Fw: New Defects reported by Coverity Scan for ntpsec
1439 default: { 1440/* There should be a way for the compiler to check this. */ 1441 bool once =3D false; >>> CID 435753: Possible Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "return;". =20 1442 if (once) return; /* Avoid log file DDoS */ That's some of my new code. In this case, I'm switching on a enum and have handled all the cases so the default "can't happen". How do I get the compiler to tell me if I missed an option on a switch statement? Of course, the data might get mashed, so the other question is: How do I get coverty to not complain about this code? -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Fw: New Defects reported by Coverity Scan for ntpsec
I don't know my way around coverty. Does this have a meaning? > ** CID 349664: Uninitialized variables (UNINIT) Can I poke that number into a web form or something like that? I think I have a fix. How do I test it? -- These are my opinions. I hate spam. ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Fw: New Defects reported by Coverity Scan for ntpsec
Yo All! New coverity found defect in NTPsec. See below. RGDS GARY --- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin Begin forwarded message: Please find the latest report on new defect(s) introduced to ntpsec found with Coverity Scan. 1 new defect(s) introduced to ntpsec found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 349664: Uninitialized variables (UNINIT) *** CID 349664: Uninitialized variables (UNINIT) /tests/ntpd/nts_client.c: 122 in TEST_nts_client_nts_client_process_response_core_() 116 0x80, nts_new_cookie, 0, 8, 1, 2, 3, 4, 5, 6, 7, 8, 117 /* server_negotiation skipped due to getaddrinfo() containment breach */ 118 0x80, nts_port_negotiation, 0, 2, 0, 3, 119 0x80, nts_end_of_message, 0, 0 120}; 121 /* run */ >>> CID 349664: Uninitialized variables (UNINIT) >>> Using uninitialized value "peer.srcadr" when calling >>> "nts_client_process_response_core". 122 success = nts_client_process_response_core(buf0, sizeof(buf0), ); 123 /* check */ 124 TEST_ASSERT_EQUAL(true, success); 125 TEST_ASSERT_EQUAL_INT16(AEAD_AES_SIV_CMAC_256, peer.nts_state.aead); 126 TEST_ASSERT_EQUAL_INT32(8, peer.nts_state.cookielen); 127 TEST_ASSERT_EQUAL_INT8(1, peer.nts_state.cookies[0][0]); To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp8Ldxo61EGGRiTZ6U-2Bjg3sA07-2BBpfNSmUdAWFIW4-2FfVHYSy8cV7mYfZsABp8TO5F4-3DjMwg_V4vXdTh-2BxT-2BxCKbyFfrSoP7IYJKibTqYyKHgATb-2BpYZS-2FWAmCwblwmm8OcEIl6rwptgxCXQw8DeLi3jMzJ0Ec2uQGrvTHiyT6WJjvJ8OvJIHuVm4WHhe-2BcrRqlFkHWXlMqEgTM-2BeF7kt9bKBa-2FIvADI1y13fvqPKbRdFIZSeVcua8J3HFm7RKgR-2FfDsa3H-2FOV5xPhCsZTT6emXTwZ-2B5jog-3D-3D To manage Coverity Scan email notifications for "g...@rellim.com", click https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yped04pjJnmXOsUBtKYNIXx7Tfqjjbls0cEjccfNLTtXEyJGZ4VdMsA5BAyVQQG3-2BhiayktbDtQ9xydmCGCqXM-2FiCfaecVOZTo8suXWaB1cwto7f0wTnlZytc1QYkzBIo8-3DjF1g_V4vXdTh-2BxT-2BxCKbyFfrSoP7IYJKibTqYyKHgATb-2BpYZS-2FWAmCwblwmm8OcEIl6rwXXxfomDL5d4K9aapJ8FcOsqqb5zd2yMSNgtK221QuiXgR7tmqseRzvquUgRSaY3Qb17dEjt-2F8P1VYncR0LVXUkkvoGxsL5JZuNZOkz-2BPwjB46Boo1leo3ugTdcZUwzKANXYyje31ZbO0eRLHnHYJSg-3D-3D RGDS GARY --- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin pgp395n1jIaaZ.pgp Description: OpenPGP digital signature ___ devel mailing list devel@ntpsec.org https://lists.ntpsec.org/mailman/listinfo/devel
Re: Fw: New Defects reported by Coverity Scan for ntpsec
On Mon, Jan 25, 2021 at 03:21:10PM -0800, James Browning via devel wrote: >Someone twisted a knob somewhere A new client for Coverity was released and it's more picky than the old client apparently. See https://scan.coverity.com/ "Coverity Upgrade to 2020.09" Thanks, -Matt ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Fw: New Defects reported by Coverity Scan for ntpsec
