Hello.
We have a new run from Coverity. The first one since mid January.
I am still trying to get their system sending mails directly to our
devel list , but for now here is the forward.
If it shows problems in an area you worked on please have a look.
I for one need to look over all the exactness issues reported in here. :/
regards
Stefan Schmidt
-------- Forwarded Message --------
Subject: New Defects reported by Coverity Scan for Enlightenment
Foundation Libraries
Date: Mon, 24 Feb 2020 21:00:38 +0000 (UTC)
From: [email protected]
To: [email protected]
Hi,
Please find the latest report on new defect(s) introduced to
Enlightenment Foundation Libraries found with Coverity Scan.
38 new defect(s) introduced to Enlightenment Foundation Libraries found
with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 38 defect(s)
** CID 1419880: Insecure data handling (TAINTED_STRING)
/src/bin/exactness/recorder.c: 416 in main()
________________________________________________________________________________________________________
*** CID 1419880: Insecure data handling (TAINTED_STRING)
/src/bin/exactness/recorder.c: 416 in main()
410 eq = argv[opt_args] ? strchr(argv[opt_args], '=') : NULL;
411 if (eq)
412 {
413 char *var = malloc(eq - argv[opt_args] + 1);
414 memcpy(var, argv[opt_args], eq - argv[opt_args]);
415 var[eq - argv[opt_args]] = '\0';
CID 1419880: Insecure data handling (TAINTED_STRING)
Passing tainted string "var" to "setenv", which cannot accept tainted data.
416 setenv(var, eq + 1, 1);
417 opt_args++;
418 }
419 } while (eq);
420 _out_filename = eina_stringshare_add(dest);
421
** CID 1419879: Control flow issues (DEADCODE)
/src/bin/exactness/inspect.c: 344 in _grp_text_get()
________________________________________________________________________________________________________
*** CID 1419879: Control flow issues (DEADCODE)
/src/bin/exactness/inspect.c: 344 in _grp_text_get()
338 case EX_SCENARIO: { str = "Scenario"; break; }
339 case EX_IMAGE: { str = "Images"; break; }
340 case EX_OBJ_INFO: { str = "Objects"; break; }
341 default: { str = "Unknown"; break; }
342 }
343 sprintf(buf, "%s%s", str, compare ? " comparison" : "");
CID 1419879: Control flow issues (DEADCODE)
Execution cannot reach this statement: "eina_stringshare_del(str);".
344 if (dt == EX_FONTS_DIR) eina_stringshare_del(str);
345 return strdup(buf);
346 }
347 348 static char *
349 _scn_text_get(void *data, Evas_Object *gl, const char *part
EINA_UNUSED)
** CID 1419878: Resource leaks (RESOURCE_LEAK)
/src/bin/exactness/inspect.c: 360 in _scn_text_get()
________________________________________________________________________________________________________
*** CID 1419878: Resource leaks (RESOURCE_LEAK)
/src/bin/exactness/inspect.c: 360 in _scn_text_get()
354 if (compare)
355 {
356 _Compare_Item_Data *vv = data;
357 Exactness_Action *a1 = vv->p1;
358 Exactness_Action *a2 = vv->p2;
359 >>> CID 1419878: Resource leaks (RESOURCE_LEAK)
Variable "buf" going out of scope leaks the storage it points to.
360 if (!a1 ^ !a2) return strdup("XXXXX");
361 362 if (a1->delay_ms != a2->delay_ms)
eina_strbuf_append_printf(buf, "[+"LDIFF(%.3f)"/+"RDIFF(%.3f)"]: ",
a1->delay_ms/1000.0, a2->delay_ms/1000.0);
363 else eina_strbuf_append_printf(buf, "+%.3f: ",
a1->delay_ms / 1000.0);
364 365 if (a1->type != a2->type)
** CID 1419877: Resource leaks (RESOURCE_LEAK)
/src/bin/exactness/inspect.c: 562 in _img_content_get()
________________________________________________________________________________________________________
*** CID 1419877: Resource leaks (RESOURCE_LEAK)
/src/bin/exactness/inspect.c: 562 in _img_content_get()
556 Exactness_Image *ex_imgO = NULL;
557 exactness_image_compare(ex_img1, ex_img2, &ex_imgO);
558 559 evas_object_image_size_set(evas_img, ex_imgO->w,
ex_imgO->h);
560 evas_object_image_data_set(evas_img, ex_imgO->pixels);
561 evas_object_size_hint_min_set(img, ELM_SCALE_SIZE(300),
ELM_SCALE_SIZE(300));
CID 1419877: Resource leaks (RESOURCE_LEAK)
Variable "ex_imgO" going out of scope leaks the storage it points to.
