Hi,
This a new report by Coverity about IUP 3.27 Windows port.
Best regards,
Ranier Vilela
________________________________________
De: scan-ad...@coverity.com <scan-ad...@coverity.com>
Enviado: sábado, 25 de maio de 2019 03:02
Para: ranier_...@hotmail.com
Assunto: New Defects reported by Coverity Scan for IUP - Portable User Interface
Hi,
Please find the latest report on new defect(s) introduced to IUP - Portable
User Interface found with Coverity Scan.
24 new defect(s) introduced to IUP - Portable User Interface found with
Coverity Scan.
37 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 24 defect(s)
** CID 341021: Parse warnings (PARSE_ERROR)
/include/atlbase.h: 73 in ()
________________________________________________________________________________________________________
*** CID 341021: Parse warnings (PARSE_ERROR)
/include/atlbase.h: 73 in ()
67 #error ATL requires C++ compilation (use a .cpp suffix)
68 #endif
69 #ifndef ATL_NO_LEAN_AND_MEAN
70 #define ATL_NO_LEAN_AND_MEAN
71 #endif
72
>>> CID 341021: Parse warnings (PARSE_ERROR)
>>> cannot open source file "atldef.h"
73 #include <atldef.h>
74
75 #ifndef _WINSOCKAPI_
76 #include <winsock2.h>
77 #endif
78
** CID 341020: Resource leaks (RESOURCE_LEAK)
/src/iup_globalsdlg.c: 239 in iGlobalsUpdate()
________________________________________________________________________________________________________
*** CID 341020: Resource leaks (RESOURCE_LEAK)
/src/iup_globalsdlg.c: 239 in iGlobalsUpdate()
233 IupSetAttributeId(list1, "", j + 1, attribs[i].name);
234 IupSetIntId(list1, "_IUP_READONLY", j + 1, attribs[i].readonly);
235 j++;
236 }
237
238 total_count = iupGetFunctions(NULL, 0);
>>> CID 341020: Resource leaks (RESOURCE_LEAK)
>>> Overwriting "attr_names" in "attr_names = (signed char
>>> **)malloc(total_count * 4U)" leaks the storage that "attr_names" points to.
239 attr_names = (char **)malloc(total_count * sizeof(char *));
240 attr_count = iupGetFunctions(attr_names, total_count);
241 for (i = 0; i < attr_count; i++)
242 IupSetAttributeId(list3, "", i + 1, attr_names[i]);
243
244 free(attr_names);
** CID 341019: Error handling issues (CHECKED_RETURN)
/src/win/iupwin_label.c: 301 in winLabelMsgProc()
________________________________________________________________________________________________________
*** CID 341019: Error handling issues (CHECKED_RETURN)
/src/win/iupwin_label.c: 301 in winLabelMsgProc()
295 }
296 case WM_XBUTTONUP:
297 case WM_LBUTTONUP:
298 case WM_MBUTTONUP:
299 case WM_RBUTTONUP:
300 {
>>> CID 341019: Error handling issues (CHECKED_RETURN)
>>> Calling "iupwinButtonUp" without checking return value (as is done
>>> elsewhere 8 out of 10 times).
301 iupwinButtonUp(ih, msg, wp, lp);
302 break;
303 }
304 case WM_MOUSEMOVE:
305 {
306 if (iupwinMouseMove(ih, msg, wp, lp))
** CID 341018: Resource leaks (RESOURCE_LEAK)
/srcfiledlg/iupwin_newfiledlg.cpp: 852 in winNewFileDlgPopup(Ihandle_ *, int,
int)()
________________________________________________________________________________________________________
*** CID 341018: Resource leaks (RESOURCE_LEAK)
/srcfiledlg/iupwin_newfiledlg.cpp: 852 in winNewFileDlgPopup(Ihandle_ *, int,
int)()
846
847 if (opfd)
848 opfd->Release();
849 if (spfd)
850 spfd->Release();
851
>>> CID 341018: Resource leaks (RESOURCE_LEAK)
>>> Variable "directory" going out of scope leaks the storage it points to.
