I just ran coverity scan against the latest git code and it came up with a bunch of new defects. Maybe we should take a look at them when possible?
---------- Forwarded message ---------- From: <[email protected]> Date: Sat, Aug 15, 2015 at 3:33 PM Subject: New Defects reported by Coverity Scan for GNU Wget To: [email protected] Hi, Please find the latest report on new defect(s) introduced to GNU Wget found with Coverity Scan. 8 new defect(s) introduced to GNU Wget found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 8 of 8 defect(s) ** CID 1316412: Control flow issues (DEADCODE) /src/http.c: 2862 in metalink_from_http() ________________________________________________________________________________________________________ *** CID 1316412: Control flow issues (DEADCODE) /src/http.c: 2862 in metalink_from_http() 2856 2857 return metalink; 2858 2859 fail: 2860 /* Free all allocated memory. */ 2861 if (metalink) >>> CID 1316412: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "metalink_delete(metalink);". 2862 metalink_delete (metalink); 2863 else 2864 metalink_file_delete (mfile); 2865 return NULL; 2866 } 2867 #endif /* HAVE_METALINK */ ** CID 1316411: (FORWARD_NULL) /src/recur.c: 438 in retrieve_tree() /src/recur.c: 438 in retrieve_tree() ________________________________________________________________________________________________________ *** CID 1316411: (FORWARD_NULL) /src/recur.c: 438 in retrieve_tree() 432 if (children) 433 { 434 struct urlpos *child = children; 435 struct url *url_parsed = url_parse (url, NULL, i, true); 436 struct iri *ci; 437 char *referer_url = url; >>> CID 1316411: (FORWARD_NULL) >>> Comparing "url_parsed" to null implies that "url_parsed" might be null. 438 bool strip_auth = (url_parsed != NULL 439 && url_parsed->user != NULL); 440 assert (url_parsed != NULL); 441 442 /* Strip auth info if present */ 443 if (strip_auth) /src/recur.c: 438 in retrieve_tree() 432 if (children) 433 { 434 struct urlpos *child = children; 435 struct url *url_parsed = url_parse (url, NULL, i, true); 436 struct iri *ci; 437 char *referer_url = url; >>> CID 1316411: (FORWARD_NULL) >>> Comparing "url_parsed" to null implies that "url_parsed" might be null. 438 bool strip_auth = (url_parsed != NULL 439 && url_parsed->user != NULL); 440 assert (url_parsed != NULL); 441 442 /* Strip auth info if present */ 443 if (strip_auth) ** CID 1316410: Null pointer dereferences (FORWARD_NULL) /src/metalink.c: 430 in retrieve_from_metalink() ________________________________________________________________________________________________________ *** CID 1316410: Null pointer dereferences (FORWARD_NULL) /src/metalink.c: 430 in retrieve_from_metalink() 424 && filename != NULL && file_exists_p (filename)) 425 { 426 logprintf (LOG_VERBOSE, _("Removing %s.\n"), quote (filename)); 427 if (unlink (filename)) 428 logprintf (LOG_NOTQUIET, "unlink: %s\n", strerror (errno)); 429 } >>> CID 1316410: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "output_stream" to "fclose", which dereferences it. 430 fclose (output_stream); 431 output_stream = NULL; 432 xfree (filename); 433 } /* Iterate over files. */ 434 435 /* Restore original values. */ ** CID 1316409: Integer handling issues (NEGATIVE_RETURNS) /src/http.c: 2806 in metalink_from_http() ________________________________________________________________________________________________________ *** CID 1316409: Integer handling issues (NEGATIVE_RETURNS) /src/http.c: 2806 in metalink_from_http() 2800 /* The hash here is assumed to be base64. We need the hash in hex. 2801 Therefore we convert: base64 -> binary -> hex. */ 2802 const size_t dig_hash_str_len = strlen (dig_hash); 2803 char *bin_hash = alloca (dig_hash_str_len * 3 / 4 + 1); 2804 size_t hash_bin_len; 2805 >>> CID 1316409: Integer handling issues (NEGATIVE_RETURNS) >>> Assigning: unsigned variable "hash_bin_len" = "base64_decode". 