--- Begin Message ---
Hi,
Please find the latest report on new defect(s) introduced to Wireshark found
with Coverity Scan
Defect(s) Reported-by: Coverity Scan
Showing 7 of 11 defects
** CID 1111814: Unused pointer value (UNUSED_VALUE)
** CID 1111813: Unintended sign extension (SIGN_EXTENSION)
** CID 1111812: Unintended sign extension (SIGN_EXTENSION)
** CID 1111811: Unintended sign extension (SIGN_EXTENSION)
** CID 1111810: Unintended sign extension (SIGN_EXTENSION)
** CID 1111809: Unintended sign extension (SIGN_EXTENSION)
** CID 1111808: Unintended sign extension (SIGN_EXTENSION)
________________________________________________________________________
CID 1111814: Unused pointer value (UNUSED_VALUE)
/epan/dissectors/file-elf.c: 1390 ( returned_pointer)
1387
1388 name = wmem_strdup_printf(wmem_packet_scope(),
"ProgramHeaderEntry #%u", phnum - i_16 - 1);
1389
>>> Pointer "segment_item" returned by "proto_tree_add_text(ph_entry_tree, tvb,
>>> value_guard(p_offset), value_guard(segment_size), "Segment")" is never used.
1390 segment_item = proto_tree_add_text(ph_entry_tree, tvb,
1391 value_guard(p_offset),
value_guard(segment_size), "Segment");
1392
1393 file_size += segment_size;
1394
________________________________________________________________________
CID 1111813: Unintended sign extension (SIGN_EXTENSION)
/epan/dissectors/file-elf.c: 652 ( sign_extension)
649 if (shndx > shnum)
650 return NULL;
651
>>> Suspicious implicit sign extension: "shndx" with type "unsigned short" (16
>>> bits, unsigned) is promoted in "shndx * shentsize" to type "int" (32 bits,
>>> signed), then sign-extended to type "unsigned long" (64 bits, unsigned).
>>> If "shndx * shentsize" is greater than 0x7FFFFFFF, the upper bits of the
>>> result will all be 1.
652 offset = value_guard(shoff + shndx * shentsize);
653 sh_name = (machine_encoding == ENC_BIG_ENDIAN) ?
tvb_get_ntohl(tvb, offset) : tvb_get_letohl(tvb, offset);
654 return tvb_get_const_stringz(tvb, value_guard(shstrtab_offset +
sh_name), NULL);
655 }
656
________________________________________________________________________
CID 1111812: Unintended sign extension (SIGN_EXTENSION)
/epan/dissectors/file-elf.c: 652 ( sign_extension)
649 if (shndx > shnum)
650 return NULL;
651
>>> Suspicious implicit sign extension: "shentsize" with type "unsigned short"
>>> (16 bits, unsigned) is promoted in "shndx * shentsize" to type "int" (32
>>> bits, signed), then sign-extended to type "unsigned long" (64 bits,
>>> unsigned). If "shndx * shentsize" is greater than 0x7FFFFFFF, the upper
>>> bits of the result will all be 1.
652 offset = value_guard(shoff + shndx * shentsize);
653 sh_name = (machine_encoding == ENC_BIG_ENDIAN) ?
tvb_get_ntohl(tvb, offset) : tvb_get_letohl(tvb, offset);
654 return tvb_get_const_stringz(tvb, value_guard(shstrtab_offset +
sh_name), NULL);
655 }
656
________________________________________________________________________
CID 1111811: Unintended sign extension (SIGN_EXTENSION)
/epan/dissectors/file-elf.c: 1418 ( sign_extension)
1415
1416 offset += 4;
1417
>>> Suspicious implicit sign extension: "shstrndx" with type "unsigned short"
>>> (16 bits, unsigned) is promoted in "shstrndx * shentsize" to type "int" (32
>>> bits, signed), then sign-extended to type "unsigned long" (64 bits,
>>> unsigned). If "shstrndx * shentsize" is greater than 0x7FFFFFFF, the upper
>>> bits of the result will all be 1.
1418 length = shoff + shstrndx * shentsize + 2 * 4 + 2 *
register_size;
1419 if (register_size == REGISTER_32_SIZE) {
1420 shstrtab_offset = (machine_encoding == ENC_BIG_ENDIAN) ?
1421 tvb_get_ntohl(tvb, value_guard(length)) :
tvb_get_letohl(tvb, value_guard(length));
1422 } else {
________________________________________________________________________
CID 1111810: Unintended sign extension (SIGN_EXTENSION)
/epan/dissectors/file-elf.c: 1271 ( sign_extension)
1268 shnum * shentsize, "Section Header Table [%d entries]",
shnum);
1269 section_header_tree =
proto_item_add_subtree(section_header_item, ett_elf_section_header);
1270
>>> Suspicious implicit sign extension: "shnum" with type "unsigned short" (16
>>> bits, unsigned) is promoted in "ehsize + phnum * phentsize + shnum *
>>> shentsize" to type "int" (32 bits, signed), then sign-extended to type
>>> "unsigned long" (64 bits, unsigned). If "ehsize + phnum * phentsize +
>>> shnum * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result
>>> will all be 1.
1271 file_size = ehsize + phnum * phentsize + shnum * shentsize;
1272
1273 /* Collect infos for blackholes */
1274 segment_info = (segment_info_t *)
wmem_alloc(wmem_packet_scope(), sizeof(segment_info_t) * (shnum + phnum + 3));
1275
________________________________________________________________________
CID 1111809: Unintended sign extension (SIGN_EXTENSION)
/epan/dissectors/file-elf.c: 1271 ( sign_extension)
1268 shnum * shentsize, "Section Header Table [%d entries]",
shnum);
1269 section_header_tree =
proto_item_add_subtree(section_header_item, ett_elf_section_header);
1270
>>> Suspicious implicit sign extension: "shentsize" with type "unsigned short"
>>> (16 bits, unsigned) is promoted in "ehsize + phnum * phentsize + shnum *
>>> shentsize" to type "int" (32 bits, signed), then sign-extended to type
>>> "unsigned long" (64 bits, unsigned). If "ehsize + phnum * phentsize +
>>> shnum * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result
>>> will all be 1.
1271 file_size = ehsize + phnum * phentsize + shnum * shentsize;
1272
1273 /* Collect infos for blackholes */
1274 segment_info = (segment_info_t *)
wmem_alloc(wmem_packet_scope(), sizeof(segment_info_t) * (shnum + phnum + 3));
1275
________________________________________________________________________
CID 1111808: Unintended sign extension (SIGN_EXTENSION)
/epan/dissectors/file-elf.c: 1271 ( sign_extension)
1268 shnum * shentsize, "Section Header Table [%d entries]",
shnum);
1269 section_header_tree =
proto_item_add_subtree(section_header_item, ett_elf_section_header);
1270
>>> Suspicious implicit sign extension: "phnum" with type "unsigned short" (16
>>> bits, unsigned) is promoted in "ehsize + phnum * phentsize + shnum *
>>> shentsize" to type "int" (32 bits, signed), then sign-extended to type
>>> "unsigned long" (64 bits, unsigned). If "ehsize + phnum * phentsize +
>>> shnum * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result
>>> will all be 1.
1271 file_size = ehsize + phnum * phentsize + shnum * shentsize;
1272
1273 /* Collect infos for blackholes */
1274 segment_info = (segment_info_t *)
wmem_alloc(wmem_packet_scope(), sizeof(segment_info_t) * (shnum + phnum + 3));
1275
________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com
To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py
--- End Message ---