852 return IUP_NOERROR;
853 }
854
855 extern "C" {
856 /* the only exported function,
857 once called it will replace regular IupFileDlg */
** CID 341017: Security best practices violations (STRING_OVERFLOW)
/src/win/iupwin_image_wdl.c: 383 in iupwinWdlImageGetImage()
________________________________________________________________________________________________________
*** CID 341017: Security best practices violations (STRING_OVERFLOW)
/src/win/iupwin_image_wdl.c: 383 in iupwinWdlImageGetImage()
377 if (make_inactive)
378 strcat(cache_name, "_INACTIVE");
379
380 if (iupAttribGet(ih, "_IUP_BGCOLOR_DEPEND") && bgcolor)
381 {
382 strcat(cache_name, "(");
>>> CID 341017: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 100-character fixed-size string "cache_name" by
>>> copying "bgcolor" without checking the length.
383 strcat(cache_name, bgcolor);
384 strcat(cache_name, ")");
385 bg_concat = 1;
386 }
387
388 /* Check for an already created native image */
** CID 341016: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 341016: Null pointer dereferences (FORWARD_NULL)
/src/iup_layoutdlg.c: 1668 in iLayoutPropertiesIdTextChanged_CB()
1662 else
1663 IupSetAttribute(txt1, "VALUE", "NULL");
1664
1665 if (strstr(name, "COLOR") != NULL)
1666 {
1667 Ihandle* colorbut = IupGetDialogChild(id_text, "SETCOLORBUT");
>>> CID 341016: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "value" to "IupStoreAttribute", which dereferences
>>> it.
1668 IupStoreAttribute(colorbut, "BGCOLOR", value);
1669 }
1670 }
1671 return IUP_DEFAULT;
1672 }
1673
** CID 341015: Integer handling issues (DIVIDE_BY_ZERO)
________________________________________________________________________________________________________
*** CID 341015: Integer handling issues (DIVIDE_BY_ZERO)
/src/iup_flatscrollbar.c: 1047 in iupFlatScrollBarSetChildrenCurrentSize()
1041 iFlatScrollBarCalcHandler(ih->currentheight, 0, ymax, dy,
sb_size, posy, &pos1, &pos2);
1042 iupBaseSetCurrentSize(sb_vert, sb_size, pos2 - pos1 + 1,
shrink); /* sb_vert->currentheight == dy in pixels */
1043 }
1044
1045 if (!iupAttribGetBoolean(ih, "XHIDDEN"))
1046 {
>>> CID 341015: Integer handling issues (DIVIDE_BY_ZERO)
>>> In function call "iFlatScrollBarCalcHandler", division by expression
>>> "xmax" which may be zero has undefined behavior.
1047 iFlatScrollBarCalcHandler(ih->currentwidth, 0, xmax, dx,
sb_size, posx, &pos1, &pos2);
1048 iupBaseSetCurrentSize(sb_horiz, pos2 - pos1 + 1, sb_size,
shrink); /* sb_horiz->currentwidth == dx in pixels */
1049 }
1050 }
1051 else
1052 {
** CID 341014: Error handling issues (NEGATIVE_RETURNS)
/src/iup_flattabs.c: 175 in iFlatTabsUpdateScrollPos()
________________________________________________________________________________________________________
*** CID 341014: Error handling issues (NEGATIVE_RETURNS)
/src/iup_flattabs.c: 175 in iFlatTabsUpdateScrollPos()
169
170 if (tabType == ITABS_TOP || tabType == ITABS_BOTTOM)
171 extra_size = iFlatTabsGetExtraWidth(ih, extra_buttons,
img_position, horiz_padding);
172 else
173 extra_size = iFlatTabsGetExtraHeight(ih, extra_buttons,
img_position, horiz_padding);
174
>>> CID 341014: Error handling issues (NEGATIVE_RETURNS)
>>> "count" is passed to a parameter that cannot be negative.