562 }
563 else
564 {
565 if (!data)
566 {
567 efl_del(img);
** CID 1419876: Null pointer dereferences (FORWARD_NULL)
/src/bin/exactness/inspect.c: 211 in _are_images_different()
________________________________________________________________________________________________________
*** CID 1419876: Null pointer dereferences (FORWARD_NULL)
/src/bin/exactness/inspect.c: 211 in _are_images_different()
205 _are_images_different(Exactness_Image *e_img1, Exactness_Image
*e_img2)
206 {
207 unsigned int w, h;
208 int *pxs1 = NULL;
209 int *pxs2 = NULL;
210 if (!e_img1 ^ !e_img2) return EINA_TRUE;
CID 1419876: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "e_img1".
211 if (e_img1->w != e_img2->w) return EINA_TRUE;
212 if (e_img1->h != e_img2->h) return EINA_TRUE;
213 pxs1 = e_img1->pixels;
214 pxs2 = e_img2->pixels;
215 for (w = 0; w < e_img1->w; w++)
216 {
** CID 1419875: Null pointer dereferences (FORWARD_NULL)
/src/bin/exactness/inspect.c: 595 in _obj_text_get()
________________________________________________________________________________________________________
*** CID 1419875: Null pointer dereferences (FORWARD_NULL)
/src/bin/exactness/inspect.c: 595 in _obj_text_get()
589 Eina_Bool compare = !!efl_key_data_get(gl,
"_exactness_gl_compare");
590 if (compare)
591 {
592 _Compare_Item_Data *vv = data;
593 Exactness_Object *e_obj1 = vv->p1;
594 Exactness_Object *e_obj2 = vv->p2;
CID 1419875: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "e_obj1".
595 if ((!e_obj1 ^ !e_obj2) || strcmp(e_obj1->kl_name,
e_obj2->kl_name))
596 eina_strbuf_append_printf(buf,
"("LDIFF(%s)"/"RDIFF(%s)")",
597 e_obj1 ? e_obj1->kl_name : "XXXXX",
598 e_obj2 ? e_obj2->kl_name : "XXXXX");
599 else
600 eina_strbuf_append_printf(buf, "%s", e_obj1->kl_name);
** CID 1419874: Resource leaks (RESOURCE_LEAK)
/src/modules/evas/engines/software_generic/evas_engine.c: 5564 in
evgl_glShaderSource()
________________________________________________________________________________________________________
*** CID 1419874: Resource leaks (RESOURCE_LEAK)
/src/modules/evas/engines/software_generic/evas_engine.c: 5564 in
evgl_glShaderSource()
5558 free(s[--i]);
5559 free(l);
5560 free(s);
5561 5562 err:
5563 ERR("Patching Shader Failed.");
CID 1419874: Resource leaks (RESOURCE_LEAK)
Variable "s" going out of scope leaks the storage it points to.
