View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000004fileGeneralpublic2018-06-17 19:552018-08-01 10:22
Reportervaloq Assigned Tochristos  
PrioritynormalSeverityminorReproducibilityN/A
Status resolvedResolutionfixed 
Summary0000004: Several issues reported by coverity
DescriptionThe static code analysis tool coverity found several issues in file

https://scan.coverity.com/projects/linuxsandboxingproject-file

Since the tool does not provide a mean to extract the result in a readable form, the details can only be accessed after login

I have attached one example issue below
TagsNo tags attached.

Activities

valoq

2018-06-17 19:55

reporter  

oobaccess (1,277 bytes)    
# apprentice.c

1117        size_t i = me->mp->type == FILE_NAME ? 1 : 0;
    1. Condition mset[i].count == mset[i].max, taking true branch.
1118        if (mset[i].count == mset[i].max) {
1119                struct magic_entry *mp;
1120
1121                mset[i].max += ALLOC_INCR;
    2. Condition (mp = (struct magic_entry *)realloc(mset[i].me, 16UL /* sizeof (*mp) */ * mset[i].max)) == NULL, taking false branch.
1122                if ((mp = CAST(struct magic_entry *,
1123                    realloc(mset[i].me, sizeof(*mp) * mset[i].max))) ==
1124                    NULL) {
1125                        file_oomem(ms, sizeof(*mp) * mset[i].max);
1126                        return -1;
1127                }
    CID 277981: Wrong sizeof argument (SIZEOF_MISMATCH) [select issue]
    CID 277982 (#1 of 1): Out-of-bounds access (OVERRUN)3. overrun-buffer-arg: Overrunning struct type magic_entry of 16 bytes by passing it to a function which accesses it at byte offset 3199 using argument 3200UL.
1128                (void)memset(&mp[mset[i].count], 0, sizeof(*mp) *
1129                    ALLOC_INCR);
1130                mset[i].me = mp;
1131        }
1132        mset[i].me[mset[i].count++] = *me;
1133        memset(me, 0, sizeof(*me));
1134        return 0;
1135}
oobaccess (1,277 bytes)   

christos

2018-06-23 16:15

manager   ~0000006

I don't see the problem with the attached code; I have asked the owners to give me access to see the rest of the coverity issues.

christos

2018-08-01 10:22

manager   ~0000030

All coverity issues have been addressed; the one mentioned here is a false-positive.

Issue History

Date Modified Username Field Change
2018-06-17 19:55 valoq New Issue
2018-06-17 19:55 valoq File Added: oobaccess
2018-06-23 16:14 christos Assigned To => christos
2018-06-23 16:14 christos Status new => assigned
2018-06-23 16:15 christos Note Added: 0000006
2018-08-01 10:22 christos Status assigned => resolved
2018-08-01 10:22 christos Resolution open => fixed
2018-08-01 10:22 christos Note Added: 0000030