develooper Front page | perl.perl5.porters | Postings from February 2015

new Coverity "high impact" findings

Thread Next
From:
Jarkko Hietaniemi
Date:
February 17, 2015 13:06
Subject:
new Coverity "high impact" findings
Message ID:
54E33CD1.8010305@iki.fi
After a few months of Coverity being broken for me, I recently
(8a6d8ec6) managed to get it running again.  Here are the four new
(or newly detected, they do keep enhancing the detection engine)
"high impact" issues it found.

I'm just pasting these here since I'm out of tuits.  I think you can
also just go to "scan.coverity.com" and take a look at "perl5" project.

(Note: I'm running the analysis with -DDEBUGGING -Dusethreads, to get
better exposure for the code.)

========
CID 104971 - Uninitialized scalar variable (UNINIT)

   95. uninit_use: Using uninitialized value hash_index.
   sv.c: 7039   ((XPVMG*) SvANY(sv))->xmg_u.xmg_hash_index = hash_index;

   The variable will contain an arbitrary value left from earlier
   computations.

   In Perl_sv_clear: The variable will contain an arbitrary value left
   from earlier computations.

   http://cwe.mitre.org/data/definitions/457.html

========
CID 104799 - Resource leak (RESOURCE_LEAK)

   145. leaked_storage: Variable action_ptr going out of scope leaks the 
storage it points to.
   146. leaked_storage: Variable arg going out of scope leaks the 
storage it points to.
   147. leaked_storage: Variable arg_buf going out of scope leaks the 
storage it points to.

   op.c:12589    return;

   The system resource will not be reclaimed and reused,
   reducing the future availability of the resource.

   In S_maybe_multideref: Leak of memory or pointers to system resources

   http://cwe.mitre.org/data/definitions/404.html

========
CID 104764 - Out-of-bounds access (ARRAY_VS_SINGLETON)

   49. ptr_arith: Using svp as an array. This might corrupt or 
misinterpret adjacent memory locations.
   sv.c:6674            svp++;

   Memory not owned by this buffer will be accessed, causing memory
   corruption or incorrect computations.

   In Perl_sv_kill_backrefs: Access of memory past the end of
   a memory buffer

   http://cwe.mitre.org/data/definitions/119.html

========
CID 104851 - Negative array index read (NEGATIVE_RETURNS)

   84. negative_returns: Using variable enum_label as an index to array 
PL_op_private_labels.

   dump.c:905    sv_catpv(tmpsv, &PL_op_private_labels[enum_label]);

   A memory location at a negative offset from the beginning of
   the array will be read, resulting in incorrect values.

   In Perl_do_op_dump: Negative value used to index an array
   in a read operation

   http://cwe.mitre.org/data/definitions/129.html

__EOF__




Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About