5564 }
5565 5566 5567 static void
5568 evgl_glGetShaderPrecisionFormat(GLenum shadertype EINA_UNUSED,
GLenum precisiontype EINA_UNUSED, GLint* range, GLint* precision)
5569 {
** CID 1419873: Insecure data handling (TAINTED_STRING)
/src/bin/exactness/player.c: 1150 in main()
________________________________________________________________________________________________________
*** CID 1419873: Insecure data handling (TAINTED_STRING)
/src/bin/exactness/player.c: 1150 in main()
1144 eq = argv[opt_args] ? strchr(argv[opt_args], '=') : NULL;
1145 if (eq)
1146 {
1147 char *var = malloc(eq - argv[opt_args] + 1);
1148 memcpy(var, argv[opt_args], eq - argv[opt_args]);
1149 var[eq - argv[opt_args]] = '\0';
CID 1419873: Insecure data handling (TAINTED_STRING)
Passing tainted string "var" to "setenv", which cannot accept tainted data.
1150 setenv(var, eq + 1, 1);
1151 opt_args++;
1152 }
1153 } while (eq);
1154 1155 if (dest)
** CID 1419872: Error handling issues (CHECKED_RETURN)
/src/bin/exactness/recorder.c: 394 in main()
________________________________________________________________________________________________________
*** CID 1419872: Error handling issues (CHECKED_RETURN)
/src/bin/exactness/recorder.c: 394 in main()
388 ECORE_GETOPT_VALUE_BOOL(want_quit),
389 ECORE_GETOPT_VALUE_BOOL(want_quit),
390 ECORE_GETOPT_VALUE_BOOL(want_quit),
391 ECORE_GETOPT_VALUE_NONE
392 };
393 >>> CID 1419872: Error handling issues (CHECKED_RETURN)
Calling "ecore_evas_init" without checking return value (as is done
elsewhere 91 out of 113 times).
394 ecore_evas_init();
395 396 opt_args = ecore_getopt_parse(&optdesc, values, argc,
argv);
397 if (opt_args < 0)
398 {
399 fprintf(stderr, "Failed parsing arguments.\n");
** CID 1419871: Null pointer dereferences (REVERSE_INULL)
/src/lib/elementary/efl_ui_win.c: 3521 in _elm_win_xwin_update()
________________________________________________________________________________________________________
*** CID 1419871: Null pointer dereferences (REVERSE_INULL)
/src/lib/elementary/efl_ui_win.c: 3521 in _elm_win_xwin_update()
3515 else
3516 {
3517 if (sd->parent)
3518 {
3519 ELM_WIN_DATA_GET(sd->parent, sdp);
3520 _internal_elm_win_xwindow_get(sdp);
CID 1419871: Null pointer dereferences (REVERSE_INULL)
Null-checking "sdp" suggests that it may be null, but it has already been
dereferenced on all paths leading to the check.
3521 if (sdp)
ecore_x_icccm_transient_for_set(sd->x.xwin, sdp->x.xwin);
3522 }
3523 }
3524 3525 s = sd->title;
3526 if (!s) s = _elm_appname;
** CID 1419870: Incorrect expression (IDENTICAL_BRANCHES)
/src/modules/ecore_evas/engines/wayland/ecore_evas_wayland_common.c: 365
in _ecore_evas_wl_common_resize()
________________________________________________________________________________________________________
*** CID 1419870: Incorrect expression (IDENTICAL_BRANCHES)
/src/modules/ecore_evas/engines/wayland/ecore_evas_wayland_common.c: 365
in _ecore_evas_wl_common_resize()
359 360 if (!ee->prop.fullscreen)
361 {
362 int maxw = 0, maxh = 0;
363 int minw = 0, minh = 0;
364 >>> CID 1419870: Incorrect expression (IDENTICAL_BRANCHES)
The same code is executed regardless of whether "ee->rotation == 0 ||
ee->rotation == 180" is true, because the 'then' and 'else' branches are identical.
Should one of the branches be modified, or the entire 'if' statement replaced?