On Mon, Jan 25, 2021 at 12:03 PM Gary E. Miller via devel wrote: > Yo All! > > New coverity defects in ntpd. See below. > Date: Sun, 24 Jan 2021 07:29:27 + (UTC) > From: scan-ad...@coverity.com > To: g...@rellim.com > Subject: New Defects reported by Coverity Scan for ntpsec > > 4 new defect(s) introduced to ntpsec found with Coverity Scan. > ** CID 316495: Insecure data handling (TAINTED_SCALAR) > /ntpd/ntp_scanner.c: 185 in lex_getch() > last touched 'Tue Jun 16 08:26:12 2020 -0400' > *** CID 316494: Insecure data handling (TAINTED_SCALAR) > /tests/common/tests_main.c: 96 in main() > last touched 'Thu Apr 9 03:08:24 2020 -0700' > *** CID 316493: Uninitialized variables (UNINIT) > /ntpd/refclock_generic.c: 2865 in parse_start() last touched 'Fri Feb 14 21:49:45 2020 -0800' > *** CID 316492: Uninitialized variables (UNINIT) > /ntpd/refclock_oncore.c: 1887 in oncore_get_timestamp() last touched 'Mon Aug 19 20:00:55 2019 -0400' Someone twisted a knob somewhere and needs a wedgie. Also, the bugs need adjusting as well. I think some of those knobs should be turned down. The worst raft of errors comes from ESlint for javascript that should be voted out of the tree and then the next tier for C strings existing. ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Fw: New Defects reported by Coverity Scan for ntpsec
Yo All! New coverity defects in ntpd. See below. RGDS GARY --- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can't measure it, you can't improve it." - Lord Kelvin Begin forwarded message: Date: Sun, 24 Jan 2021 07:29:27 + (UTC) From: scan-ad...@coverity.com To: g...@rellim.com Subject: New Defects reported by Coverity Scan for ntpsec Hi, Please find the latest report on new defect(s) introduced to ntpsec found with Coverity Scan. 4 new defect(s) introduced to ntpsec found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 4 of 4 defect(s) ** CID 316495: Insecure data handling (TAINTED_SCALAR) /ntpd/ntp_scanner.c: 185 in lex_getch() *** CID 316495: Insecure data handling (TAINTED_SCALAR) /ntpd/ntp_scanner.c: 185 in lex_getch() 179 ch = stream->backch; 180 stream->backch = EOF; 181 if (stream->fpi) 182 conf_file_sum += (unsigned int)ch; 183 } else if (stream->fpi) { 184 /* fetch next 7-bit ASCII char (or EOF) from file */ >>> CID 316495: Insecure data handling (TAINTED_SCALAR) >>> Using tainted variable "ch" as a loop boundary. 185 while ((ch = fgetc(stream->fpi)) != EOF && ch > SCHAR_MAX) { 186stream->curpos.ncol++; 187 } 188 if (EOF != ch) { 189 conf_file_sum += (unsigned int)ch; 190 stream->curpos.ncol++; ** CID 316494: Insecure data handling (TAINTED_SCALAR) *** CID 316494: Insecure data handling (TAINTED_SCALAR) /tests/common/tests_main.c: 96 in main() 90 auth_init(); 91 init_network(); 92 93 args_argc = argc; 94 args_argv = argv; 95 >>> CID 316494: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted expression "**argv" to "UnityMain", which uses >>> it as a loop boundary. 96 return UnityMain(argc, argv, RunAllTests); ** CID 316493: Uninitialized variables (UNINIT) *** CID 316493: Uninitialized variables (UNINIT) /ntpd/refclock_generic.c: 2865 in parse_start() 2859/* 2860 * print out configuration 2861 */ 2862NLOG(NLOG_CLOCKINFO) 2863{ 2864/* conditional if clause for conditional syslog */ >>> CID 316493: Uninitialized variables (UNINIT) >>> Using uninitialized value "*parsedev" as argument to "%s" when >>> calling "msyslog". 2865msyslog(LOG_INFO, "REFCLOCK: PARSE receiver #%d: reference clock \"%s\" (I/O device %s, PPS device %s) added", 2866 parse->peer->procptr->refclkunit, 2867 parse->parse_type->cl_description, parsedev, 2868 (parse->ppsfd != parse->generic->io.fd) ? parseppsdev : parsedev); 2869 2870 msyslog(LOG_INFO, "REFCLOCK: PARSE receiver #%d: Stratum %d, trust time %s, precision %d", ** CID 316492: Uninitialized variables (UNINIT) *** CID 316492: Uninitialized variables (UNINIT) /ntpd/refclock_oncore.c: 1887 in oncore_get_timestamp() 1881if (!refclock_process(instance->pp)) { 1882refclock_report(instance->peer, CEVNT_BADTIME); 1883peer->cfg.flags &= ~FLAG_PPS; /* problem - clear PPS FLAG */ 1884return; 1885} 1886 >>> CID 316492: Uninitialized variables (UNINIT) >>> Using uninitialized value "*Msg" when calling "oncore_log". 1887oncore_log(instance, LOG_INFO, Msg); /* this is long message above */ 1888 instance->pollcnt = 2; 1889 1890if (instance->polled) { 1891instance->polled = 0; 1892 /* instance->pp->dispersion = instance->pp->skew = 0;*/ To view the defects in Coverity Scan visit,