[matplotlib-devel] Coverity defects in python-basemap

Mon, 01 Aug 2011 07:38:53 -0700 

 Hi,
I would like to report some issues in python basemap package and easy-fixes for some of them. We would really appreciate if there was somebody who could look 
on this and consider important bugs to be fixed.

These bugs was found by Coverity scan and we have ran it on Fedora 15
packages (srpm). There was some findings in python basemap package also. Coverity is proprietary software but we can give its result to community (if interrested), 
possibly we can re-run some tests on srpms on demand.

Patch for next three obvious bugs (plaintext cov. output) is attached:

Error: OVERRUN_STATIC:
basemap-0.99.4/src/pj_gridlist.c:252: overrun-local: Overrunning static array "name", with 128 elements, at position 128 with index variable "end_char". 

Error: UNINIT:
basemap-0.99.4/src/mk_cheby.c:42: var_decl: Declaring variable "T" without initializer. basemap-0.99.4/src/mk_cheby.c:150: uninit_use: Using uninitialized value "T". basemap-0.99.4/src/mk_cheby.c:151: uninit_use: Using uninitialized value "T->mu". basemap-0.99.4/src/mk_cheby.c:152: uninit_use: Using uninitialized value "T->cu". basemap-0.99.4/src/mk_cheby.c:154: uninit_use: Using uninitialized value "T->mv". basemap-0.99.4/src/mk_cheby.c:155: uninit_use: Using uninitialized value "T->cv". basemap-0.99.4/src/mk_cheby.c:163: uninit_use: Using uninitialized value "T". 

Error: NO_EFFECT:
basemap-0.99.4/src/PJ_sconics.c:52: self_assign: Assignment operation "*del = *del" has no effect. 

__________________________

But there is more defects (or coding style issues) and some of them are not
so obvious. There could be potential problems -- need to be consulted, e.g.:

Error: EVALUATION_ORDER:
basemap-0.99.4/src/PJ_stere.c:232: write_write_order: In "P->phits = (pj_param(P->params, "tlat_ts").i ? P->phits = pj_param(P->params, "rlat_ts").f : 1.5708)", "P->phits" is written in "P->phits" (the assignment left-hand side) and written in "pj_param(P->params, "tlat_ts").i ? P->phits = pj_param(P->params, "rlat_ts").f : 1.5708" but the order in which the side effects take place is undefined because there is no intervening sequence point. 

Error: FORWARD_NULL:
basemap-0.99.4/src/emess.c:29: var_compare_op: Comparing "fmt" to null implies that "fmt" might be null. basemap-0.99.4/src/emess.c:51: var_deref_model: Passing null variable "fmt" to function "vfprintf", which dereferences it. 

Error: FORWARD_NULL:
basemap-0.99.4/src/pj_gridinfo.c:505: var_compare_op: Comparing "gp" to null implies that "gp" might be null. basemap-0.99.4/src/pj_gridinfo.c:512: alias_transfer: Assigning null: "lnk" = "gp". basemap-0.99.4/src/pj_gridinfo.c:512: var_deref_op: Dereferencing null variable "lnk". 

Error: FORWARD_NULL:
basemap-0.99.4/src/pj_ell_set.c:30: var_compare_op: Comparing "start->next" to null implies that "start->next" might be null. basemap-0.99.4/src/pj_ell_set.c:92: var_deref_op: Dereferencing null variable "start->next". 

Coverity test was done on:
http://sourceforge.net/projects/matplotlib/files/matplotlib-toolkits/basemap-0.99.4/basemap-0.99.4.tar.gz

..so svn version is little different (line numbers) but it can be handy for
finding hidden bugs. I can send you full plain-text log if you want.

Pavel



Index: src/mk_cheby.c
===================================================================
--- src/mk_cheby.c	(revision 8988)
+++ src/mk_cheby.c	(working copy)
@@ -36,7 +36,7 @@
 mk_cheby(projUV a, projUV b, double res, projUV *resid, projUV (*func)(projUV), 
 	int nu, int nv, int power) {
 	int j, i, nru, nrv, *ncu, *ncv;
-	Tseries *T;
+	Tseries *T = NULL;
 	projUV **w;
 	double cutres;
 
Index: src/pj_gridlist.c
===================================================================
--- src/pj_gridlist.c	(revision 8988)
+++ src/pj_gridlist.c	(working copy)
@@ -227,7 +227,7 @@
              s[end_char] != '\0' && s[end_char] != ','; 
              end_char++ ) {}
 
-        if( end_char > sizeof(name) )
+        if( end_char >= sizeof(name) )
         {
             pj_errno = -38;
             pj_release_lock();
Index: src/PJ_sconics.c
===================================================================
--- src/PJ_sconics.c	(revision 8988)
+++ src/PJ_sconics.c	(working copy)
@@ -46,7 +46,6 @@
 		*del = 0.5 * (p2 - p1);
 		P->sig = 0.5 * (p2 + p1);
 		err = (fabs(*del) < EPS || fabs(P->sig) < EPS) ? -42 : 0;
-		*del = *del;
 	}
 	return err;
 }

------------------------------------------------------------------------------
Got Input?   Slashdot Needs You.
Take our quick survey online.  Come on, we don't ask for help often.
Plus, you'll get a chance to win $100 to spend on ThinkGeek.
http://p.sf.net/sfu/slashdot-survey

_______________________________________________
Matplotlib-devel mailing list
Matplotlib-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/matplotlib-devel

Reply via email to