175 visible_width = calloc(count, sizeof(int));
176
177 check_size = 0;
178 for (pos = scroll_pos, child = ih->firstchild; child && pos <=
child_pos; child = child->brother, pos++)
179 {
180 int tabvisible = iupAttribGetBooleanId(ih, "TABVISIBLE", pos);
** CID 341013: Resource leaks (RESOURCE_LEAK)
/src/win/iupwin_draw.c: 91 in iupwinDrawThemeInit()
________________________________________________________________________________________________________
*** CID 341013: Resource leaks (RESOURCE_LEAK)
/src/win/iupwin_draw.c: 91 in iupwinDrawThemeInit()
85 {
86 winThemeOpenData = (_winThemeOpenData)GetProcAddress(hinstDll,
"OpenThemeData");
87 winThemeCloseData = (_winThemeCloseData)GetProcAddress(hinstDll,
"CloseThemeData");
88 winThemeDrawBackground =
(_winThemeDrawBackground)GetProcAddress(hinstDll, "DrawThemeBackground");
89 winThemeGetColor = (_winThemeGetColor)GetProcAddress(hinstDll,
"GetThemeColor");
90 }
>>> CID 341013: Resource leaks (RESOURCE_LEAK)
>>> Variable "hinstDll" going out of scope leaks the storage it points to.
91 }
92 }
93
94 static int winDrawGetThemeStateId(int itemState)
95 {
96 if (itemState & ODS_DISABLED)
** CID 341012: Error handling issues (CHECKED_RETURN)
/src/win/iupwin_button.c: 555 in winButtonMsgProc()
________________________________________________________________________________________________________
*** CID 341012: Error handling issues (CHECKED_RETURN)
/src/win/iupwin_button.c: 555 in winButtonMsgProc()
549 case WM_XBUTTONUP:
550 case WM_LBUTTONUP:
551 case WM_MBUTTONUP:
552 case WM_RBUTTONUP:
553 {
554 /* Process BUTTON_CB */
>>> CID 341012: Error handling issues (CHECKED_RETURN)
>>> Calling "iupwinButtonUp" without checking return value (as is done
>>> elsewhere 8 out of 10 times).
555 iupwinButtonUp(ih, msg, wp, lp);
556
557 if (!iupObjectCheck(ih))
558 {
559 *result = 0;
560 return 1;
** CID 341011: Security best practices violations (STRING_OVERFLOW)
/srccd/iup_draw_cd.c: 100 in cdfont()
________________________________________________________________________________________________________
*** CID 341011: Security best practices violations (STRING_OVERFLOW)
/srccd/iup_draw_cd.c: 100 in cdfont()
94 is_strikeout = 1;
95
96 sprintf(font, "%s, %s%s%s%s%d", type_face, is_bold ? "Bold " : "",
is_italic ? "Italic " : "", is_underline ? "Underline " : "", is_strikeout ?
"Strikeout " : "", size);
97
98 /* store in native font and manually save font parameters */
99 strcpy(ctxcanvas->canvas->native_font, font);
>>> CID 341011: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 1024-character fixed-size string
>>> "ctxcanvas->canvas->font_type_face" by copying "type_face" without checking
>>> the length.
100 strcpy(ctxcanvas->canvas->font_type_face, type_face);
101 ctxcanvas->canvas->font_style = style;
102 ctxcanvas->canvas->font_size = size;
103
104 return 0;
105 }
** CID 341010: Possible Control flow issues (DEADCODE)
/src/win/iupwin_label.c: 90 in winLabelDrawImage()
________________________________________________________________________________________________________
*** CID 341010: Possible Control flow issues (DEADCODE)
/src/win/iupwin_label.c: 90 in winLabelDrawImage()
84 x += xpad;
85 y += ypad;
86
87 iupwinDrawBitmap(hDC, hBitmap, x, y, width, height, width, height,
bpp);
88
89 if (hMask)
>>> CID 341010: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "DeleteObject(hMask);".