365 if (ECORE_EVAS_PORTRAIT(ee))
366 {
367 if (ee->prop.min.w > 0)
368 minw = (ee->prop.min.w);
369 if (ee->prop.min.h > 0)
370 minh = (ee->prop.min.h);
** CID 1419869: Null pointer dereferences (FORWARD_NULL)
/src/bin/exactness/inspect.c: 230 in _are_objs_different()
________________________________________________________________________________________________________
*** CID 1419869: Null pointer dereferences (FORWARD_NULL)
/src/bin/exactness/inspect.c: 230 in _are_objs_different()
224 }
225 226 static Eina_Bool
227 _are_objs_different(Exactness_Object *e_obj1, Exactness_Object
*e_obj2, Eina_Bool check_objs)
228 {
229 if (!e_obj1 ^ !e_obj2) return EINA_TRUE;
CID 1419869: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "e_obj1".
230 Eina_List *itr1 = e_obj1->children;
231 Eina_List *itr2 = e_obj2->children;
232 if (check_objs &&
233 (strcmp(e_obj1->kl_name, e_obj2->kl_name) ||
234 e_obj1->x != e_obj2->x || e_obj1->y != e_obj2->y ||
235 e_obj1->w != e_obj2->w || e_obj1->h != e_obj2->h))
return EINA_TRUE;
** CID 1419868: Null pointer dereferences (FORWARD_NULL)
/src/bin/exactness/inspect.c: 362 in _scn_text_get()
________________________________________________________________________________________________________
*** CID 1419868: Null pointer dereferences (FORWARD_NULL)
/src/bin/exactness/inspect.c: 362 in _scn_text_get()
356 _Compare_Item_Data *vv = data;
357 Exactness_Action *a1 = vv->p1;
358 Exactness_Action *a2 = vv->p2;
359 360 if (!a1 ^ !a2) return strdup("XXXXX");
361 >>> CID 1419868: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "a1".
362 if (a1->delay_ms != a2->delay_ms)
eina_strbuf_append_printf(buf, "[+"LDIFF(%.3f)"/+"RDIFF(%.3f)"]: ",
a1->delay_ms/1000.0, a2->delay_ms/1000.0);
363 else eina_strbuf_append_printf(buf, "+%.3f: ",
a1->delay_ms / 1000.0);
364 365 if (a1->type != a2->type)
366 eina_strbuf_append_printf(buf,
"["LDIFF(%s)"/"RDIFF(%s)"] - XXXXXX", _action_name_get(a1),
_action_name_get(a2));
367 else
** CID 1419867: Error handling issues (CHECKED_RETURN)
/src/bin/exactness/injector.c: 437 in main()
________________________________________________________________________________________________________
*** CID 1419867: Error handling issues (CHECKED_RETURN)
/src/bin/exactness/injector.c: 437 in main()
431 ECORE_GETOPT_VALUE_BOOL(want_quit),
432 ECORE_GETOPT_VALUE_BOOL(want_quit),
433 ECORE_GETOPT_VALUE_BOOL(want_quit),
434 ECORE_GETOPT_VALUE_NONE
435 };
436 >>> CID 1419867: Error handling issues (CHECKED_RETURN)
Calling "ecore_evas_init" without checking return value (as is done
elsewhere 91 out of 113 times).
437 ecore_evas_init();
438 439 opt_args = ecore_getopt_parse(&optdesc, values, argc,
argv);
440 if (opt_args < 0)
441 {
442 fprintf(stderr, "Failed parsing arguments.\n");
** CID 1419866: (RESOURCE_LEAK)
/src/bin/exactness/recorder.c: 300 in _prg_invoke()
/src/bin/exactness/player.c: 948 in _prg_invoke()
________________________________________________________________________________________________________
*** CID 1419866: (RESOURCE_LEAK)
/src/bin/exactness/recorder.c: 300 in _prg_invoke()
294 else
295 {
296 fprintf(stderr, "Failed loading symbol 'efl_main',
'elm_main' or 'main' from %s.\n", full_path);
297 eina_module_free(h);
298 real__ = 1;
299 }
CID 1419866: (RESOURCE_LEAK)
Variable "h" going out of scope leaks the storage it points to.
