On 05/30/2011 09:27 PM, Rocky Bernstein wrote:
The patches you attached have been applied with some changes.
Some changes were needed because you patched against the last release
version rather than the current git sources.
One change to lib/driver/gnu_linux.c was:
+ if ( mnt_dev&& mnt_dev ) {
which is weird to test against the same thing. I assume you meant:
+ if ( mnt_type&& mnt_dev ) {
Yes, that was a mistake.
I don't have the Coverty static analysis tool. So please check over the
current git sources to see if brings up any problems that might have been
introduced since 0.82 or in my applying the patches with changes.
The attached file libcdio-20110531-hhorak.patch fixes another two issues
found in current git source.
Nevertheless, there are more problems reported by Coverity, but the rest
of them I consider not relevant or even false positive. The log is
attached for further investigation too.
Cheers,
Honza
diff -up libcdio/lib/iso9660/iso9660_fs.c.staticanal3
libcdio/lib/iso9660/iso9660_fs.c
--- libcdio/lib/iso9660/iso9660_fs.c.staticanal3 2011-05-31
15:08:31.625037602 +0200
+++ libcdio/lib/iso9660/iso9660_fs.c 2011-05-31 15:11:02.802037559 +0200
@@ -799,6 +799,7 @@ _iso9660_dir_to_statbuf (iso9660_dir_t *
free(p_psz_out);
}
else {
+ free(p_stat);
return NULL;
}
}
diff -up libcdio/src/iso-info.c.staticanal3 libcdio/src/iso-info.c
--- libcdio/src/iso-info.c.staticanal3 2011-05-31 15:22:35.613037362 +0200
+++ libcdio/src/iso-info.c 2011-05-31 15:22:51.131037358 +0200
@@ -212,7 +212,6 @@ print_iso9660_recurse (iso9660_t *p_iso,
free(translated_name);
free(dirlist);
report( stderr, "Error getting above directory information\n" );
- free(translated_name);
return;
}
Error: CONSTANT_EXPRESSION_RESULT:
libcdio/upstream-git/libcdio/lib/driver/mmc/mmc.c:417:
result_independent_of_operands: i_blocksize >> 16 is 0 regardless of the values
of its operands. This occurs as the bitwise first operand of '&'.
Error: DEADCODE:
libcdio/upstream-git/libcdio/lib/iso9660/iso9660_fs.c:772:
dead_error_condition: On this path, the condition "i_rr_fname > 0" cannot be
true.
libcdio/upstream-git/libcdio/lib/iso9660/iso9660_fs.c:765:
const: After this line, the value of "i_rr_fname" is equal to 0.
libcdio/upstream-git/libcdio/lib/iso9660/iso9660_fs.c:765:
assignment: Assigning: "i_rr_fname" = "0".
libcdio/upstream-git/libcdio/lib/iso9660/iso9660_fs.c:773:
dead_error_line: Execution cannot reach this statement "if (i_rr_fname >
i_fname){
...".
Error: EVALUATION_ORDER:
libcdio/upstream-git/libcdio/lib/driver/mmc/mmc_hl_cmds.c:80:
write_write_order: In "*b_erasable = ((0 == i_status) ? *b_erasable = ((buf[2]
& 0x10) ? 1 : 0) : 0)", "*b_erasable" is written in "*b_erasable" (the
assignment left-hand side) and written in "(0 == i_status) ? *b_erasable =
((buf[2] & 0x10) ? 1 : 0) : 0" but the order in which the side effects take
place is undefined because there is no intervening sequence point.
Error: NO_EFFECT:
libcdio/upstream-git/libcdio/lib/iso9660/iso9660.c:362:
bad_memset: Memset with fill value '0'. Did you want 0? "memset(_pvd_date, 48,
16UL)".
Error: OVERRUN_DYNAMIC:
libcdio/upstream-git/libcdio/lib/cdda_interface/utils.c:158:
buffer_alloc: Calling allocating function "calloc" which allocated "add_len"
items of size "1UL" bytes.
libcdio/upstream-git/libcdio/lib/cdda_interface/utils.c:158:
var_assign: Assigning: "buff" = "calloc(add_len, 1UL)".
libcdio/upstream-git/libcdio/lib/cdda_interface/utils.c:160:
overrun-dbuffer-arg: Overrunning dynamic array "buff" by passing it to a
function that indexes it with "add_len".