90 DeleteObject(hMask);
91 }
92
93 static void winLabelDrawText(Ihandle* ih, HDC hDC, int rect_width, int
rect_height, UINT itemState)
94 {
95 int xpad = ih->data->horiz_padding,
** CID 341009: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 341009: (FORWARD_NULL)
/src/iup_globalsdlg.c: 314 in iGlobalsSet_CB()
308 else
309 IupSetStrGlobal(name, value);
310
311 if (strstr(name, "COLOR") != NULL)
312 {
313 Ihandle* colorbut = (Ihandle *)iupAttribGetInherit(list1,
"_IUP_COLORBUTTON");
>>> CID 341009: (FORWARD_NULL)
>>> Passing null pointer "value" to "IupStoreAttribute", which dereferences
>>> it.
314 IupStoreAttribute(colorbut, "BGCOLOR", value); /* set it even if
it is NULL */
315 IupSetStrGlobal("BGCOLOR", value);
316 }
317 }
318 return IUP_DEFAULT;
319 }
/src/iup_globalsdlg.c: 315 in iGlobalsSet_CB()
309 IupSetStrGlobal(name, value);
310
311 if (strstr(name, "COLOR") != NULL)
312 {
313 Ihandle* colorbut = (Ihandle *)iupAttribGetInherit(list1,
"_IUP_COLORBUTTON");
314 IupStoreAttribute(colorbut, "BGCOLOR", value); /* set it even if
it is NULL */
>>> CID 341009: (FORWARD_NULL)
>>> Passing null pointer "value" to "IupSetStrGlobal", which dereferences
>>> it.
315 IupSetStrGlobal("BGCOLOR", value);
316 }
317 }
318 return IUP_DEFAULT;
319 }
320
** CID 341008: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 341008: Null pointer dereferences (FORWARD_NULL)
/src/iup_split.c: 374 in iSplitSetColorAttrib()
368
369 static int iSplitSetColorAttrib(Ihandle* ih, const char* value)
370 {
371 if (value != NULL && ih->data->showgrip == 0)
372 IupSetAttribute(ih->firstchild, "STYLE", "FILL");
373
>>> CID 341008: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "value" to "IupSetStrAttribute", which
>>> dereferences it.
374 IupSetStrAttribute(ih->firstchild, "COLOR", value);
375 return 0;
376 }
377
378 static char* iSplitGetColorAttrib(Ihandle* ih)
379 {
** CID 341007: (STRING_OVERFLOW)
/src/iup_layoutdlg.c: 1648 in iLayoutPropertiesIdTextChanged_CB()
/src/iup_layoutdlg.c: 1652 in iLayoutPropertiesIdTextChanged_CB()
________________________________________________________________________________________________________
*** CID 341007: (STRING_OVERFLOW)
/src/iup_layoutdlg.c: 1648 in iLayoutPropertiesIdTextChanged_CB()
1642 Ihandle* txt1 = IupGetDialogChild(id_text, "VALUE1A");
1643 Ihandle* list1 = (Ihandle*)iupAttribGetInherit(id_text,
"_IUP_PROPLIST1");
1644 char* itemlist1 = IupGetAttribute(list1, "VALUE");
1645 if (!itemlist1)
1646 return IUP_DEFAULT;
1647
>>> CID 341007: (STRING_OVERFLOW)
>>> You might overrun the 100-character fixed-size string "name" by copying
>>> the return value of "IupGetAttribute" without checking the length.
1648 strcpy(name, IupGetAttribute(list1, itemlist1));
1649
1650 iupClassGetAttribNameInfo(elem->iclass, name, &def_value, &flags);
1651
1652 strcat(name, id);
1653
/src/iup_layoutdlg.c: 1652 in iLayoutPropertiesIdTextChanged_CB()
1646 return IUP_DEFAULT;
1647
1648 strcpy(name, IupGetAttribute(list1, itemlist1));
1649
1650 iupClassGetAttribNameInfo(elem->iclass, name, &def_value, &flags);
1651
>>> CID 341007: (STRING_OVERFLOW)
>>> You might overrun the 100-character fixed-size string "name" by copying
>>> "id" without checking the length.