300 return real__;
301 }
302 303 static Eina_Stringshare *
304 _prg_full_path_guess(const char *prg)
305 {
/src/bin/exactness/player.c: 948 in _prg_invoke()
942 {
943 fprintf(stderr, "Failed loading symbol 'efl_main',
'elm_main' or 'main' from %s.\n", full_path);
944 eina_module_free(h);
945 real__ = 1;
946 }
947 >>> CID 1419866: (RESOURCE_LEAK)
Variable "h" going out of scope leaks the storage it points to.
948 return real__;
949 }
950 951 static Eina_Stringshare *
952 _prg_full_path_guess(const char *prg)
953 {
** CID 1419865: (FORWARD_NULL)
/src/bin/exactness/inspect.c: 900 in _comp_gl_selected_cb()
/src/bin/exactness/inspect.c: 893 in _comp_gl_selected_cb()
________________________________________________________________________________________________________
*** CID 1419865: (FORWARD_NULL)
/src/bin/exactness/inspect.c: 900 in _comp_gl_selected_cb()
894 }
895 896 if (vv->p2)
897 {
898 _Item_Info *ii = eina_hash_find(_item_infos_hash,
&(vv->p2));
899 if (!ii || !ii->gl_item) _obj_item_realize(vv->p2);
CID 1419865: (FORWARD_NULL)
Dereferencing null pointer "ii".
900 elm_genlist_item_selected_set(ii->gl_item, EINA_TRUE);
901 }
902 }
903 904 static void
905 _scn_item_remove(void *data, Evas_Object *menu EINA_UNUSED, void
*item EINA_UNUSED)
/src/bin/exactness/inspect.c: 893 in _comp_gl_selected_cb()
887 _comp_selected_item = event_info;
888 _Compare_Item_Data *vv =
elm_object_item_data_get(_comp_selected_item);
889 if (vv->p1)
890 {
891 _Item_Info *ii = eina_hash_find(_item_infos_hash,
&(vv->p1));
892 if (!ii || !ii->gl_item) _obj_item_realize(vv->p1);
CID 1419865: (FORWARD_NULL)
Dereferencing null pointer "ii".
893 elm_genlist_item_selected_set(ii->gl_item, EINA_TRUE);
894 }
895 896 if (vv->p2)
897 {
898 _Item_Info *ii = eina_hash_find(_item_infos_hash,
&(vv->p2));
** CID 1419864: Error handling issues (CHECKED_RETURN)
/src/bin/exactness/player.c: 1128 in main()
________________________________________________________________________________________________________
*** CID 1419864: Error handling issues (CHECKED_RETURN)
/src/bin/exactness/player.c: 1128 in main()
1122 ECORE_GETOPT_VALUE_BOOL(want_quit),
1123 ECORE_GETOPT_VALUE_BOOL(want_quit),
1124 ECORE_GETOPT_VALUE_BOOL(want_quit),
1125 ECORE_GETOPT_VALUE_NONE
1126 };
1127 >>> CID 1419864: Error handling issues (CHECKED_RETURN)
Calling "ecore_evas_init" without checking return value (as is done
elsewhere 91 out of 113 times).
1128 ecore_evas_init();
1129 1130 opt_args = ecore_getopt_parse(&optdesc, values,
argc, argv);
1131 if (opt_args < 0)
1132 {
1133 fprintf(stderr, "Failed parsing arguments.\n");
** CID 1419863: Memory - corruptions (OVERRUN)
/src/bin/exactness/player.c: 1007 in _old_shots_rm_cb()
________________________________________________________________________________________________________
*** CID 1419863: Memory - corruptions (OVERRUN)
/src/bin/exactness/player.c: 1007 in _old_shots_rm_cb()
1001 _old_shots_rm_cb(const char *name, const char *path, void *data)
1002 {
1003 const char *prefix = data;
1004 unsigned int len = strlen(prefix);
1005 if (!strncmp(name, prefix, len) && (strlen(name) > len) &&
(name[len] == SHOT_DELIMITER))
1006 {
CID 1419863: Memory - corruptions (OVERRUN)
Allocating insufficient memory for the terminating null of the string.
