which-bugs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fw: important potential issues detected covscan


From: Carlo Wood
Subject: Fw: important potential issues detected covscan
Date: Sun, 21 Mar 2021 10:10:44 +0100


Begin forwarded message:

Date: Sat, 20 Mar 2021 19:14:06 -0400 (EDT)
From: <wasser19641@gmail.com>
To: Carlo Wood <carlo@alinoe.com>
Subject: important potential issues detected covscan


Hello Carlo,

Hi,

during the package creation I ran RH internal coverity scan called
covscan on which. It is basically aggregation of static analysis tools
or compilers with static analysis, and with many compilation warnings
enabled e.g. gcc, cppcheck, shellcheck, clang etc.

The following issues are detected by covscan.

Error: CLANG_WARNING: [#def5]
which-2.21/tilde/tilde.c:198:18: warning[deadcode.DeadStores]: Although
the value stored to 'result_size' is used in the enclosing expression,
the value is never actually read from 'result_size'
#  196|     int result_size, result_index;
#  197|   
#  198|->   result_index = result_size = 0;
#  199|     result = strchr (string, '~');
#  200|     if (result)

Error: OVERRUN (CWE-119): [#def6]
which-2.21/tilde/tilde.c:274: alloc_strlen: Allocating insufficient
memory for the terminating null of the string.
#  272|     int i;
#  273|   
#  274|->   ret = (char *)xmalloc (strlen (fname));
#  275|   #if defined (__MSDOS__)
#  276|     for (i = 1; fname[i] && fname[i] != '/' && fname[i] !=
'\\'; i++)

Error: RESOURCE_LEAK (CWE-772): [#def7] [important]
which-2.21/which.c:96: alloc_fn: Storage is returned from allocation
function "xmalloc".
which-2.21/which.c:96: var_assign: Assigning: "abs_path" = storage
returned from "xmalloc(3 + name_len)".
which-2.21/which.c:97: noescape: Resource "abs_path" is not freed or
pointed-to in "strcpy". [Note: The source code implementation of the
function has been overridden by a builtin model.]
which-2.21/which.c:98: noescape: Resource "abs_path" is not freed or
pointed-to in "strcat". [Note: The source code implementation of the
function has been overridden by a builtin model.]
which-2.21/which.c:106: var_assign: Assigning: "path_list" = "abs_path".
which-2.21/which.c:107: identity_transfer: Passing "abs_path" as
argument 1 to function "strrchr", which returns an offset off that
argument. which-2.21/which.c:107: noescape: Resource "abs_path" is not
freed or pointed-to in "strrchr".
which-2.21/which.c:107: var_assign: Assigning: "p" = storage returned
from "strrchr(abs_path, 47)".
which-2.21/which.c:109: var_assign: Assigning: "name" = "p".
which-2.21/which.c:110: leaked_storage: Variable "p" going out of scope
leaks the storage it points to.
which-2.21/which.c:118: noescape: Resource "path_list" is not freed or
pointed-to in "strlen".
which-2.21/which.c:118: noescape: Resource "path_list" is not freed or
pointed-to in "strcpy". [Note: The source code implementation of the
function has been overridden by a builtin model.]
which-2.21/which.c:162: leaked_storage: Returning without freeing
"path_list" leaks the storage that it points to.
which-2.21/which.c:162: leaked_storage: Returning without freeing
"name" leaks the storage that it points to.
#  160|     }
#  161|   
#  162|->   return (found);
#  163|   }
#  164|   

Error: RESOURCE_LEAK (CWE-772): [#def8] [important]
which-2.21/which.c:102: alloc_fn: Storage is returned from allocation
function "xmalloc".
which-2.21/which.c:102: var_assign: Assigning: "abs_path" = storage
returned from "xmalloc(1 + name_len)".
which-2.21/which.c:103: noescape: Resource "abs_path" is not freed or
pointed-to in "strcpy". [Note: The source code implementation of the
function has been overridden by a builtin model.]
which-2.21/which.c:106: var_assign: Assigning: "path_list" = "abs_path".
which-2.21/which.c:107: noescape: Resource "abs_path" is not freed or
pointed-to in "strrchr".
which-2.21/which.c:118: noescape: Resource "path_list" is not freed or
pointed-to in "strlen".
which-2.21/which.c:118: noescape: Resource "path_list" is not freed or
pointed-to in "strcpy". [Note: The source code implementation of the
function has been overridden by a builtin model.]
which-2.21/which.c:162: leaked_storage: Returning without freeing
"path_list" leaks the storage that it points to.
#  160|     }
#  161|   
#  162|->   return (found);
#  163|   }
#  164|   

Error: TAINTED_SCALAR (CWE-20): [#def9]
which-2.21/which.c:552: tainted_argument: Calling function "fgets"
taints argument "*buf". [Note: The source code implementation of the
function has been overridden by a builtin model.]
which-2.21/which.c:600: tainted_data_transitive: Call to function
"strcpy" with tainted argument "buf" transitively taints "*strcpy((char
*)xmalloc(strlen(buf) + 1UL), buf)". [Note: The source code
implementation of the function has been overridden by a builtin model.]
which-2.21/which.c:600: var_assign: Assigning: "aliases[alias_count++]"
= "strcpy((char *)xmalloc(strlen(buf) + 1UL), buf)", which taints
"aliases[alias_count++]".
which-2.21/which.c:653: tainted_data: Passing tainted expression
"**aliases" to "process_alias", which uses it as a loop boundary.
which-2.21/which.c:653: remediation: Ensure that tainted values are
properly sanitized, by checking that their values are within a
permissible range. #  651|         int i;
#  652|         for (i = 0; i < alias_count; ++i)
#  653|->       process_alias(aliases[i], argc, argv, path_list,
function_start_type);
#  654|       }
#  655|     }


_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]