Error: OVERRUN_DYNAMIC:
libcdio/upstream-git/libcdio/lib/cdda_interface/utils.c:124:
buffer_alloc: Calling allocating function "malloc" which allocated memory
dictated by argument "i_buffer".
libcdio/upstream-git/libcdio/lib/cdda_interface/utils.c:124:
var_assign: Assigning: "buffer" = "malloc(i_buffer)".
libcdio/upstream-git/libcdio/lib/cdda_interface/utils.c:126:
overrun-dbuffer-arg: Overrunning dynamic array "buffer" by passing it to a
function that indexes it with "i_buffer".
Error: OVERRUN_STATIC:
libcdio/upstream-git/libcdio/example/drives.c:68:
overrun-call: Overrunning callee's array of size 13 by passing index
"DRIVER_DEVICE" of value 13 in call to function
"cdio_get_devices(DRIVER_DEVICE)".
libcdio/upstream-git/libcdio/lib/driver/device.c:581:
var_assign_parm: Assigning: local variable = parameter.
libcdio/upstream-git/libcdio/lib/driver/device.c:582:
index_local_in_call: Called function indexes copy of parameter.
libcdio/upstream-git/libcdio/lib/driver/device.c:601:
index_parm: Directly indexing parameter.
Error: OVERRUN_STATIC:
libcdio/upstream-git/libcdio/lib/driver/cdtext.c:235:
assignment: Assigning: "j" = "0".
libcdio/upstream-git/libcdio/lib/driver/cdtext.c:235:
assignment: Assigning: "j" = "j += 2".
libcdio/upstream-git/libcdio/lib/driver/cdtext.c:236:
overrun-local: Overrunning static array "p_data->text", with 12 elements, at
position 12 with index variable "j + 1".
Error: OVERRUN_STATIC:
libcdio/upstream-git/libcdio/lib/driver/device.c:926:
overrun-local: Overrunning static array "CdIo_all_drivers", with 13 elements,
at position 13 with index variable "driver_id".
Error: OVERRUN_STATIC:
libcdio/upstream-git/libcdio/src/cd-paranoia/cd-paranoia.c:1165:
overrun-buffer-arg: Overrunning static array "path" of size 256 bytes by
passing it to a function which indexes it with argument "(pos > 256) ? 256 :
pos" at byte position 256.
Error: RESOURCE_LEAK:
libcdio/upstream-git/libcdio/lib/iso9660/iso9660_fs.c:748:
alloc_fn: Calling allocation function "calloc".
libcdio/upstream-git/libcdio/lib/iso9660/iso9660_fs.c:748:
var_assign: Assigning: "p_stat" = storage returned from "calloc(1UL,
stat_len)".
libcdio/upstream-git/libcdio/lib/iso9660/iso9660_fs.c:802:
leaked_storage: Variable "p_stat" going out of scope leaks the storage it
points to.
Error: REVERSE_INULL:
libcdio/upstream-git/libcdio/lib/paranoia/paranoia.c:1734:
deref_ptr: Directly dereferencing pointer "l".
libcdio/upstream-git/libcdio/lib/paranoia/paranoia.c:1897:
check_after_deref: Dereferencing "l" before a null check.
Error: SIGN_EXTENSION:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:712:
sign_extension: Suspicious implicit sign extension: "cd->tocent[i].datasize"
with type "unsigned short" (16 bits, unsigned) is promoted in "lba *
cd->tocent[i].datasize" to type "int" (32 bits, signed), then sign-extended to
type "long" (64 bits, signed). If "lba * cd->tocent[i].datasize" is greater
than 0x7FFFFFFF, the upper bits of the result will all be 1.
Error: SIGN_EXTENSION:
libcdio/upstream-git/libcdio/lib/driver/_cdio_generic.c:510:
sign_extension: Suspicious implicit sign extension: "i_blocksize" with type
"unsigned short" (16 bits, unsigned) is promoted in "i_blocksize * i_lsn" to
type "int" (32 bits, signed), then sign-extended to type "long" (64 bits,
signed). If "i_blocksize * i_lsn" is greater than 0x7FFFFFFF, the upper bits
of the result will all be 1.
Error: SIGN_EXTENSION:
libcdio/upstream-git/libcdio/lib/driver/image/bincue.c:147:
sign_extension: Suspicious implicit sign extension: "this_track->blocksize"
with type "unsigned short" (16 bits, unsigned) is promoted in
"this_track->sec_count * this_track->blocksize" to type "int" (32 bits,
signed), then sign-extended to type "long" (64 bits, signed). If
"this_track->sec_count * this_track->blocksize" is greater than 0x7FFFFFFF, the
upper bits of the result will all be 1.
Error: SIGN_EXTENSION:
libcdio/upstream-git/libcdio/lib/driver/image/bincue.c:138:
sign_extension: Suspicious implicit sign extension: "this_track->datasize" with
type "unsigned short" (16 bits, unsigned) is promoted in "this_track->sec_count
* this_track->datasize" to type "int" (32 bits, signed), then sign-extended to
type "long" (64 bits, signed). If "this_track->sec_count *
this_track->datasize" is greater than 0x7FFFFFFF, the upper bits of the result
will all be 1.
Error: SIGN_EXTENSION:
libcdio/upstream-git/libcdio/lib/driver/image/bincue.c:148:
sign_extension: Suspicious implicit sign extension: "this_track->datasize" with
type "unsigned short" (16 bits, unsigned) is promoted in "this_track->sec_count
* this_track->datasize" to type "int" (32 bits, signed), then sign-extended to
type "long" (64 bits, signed). If "this_track->sec_count *
this_track->datasize" is greater than 0x7FFFFFFF, the upper bits of the result
will all be 1.
Error: SIGN_EXTENSION:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:164:
sign_extension: Suspicious implicit sign extension: "this_track->blocksize"
with type "unsigned short" (16 bits, unsigned) is promoted in
"this_track->sec_count * this_track->blocksize" to type "int" (32 bits,
signed), then sign-extended to type "long" (64 bits, signed). If
"this_track->sec_count * this_track->blocksize" is greater than 0x7FFFFFFF, the
upper bits of the result will all be 1.
Error: SIGN_EXTENSION:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:155:
sign_extension: Suspicious implicit sign extension: "this_track->datasize" with
type "unsigned short" (16 bits, unsigned) is promoted in "this_track->sec_count
* this_track->datasize" to type "int" (32 bits, signed), then sign-extended to
type "long" (64 bits, signed). If "this_track->sec_count *
this_track->datasize" is greater than 0x7FFFFFFF, the upper bits of the result
will all be 1.
Error: SIGN_EXTENSION:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:165:
sign_extension: Suspicious implicit sign extension: "this_track->datasize" with
type "unsigned short" (16 bits, unsigned) is promoted in "this_track->sec_count
* this_track->datasize" to type "int" (32 bits, signed), then sign-extended to
type "long" (64 bits, signed). If "this_track->sec_count *
this_track->datasize" is greater than 0x7FFFFFFF, the upper bits of the result
will all be 1.
Error: SIGN_EXTENSION:
libcdio/upstream-git/libcdio/lib/driver/image/nrg.c:853:
sign_extension: Suspicious implicit sign extension: "this_track->blocksize"
with type "unsigned short" (16 bits, unsigned) is promoted in
"this_track->sec_count * this_track->blocksize" to type "int" (32 bits,
signed), then sign-extended to type "long" (64 bits, signed). If
"this_track->sec_count * this_track->blocksize" is greater than 0x7FFFFFFF, the
upper bits of the result will all be 1.
