/src/array.c: 95 in real_allocate_array() 89 /* Limits size to (1<<29)-4 */ 90 if( (size_t)(size+extra_space-1) > 91 (LONG_MAX-sizeof(struct array))/sizeof(struct svalue) ) 92 Pike_error("Too large array (size %ld exceeds %ld).\n", 93 (long)(size+extra_space-1), 94 (long)((LONG_MAX-sizeof(struct array))/sizeof(struct svalue)) );
CID 1400854: Insecure data handling (INTEGER_OVERFLOW) Overflowed or truncated value (or a value computed from an overflowed or truncated value) "64UL + (size + extra_space - 1L) * 16UL" used as critical argument to function.
95 v=malloc(sizeof(struct array)+ 96 (size+extra_space-1)*sizeof(struct svalue)); 97 if(!v) 98 Pike_error(msg_out_of_mem_2, sizeof(struct array)+ 99 (size+extra_space-1)*sizeof(struct svalue)); 100
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
To manage Coverity Scan email notifications for "pike-automation@lists.lysator.liu.se", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05...
pike-automation@lists.lysator.liu.se