1652 strcat(name, id);
1653
1654 value = IupGetAttribute(elem, name);
1655 if (value)
1656 {
1657 if (flags&IUPAF_NO_STRING)
** CID 341006: Integer handling issues (DIVIDE_BY_ZERO)
________________________________________________________________________________________________________
*** CID 341006: Integer handling issues (DIVIDE_BY_ZERO)
/src/iup_flatscrollbar.c: 1083 in iupFlatScrollBarSetChildrenPosition()
1077 iFlatScrollBarCalcHandler(ih->currentheight, 0, ymax, dy,
sb_size, posy, &pos1, &pos2);
1078 iupBaseSetPosition(sb_vert, ih->currentwidth - sb_size, pos1);
1079 }
1080
1081 if (!iupAttribGetBoolean(ih, "XHIDDEN"))
1082 {
>>> CID 341006: Integer handling issues (DIVIDE_BY_ZERO)
>>> In function call "iFlatScrollBarCalcHandler", division by expression
>>> "xmax" which may be zero has undefined behavior.
1083 iFlatScrollBarCalcHandler(ih->currentwidth, 0, xmax, dx,
sb_size, posx, &pos1, &pos2);
1084 iupBaseSetPosition(sb_horiz, pos1, ih->currentheight - sb_size);
1085 }
1086 }
1087 else
1088 {
** CID 341005: Null pointer dereferences (FORWARD_NULL)
/srcfiledlg/iupwin_newfiledlg.cpp: 726 in winNewFileDlgPopup(Ihandle_ *, int,
int)()
________________________________________________________________________________________________________
*** CID 341005: Null pointer dereferences (FORWARD_NULL)
/srcfiledlg/iupwin_newfiledlg.cpp: 726 in winNewFileDlgPopup(Ihandle_ *, int,
int)()
720 }
721 }
722 else
723 {
724 IShellItemArray *psiaResult;
725
>>> CID 341005: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "opfd" to "GetResults", which dereferences it.
>>> (The dereference happens because this is a virtual function call.)
726 hr = opfd->GetResults(&psiaResult);
727 if (SUCCEEDED(hr))
728 {
729 PWSTR pszFilePath = NULL;
730 DWORD dwNumItems = 0; // number of items in multiple selection
731
** CID 341004: (REVERSE_INULL)
/srcfiledlg/iupwin_newfiledlg.cpp: 353 in winNewFileDlgCreateFilterSpecs(char
*, int *)()
/srcfiledlg/iupwin_newfiledlg.cpp: 369 in winNewFileDlgCreateFilterSpecs(char
*, int *)()
________________________________________________________________________________________________________
*** CID 341004: (REVERSE_INULL)
/srcfiledlg/iupwin_newfiledlg.cpp: 353 in winNewFileDlgCreateFilterSpecs(char
*, int *)()
347 filters[i].pszName = iupwinStrToSystem(name);
348 break;
349 }
350 filter++;
351 }
352
>>> CID 341004: (REVERSE_INULL)
>>> Null-checking "filter" suggests that it may be null, but it has already
>>> been dereferenced on all paths leading to the check.
353 if (!filter)
354 break;
355
356 name = ++filter;
357
358 while (*filter)
/srcfiledlg/iupwin_newfiledlg.cpp: 369 in winNewFileDlgCreateFilterSpecs(char
*, int *)()
363 filters[i].pszSpec = iupwinStrToSystem(name);
364 break;
365 }
366 filter++;
367 }
368
>>> CID 341004: (REVERSE_INULL)
>>> Null-checking "filter" suggests that it may be null, but it has already
>>> been dereferenced on all paths leading to the check.