Error: SIGN_EXTENSION:
libcdio/upstream-git/libcdio/lib/driver/image/nrg.c:844:
sign_extension: Suspicious implicit sign extension: "this_track->datasize" with
type "unsigned short" (16 bits, unsigned) is promoted in "this_track->sec_count
* this_track->datasize" to type "int" (32 bits, signed), then sign-extended to
type "long" (64 bits, signed). If "this_track->sec_count *
this_track->datasize" is greater than 0x7FFFFFFF, the upper bits of the result
will all be 1.
Error: SIGN_EXTENSION:
libcdio/upstream-git/libcdio/lib/driver/image/nrg.c:854:
sign_extension: Suspicious implicit sign extension: "this_track->datasize" with
type "unsigned short" (16 bits, unsigned) is promoted in "this_track->sec_count
* this_track->datasize" to type "int" (32 bits, signed), then sign-extended to
type "long" (64 bits, signed). If "this_track->sec_count *
this_track->datasize" is greater than 0x7FFFFFFF, the upper bits of the result
will all be 1.
Error: UNINIT:
libcdio/upstream-git/libcdio/example/mmc1.c:86:
var_decl: Declaring variable "b_erasable" without initializer.
libcdio/upstream-git/libcdio/example/mmc1.c:88:
uninit_use_in_call: Using uninitialized value "b_erasable" when calling
"mmc_get_disc_erasable".
libcdio/upstream-git/libcdio/lib/driver/mmc/mmc_hl_cmds.c:80:
read_parm: Reading a parameter value.
Error: UNINIT_CTOR:
libcdio/upstream-git/libcdio/include/cdio++/cdio.hpp:41:
member_decl: Class member declaration for driver_return_code.
libcdio/upstream-git/libcdio/include/cdio++/cdio.hpp:42:
uninit_member: Non-static class member driver_return_code is not initialized in
this constructor nor in any functions that it calls.
Error: UNREACHABLE:
libcdio/upstream-git/libcdio/lib/driver/mmc/mmc.c:753:
unreachable: This code cannot be reached: "printf("MMC 2");".
Error: UNREACHABLE:
libcdio/upstream-git/libcdio/src/mmc-tool.c:235:
unreachable: This code cannot be reached: "i_blocksize = 0;".
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/example/audio.c:334:
returned_pointer: Pointer "h" returned by "strchr(optarg, 45)" is never used.
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/lib/driver/image/bincue.c:327:
returned_pointer: Pointer "psz_field" returned by "strtok(NULL, " \t\n\r")" is
never used.
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/lib/driver/image/bincue.c:638:
returned_pointer: Pointer "psz_field" returned by "strtok(NULL, " \t\n\r")" is
never used.
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:591:
returned_pointer: Pointer "psz_field" returned by "strtok(NULL, " \t\n\r")" is
never used.
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:600:
returned_pointer: Pointer "psz_field" returned by "strtok(NULL, " \t\n\r")" is
never used.
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:620:
returned_pointer: Pointer "psz_field" returned by "strtok(NULL, " \t\n\r")" is
never used.
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:724:
returned_pointer: Pointer "psz_field" returned by "strtok(NULL, " \t\n\r")" is
never used.
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:834:
returned_pointer: Pointer "psz_field" returned by "strtok(NULL, " \t\n\r")" is
never used.
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:850:
returned_pointer: Pointer "psz_field" returned by "strtok(NULL, " \t\n\r")" is
never used.
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:860:
returned_pointer: Pointer "psz_field" returned by "strtok(NULL, " \t\n\r")" is
never used.
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:877:
returned_pointer: Pointer "psz_field" returned by "strtok(NULL, " \t\n\r")" is
never used.
Error: UNUSED_VALUE:
libcdio/upstream-git/libcdio/lib/driver/image/cdrdao.c:901:
returned_pointer: Pointer "psz_field" returned by "strtok(NULL, " \t\n\r")" is
never used.
Error: USE_AFTER_FREE:
libcdio/upstream-git/libcdio/src/iso-info.c:212:
freed_arg: "free" frees "translated_name".
libcdio/upstream-git/libcdio/src/iso-info.c:215:
double_free: Calling "free" frees pointer "translated_name" which has already
been freed.