1007 char *buf = alloca(strlen(path) + strlen(name));
1008 sprintf(buf, "%s/%s", path, name);
1009 if (unlink(buf))
1010 {
1011 printf("Failed deleting '%s/%s': ", path, name);
1012 perror("");
** CID 1419862: Null pointer dereferences (FORWARD_NULL)
/src/bin/exactness/inspect.c: 172 in _are_scenario_entries_different()
________________________________________________________________________________________________________
*** CID 1419862: Null pointer dereferences (FORWARD_NULL)
/src/bin/exactness/inspect.c: 172 in _are_scenario_entries_different()
166 }
167 168 static Eina_Bool
169 _are_scenario_entries_different(Exactness_Action *act1,
Exactness_Action *act2)
170 {
171 if (!act1 ^ !act2) return EINA_TRUE;
CID 1419862: Null pointer dereferences (FORWARD_NULL)
Dereferencing null pointer "act1".
172 if (act1->type != act2->type) return EINA_TRUE;
173 switch(act1->type)
174 {
175 case EXACTNESS_ACTION_MOUSE_WHEEL:
176 return !!memcmp(act1->data, act2->data,
sizeof(Exactness_Action_Mouse_Wheel));
177 case EXACTNESS_ACTION_MULTI_DOWN:
** CID 1419861: Control flow issues (DEADCODE)
/src/bin/exactness/inspect.c: 1302 in main()
________________________________________________________________________________________________________
*** CID 1419861: Control flow issues (DEADCODE)
/src/bin/exactness/inspect.c: 1302 in main()
1296 {
1297 fprintf(stderr, "Failed parsing arguments.\n");
1298 goto end;
1299 }
1300 if (want_quit)
1301 {
CID 1419861: Control flow issues (DEADCODE)
Execution cannot reach this statement: "goto end;".
1302 goto end;
1303 }
1304 if ((clean || delay || shot || list_get || stabilize ||
pack) && args == argc)
1305 {
1306 fprintf(stderr, "Expected scenario (.rec/.exu) as the
last argument.\n");
1307 ecore_getopt_help(stderr, &optdesc);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExl4Ru1vqXvuwTryVO2Nj02BDTXle-2BVhCv8FT7jqbi77HUQo-2FVd-2B1-2F-2BoakUp0ZyUERYinKunD4dh9MAw6ivIOiF1IWC_JmTL-2B48xyW7Yn2O51uC4ogY6X2-2FLHNxtv4FHC5fbQZhuYYVL31lEnfJOVN3r2TBdXxlEFGDeXNP5zI-2FFxmeAa-2BSF2wxBcBABm93WLgY7dhq4sejN0BSjBO1AzRfCHlS52CF6sF7LBOXBawfZRpqA0qxVHvgn6kvIzgAg6hpmmCLRVKZReZrZzpPEySI1BtqYT7X3LlJxCwHIHqndgBUByJq8-2FvYoikiYYu1RV35DJseib3fzt36O6M1i7BcCZnK-2F
To manage Coverity Scan email notifications for
"[email protected]", click
https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teEwKPNNrzEFiIgTetQBd7l2Xvx3RmExSxSary1NKqbYJzvAYN6rIwjwlzCIDsnVxKIs1IsiMKrMudAasp4-2BXTMe-2BsMV5Xf019f-2BnGDivW0l0gdQKwBmPFehuj-2Bg1WWnyp1U-3DL583_JmTL-2B48xyW7Yn2O51uC4ogY6X2-2FLHNxtv4FHC5fbQZhuYYVL31lEnfJOVN3r2TBdXxlEFGDeXNP5zI-2FFxmeAawQ23funHX4nLTm2ns4Smoea1cxUw260mLOQUwDTb1kBCTBE8nmLoXcTZKCxWtpqxAItDZ3KGfZAf0SR4ZwAOkHwqEw-2BubZUhW-2FOjaAuO9tTthz5jqXXcxFN9nCK3kNLgsojjHZDKEwynzfDkhJdKU2rcGJvE59FcH4A-2FRTbXyIn
_______________________________________________
enlightenment-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