369 if (!filter)
370 break;
371
372 i++;
373 name = ++filter;
374
** CID 341003: Resource leaks (RESOURCE_LEAK)
/srcfiledlg/iupwin_newfiledlg.cpp: 803 in winNewFileDlgPopup(Ihandle_ *, int,
int)()
________________________________________________________________________________________________________
*** CID 341003: Resource leaks (RESOURCE_LEAK)
/srcfiledlg/iupwin_newfiledlg.cpp: 803 in winNewFileDlgPopup(Ihandle_ *, int,
int)()
797 char nameid[100];
798 char *fname = iupStrFileGetTitle(filename);
799 sprintf(nameid, "MULTIVALUE%d", i + 1);
800 iupAttribSetStrf(ih, nameid, "%s%s", dir, fname);
801
802 iupAttribSetStrf(ih, "VALUE", "%s%s|", value,
iupAttribGetId(ih, "MULTIVALUE", i + 1));
>>> CID 341003: Resource leaks (RESOURCE_LEAK)
>>> Variable "fname" going out of scope leaks the storage it points to.
803 }
804 else
805 {
806 iupAttribSetStrId(ih, "MULTIVALUE", i + 1, filename);
807
808 if (i == 0)
** CID 341002: Resource leaks (RESOURCE_LEAK)
/src/win/iupwin_draw.c: 79 in iupwinDrawThemeInit()
________________________________________________________________________________________________________
*** CID 341002: Resource leaks (RESOURCE_LEAK)
/src/win/iupwin_draw.c: 79 in iupwinDrawThemeInit()
73 {
74 if (!winAlphaBlend)
75 {
76 HINSTANCE lib = LoadLibrary(TEXT("Msimg32"));
77 if (lib)
78 winAlphaBlend = (_winAlphaBlendFunc)GetProcAddress(lib,
"AlphaBlend");
>>> CID 341002: Resource leaks (RESOURCE_LEAK)
>>> Variable "lib" going out of scope leaks the storage it points to.
79 }
80
81 if (!winThemeOpenData && iupwin_comctl32ver6)
82 {
83 HMODULE hinstDll = LoadLibrary(TEXT("uxtheme.dll"));
84 if (hinstDll)
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZfAtCqgPBMdgGkhuAKg1yT0Ih2yuJh1J0qt0b6HtTyCiyxkqLFT8-2FBVlV2qqhAorvdLendW6Nv8wPCNeam3biR_eiB7fn2qCcye0Rgfi8ocKxjvSeIjDfclXGEvRcfqXt-2BCX3Cww48-2FEc8Wbb-2FnXVVmkTsdM4Dn6Ar-2FuJLJ0JhPK-2Bu4VnglFRf1EbyjsZrsgwCsNvhfNHkAISfY3HGZslTaNHb0fEX7NpprvY66FMov7X1opwqGkl4-2Bvaeh9B6rIXUUWME4lGavqWQzlO5wY7vzIT93seGbm2dkMahgmfRWQSTwHGvJVCNV8GlodI6kme8-3D
To manage Coverity Scan email notifications for "ranier_...@hotmail.com",
click
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4Q7HtAiL0B2JjzS9tGzNjj0xCKPpJpNlZfiSpXQdYQgl-2ByL0XrqtoUO-2FUmHQ4rCH9WlVuR5AJaY99S7Dxg8OoV09ZQj6UNeuZPDB50pIrfis-3D_eiB7fn2qCcye0Rgfi8ocKxjvSeIjDfclXGEvRcfqXt-2BCX3Cww48-2FEc8Wbb-2FnXVVm9gGIluPFb5kBa4e-2FVbZBc6QJMqAeeF8wys1ukeGYBjYi1i2VP-2BfpljwCkoL1p3jLNQwBtW8zqHCVLBb0lp88kjHm5i3-2BFmfgz9QI1RXExb-2F3jHu9uTcMlqmZLNDI7wvYrO4lKfzeL9eFeTQ-2BQrFNr3MPp1skWYfe5VLi8OpjbpU-3D
_______________________________________________
Iup-users mailing list
Iup-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/iup-users
