Chris, I don't think Coverity was pleased with your recent changes to edit.c :)
--joel ---------- Forwarded message --------- From: <scan-ad...@coverity.com> Date: Wed, Nov 23, 2022 at 1:15 AM Subject: New Defects reported by Coverity Scan for RTEMS To: <bu...@rtems.org> Hi, Please find the latest report on new defect(s) introduced to RTEMS found with Coverity Scan. 3 new defect(s) introduced to RTEMS found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1517031: Insecure data handling (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 1517031: Insecure data handling (TAINTED_SCALAR) /cpukit/libmisc/shell/main_edit.c: 1992 in redraw_screen() 1986 1987 ed->refresh = 1; 1988 } 1989 1990 static void redraw_screen(struct editor *ed) { 1991 get_console_size(ed->env); >>> CID 1517031: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted expression "ed->env" to "draw_screen", which uses it as a loop boundary. 1992 draw_screen(ed); 1993 } 1994 1995 static int quit(struct env *env) { 1996 struct editor *ed = env->current; 1997 struct editor *start = ed; ** CID 1517030: Incorrect expression (UNUSED_VALUE) /cpukit/libmisc/shell/main_edit.c: 759 in get_console_size() ________________________________________________________________________________________________________ *** CID 1517030: Incorrect expression (UNUSED_VALUE) /cpukit/libmisc/shell/main_edit.c: 759 in get_console_size() 753 struct winsize ws; 754 ioctl(0, TIOCGWINSZ, &ws); 755 env->cols = ws.ws_col; 756 env->lines = ws.ws_row - 1; 757 #elif defined(__rtems__) 758 char* e; >>> CID 1517030: Incorrect expression (UNUSED_VALUE) >>> Assigning value "25" to "env->lines" here, but that stored value is overwritten before it can be used. 759 env->lines = 25; 760 env->lines = 80; 761 e = getenv("LINES"); 762 if (e != NULL) { 763 int lines = strtol(e, 0, 10); 764 if (lines > 0) { ** CID 1517029: Insecure data handling (TAINTED_SCALAR) /cpukit/libmisc/shell/main_edit.c: 780 in get_console_size() ________________________________________________________________________________________________________ *** CID 1517029: Insecure data handling (TAINTED_SCALAR) /cpukit/libmisc/shell/main_edit.c: 780 in get_console_size() 774 } 775 #else 776 struct term *term = gettib()->proc->term; 777 env->cols = term->cols; 778 env->lines = term->lines - 1; 779 #endif >>> CID 1517029: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted expression "env->cols + 32" to "realloc", which uses it as an allocation size. [Note: The source code implementation of the function has been overridden by a builtin model.] 780 env->linebuf = realloc(env->linebuf, env->cols + LINEBUF_EXTRA); 781 } 782 783 static void outch(char c) { 784 putchar(c); 785 } ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypUUzi-2FdSNmuyRB7BEFT8xQ4-2B8hpujh0hTgQljRGId4Dg-3D-3DGr-Y_EU3W9teASMK00lBXX9WT4lsogDrkCcNZLvg-2FVxwAXMqwq-2FLY5UKW-2FhhinR3e3vpWzrDiUmhAIYAWGY8CAwDNQLbxoOK7jx4uEYuEA18jT8PboURbCG5RbwkKdUWqCHW6bgBCVvWsy6OOEx44VsgSb0-2BOSrEegH8zssvN9oWz11vOH8c4avf3tCzVLe01l2-2FFOCkw36P3laWsmnE2eaZUoA-3D-3D _______________________________________________ build mailing list bu...@rtems.org http://lists.rtems.org/mailman/listinfo/build
_______________________________________________ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel