[bug-diffutils] bug#47362: important potential issues found by covscan i

bug-diffutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-diffutils] bug#47362: important potential issues found by covscan i

From:	than
Subject:	[bug-diffutils] bug#47362: important potential issues found by covscan in diffutils-3.7 on fedora
Date:	Wed, 24 Mar 2021 15:07:15 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1

Dear diffutil devs,

Covscan found 10 important potential in diffutils-3.7 on fedora. The Coverity covscan result is attached below. It could be that some of them are false positive but it's worth checking the coverity covscan result.

Thanks!

Best Regards,

Than

List of Defects:
Error: COMPILER_WARNING (CWE-758): [#def1]
diffutils-3.7/lib/exclude.c:636:18: warning[-Wstringop-overflow=]: writing 1 byte into a region of size 0
# 636 |   buf[buf_count] = line_end;
#      |                  ^
# 634|
# 635|     buf = xrealloc (buf, buf_count + 1);
# 636|->   buf[buf_count] = line_end;
# 637|     lim = buf + buf_count + ! (buf_count == 0 || buf[buf_count - 1] == line_end);
# 638|

Error: RESOURCE_LEAK (CWE-772): [#def2]
diffutils-3.7/lib/freopen-safer.c:42: open_fn: Returning handle opened by "open". [Note: The source code implementation of the function has been overridden by a user model.]
diffutils-3.7/lib/freopen-safer.c:42: var_assign: Assigning: "value" = handle returned from "open("/dev/null", 0)".
diffutils-3.7/lib/freopen-safer.c:52: leaked_handle: Handle variable "value" going out of scope leaks the handle.
#   50|         return false;
#   51|       }
#   52|->   return true;
#   53|   }
#   54|

Error: CPPCHECK_WARNING (CWE-401): [#def3]
diffutils-3.7/lib/malloca.c:67: error[memleak]: Memory leak: mem
#   65|             ((small_t *) p)[-1] = p - mem;
#   66|             /* p sa_alignment_max mod 2*sa_alignment_max. */
#   67|->           return p;
#   68|           }
#   69|       }

Error: RESOURCE_LEAK (CWE-772): [#def4]
diffutils-3.7/lib/regex_internal.c:1684: alloc_fn: Storage is returned from allocation function "calloc".
diffutils-3.7/lib/regex_internal.c:1684: var_assign: Assigning: "newstate" = storage returned from "calloc(112UL, 1UL)".
diffutils-3.7/lib/regex_internal.c:1687: noescape: Resource "&newstate->nodes" is not freed or pointed-to in "re_node_set_init_copy".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource "&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource "&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource "&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1727: leaked_storage: Variable "newstate" going out of scope leaks the storage it points to.
# 1725|             if (re_node_set_init_copy (newstate->entrance_nodes, nodes)
# 1726|           != REG_NOERROR)
# 1727|->         return NULL;
# 1728|             nctx_nodes = 0;
# 1729|             newstate->has_constraint = 1;

Error: BAD_FREE (CWE-763): [#def5]
diffutils-3.7/src/analyze.c:691: offset_free: "free" frees address offset from "cmp->file[f].linbuf".
# 689|       {
# 690|       free (cmp->file[f].equivs);
# 691|->     free (cmp->file[f].linbuf + cmp->file[f].linbuf_base);
# 692|       }
# 693|

Error: RESOURCE_LEAK (CWE-772): [#def6]
diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from allocation function "create_diff3_block".
diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" = storage returned from "create_diff3_block(low[0], high[0], low[1], high[1], lowc, highc)".
diffutils-3.7/src/diff3.c:798: leaked_storage: Variable "result" going out of scope leaks the storage it points to.
# 796|                     D_LENARRAY (result, FILEC) + result_offset,
# 797|                     D_NUMLINES (ptr, FC)))
# 798|->     return 0;
# 799|         }
# 800|

Error: RESOURCE_LEAK (CWE-772): [#def7]
diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from allocation function "create_diff3_block".
diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" = storage returned from "create_diff3_block(low[0], high[0], low[1], high[1], lowc, highc)".
diffutils-3.7/src/diff3.c:827: leaked_storage: Variable "result" going out of scope leaks the storage it points to.
# 825|                   D_LENARRAY (result, FILE0 + d) + result_offset,
# 826|                   D_NUMLINES (ptr, FO)))
# 827|->         return 0;
# 828|
# 829|       /* Catch the lines between here and the next diff */

Error: RESOURCE_LEAK (CWE-772): [#def8]
diffutils-3.7/src/ifdef.c:368: alloc_fn: Storage is returned from allocation function "xmalloc".
diffutils-3.7/src/ifdef.c:368: var_assign: Assigning: "format" = storage returned from "xmalloc(spec_prefix_len + pI_len + 2UL)".
diffutils-3.7/src/ifdef.c:370: var_assign: Assigning: "p" = "format".
diffutils-3.7/src/ifdef.c:371: noescape: Resource "format" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
diffutils-3.7/src/ifdef.c:372: noescape: Resource "format + spec_prefix_len" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
diffutils-3.7/src/ifdef.c:375: noescape: Resource "format" is not freed or pointed-to in "fprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "p" going out of scope leaks the storage it points to.
diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "format" going out of scope leaks the storage it points to.
# 377|           free (format);
# 378|   #endif
# 379|->     }
# 380|         }
# 381|         break;

Error: RESOURCE_LEAK (CWE-772): [#def9]
diffutils-3.7/src/sdiff.c:1166: alloc_fn: Storage is returned from allocation function "xmalloc".
diffutils-3.7/src/sdiff.c:1166: var_assign: Assigning: "buf" = storage returned from "xmalloc(strlen(dir) + 1UL + 5UL + 6UL + 1UL)".
diffutils-3.7/src/sdiff.c:1168: noescape: Resource "buf" is not freed or pointed-to in "sprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
diffutils-3.7/src/sdiff.c:1169: noescape: Resource "buf" is not freed or pointed-to in "mkstemp".
diffutils-3.7/src/sdiff.c:1172: leaked_storage: Variable "buf" going out of scope leaks the storage it points to.
# 1170|     if (0 <= fd)
# 1171|       tmpname = buf;
# 1172|->   return fd;
# 1173|   }

Error: RESOURCE_LEAK (CWE-772): [#def10]
diffutils-3.7/src/util.c:594: alloc_fn: Storage is returned from allocation function "xstrdup".
diffutils-3.7/src/util.c:594: var_assign: Assigning: "color_buf" = storage returned from "xstrdup(p)".
diffutils-3.7/src/util.c:594: var_assign: Assigning: "buf" = "color_buf".
diffutils-3.7/src/util.c:702: leaked_storage: Variable "buf" going out of scope leaks the storage it points to.
diffutils-3.7/src/util.c:702: leaked_storage: Variable "color_buf" going out of scope leaks the storage it points to.
# 700|         colors_enabled = false;
# 701|       }
# 702|-> }
# 703|
# 704|   static void

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-diffutils] bug#47362: important potential issues found by covscan in diffutils-3.7 on fedora, than <=
- [bug-diffutils] bug#47362: bug#47362: important potential issues found by covscan in diffutils-3.7 on fedora, Paul Eggert, 2021/03/24

Next by Date: [bug-diffutils] bug#47362: bug#47362: important potential issues found by covscan in diffutils-3.7 on fedora
Next by thread: [bug-diffutils] bug#47362: bug#47362: important potential issues found by covscan in diffutils-3.7 on fedora
Index(es):
- Date
- Thread