2806 hash_bin_len = base64_decode (dig_hash, bin_hash); 2807 2808 /* One slot for me, one for zero-termination. */ 2809 mfile->checksums = 2810 xrealloc (mfile->checksums, 2811 sizeof (metalink_checksum_t *) * (hash_count + 2)); ** CID 1316408: Resource leaks (RESOURCE_LEAK) /src/retr.c: 1007 in retrieve_url() ________________________________________________________________________________________________________ *** CID 1316408: Resource leaks (RESOURCE_LEAK) /src/retr.c: 1007 in retrieve_url() 1001 RESTORE_METHOD; 1002 1003 bail: 1004 if (register_status) 1005 inform_exit_status (result); 1006 >>> CID 1316408: Resource leaks (RESOURCE_LEAK) >>> Variable "u" going out of scope leaks the storage it points to. 1007 return result; 1008 } 1009 1010 /* Find the URLs in the file and call retrieve_url() for each of them. 1011 If HTML is true, treat the file as HTML, and construct the URLs 1012 accordingly. ** CID 1316407: Resource leaks (RESOURCE_LEAK) /src/http.c: 2679 in metalink_from_http() ________________________________________________________________________________________________________ *** CID 1316407: Resource leaks (RESOURCE_LEAK) /src/http.c: 2679 in metalink_from_http() 2673 2674 sig_count++; 2675 } 2676 } 2677 } 2678 fclose (output_stream); >>> CID 1316407: Resource leaks (RESOURCE_LEAK) >>> Variable "iri" going out of scope leaks the storage it points to. 2679 } 2680 else 2681 { 2682 logputs (LOG_NOTQUIET, _("Could not create temporary file. " 2683 "Skipping signature download.\n")); 2684 } ** CID 1316406: (RESOURCE_LEAK) /src/http.c: 1277 in parse_strict_transport_security() /src/http.c: 1307 in parse_strict_transport_security() /src/http.c: 1307 in parse_strict_transport_security() ________________________________________________________________________________________________________ *** CID 1316406: (RESOURCE_LEAK) /src/http.c: 1277 in parse_strict_transport_security() 1271 if (header) 1272 { 1273 /* Process the STS header. Keys should be matched case-insensitively. */ 1274 for (; extract_param (&header, &name, &value, ';', &is_url_encoded); is_url_encoded = false) 1275 { 1276 if (BOUNDED_EQUAL_NO_CASE(name.b, name.e, "max-age")) >>> CID 1316406: (RESOURCE_LEAK) >>> Overwriting "c_max_age" in "c_max_age = strdupdelim(value.b, value.e)" >>> leaks the storage that "c_max_age" points to. 1277 c_max_age = strdupdelim (value.b, value.e); 1278 else if (BOUNDED_EQUAL_NO_CASE(name.b, name.e, "includeSubDomains")) 1279 is = true; 1280 } 1281 1282 /* pass the parsed values over */ /src/http.c: 1307 in parse_strict_transport_security() 1301 /* something weird happened */ 1302 logprintf (LOG_VERBOSE, "Could not parse String-Transport-Security header\n"); 1303 success = false; 1304 } 1305 } 1306 >>> CID 1316406: (RESOURCE_LEAK) >>> Variable "c_max_age" going out of scope leaks the storage it points to. 1307 return success; 1308 } 1309 #endif 1310 1311 /* Persistent connections. Currently, we cache the most recently used 1312 connection as persistent, provided that the HTTP server agrees to /src/http.c: 1307 in parse_strict_transport_security() 1301 /* something weird happened */ 1302 logprintf (LOG_VERBOSE, "Could not parse String-Transport-Security header\n"); 1303 success = false; 1304 } 1305 } 1306 >>> CID 1316406: (RESOURCE_LEAK) >>> Variable "c_max_age" going out of scope leaks the storage it points to. 1307 return success; 1308 } 1309 #endif 1310 1311 /* Persistent connections. Currently, we cache the most recently used 1312 connection as persistent, provided that the HTTP server agrees to ** CID 1316405: Security best practices violations (SECURE_TEMP) /src/http.c: 2611 in metalink_from_http() ________________________________________________________________________________________________________ *** CID 1316405: Security best practices violations (SECURE_TEMP) /src/http.c: 2611 in metalink_from_http() 2605 ) 2606 { 2607 /* Download the signature to a temporary file. */ 2608 FILE *_output_stream = output_stream; 2609 bool _output_stream_regular = output_stream_regular; 2610 >>> CID 1316405: Security best practices violations (SECURE_TEMP) >>> "tmpfile" creates files with predictable names, which is unsafe. 2611 output_stream = tmpfile (); 2612 if (output_stream) 2613 { 2614 struct iri *iri = iri_new (); 2615 struct url *url; 2616 int url_err; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/gnu-wget?tab=overview To manage Coverity Scan email notifications for "[email protected]", click https://scan.coverity.com/subscriptions/edit?email=darnir%40gmail.com&token=a247cf0e017fe1ea3e52680a7e0c1fcf -- Thanking You, Darshit Shah
