Fwd: New Defects reported by Coverity Scan for Das U-Boot
Tom Rini
trini at konsulko.com
Tue Feb 14 15:26:39 CET 2023
---------- Forwarded message ---------
From: <scan-admin at coverity.com>
Date: Mon, Feb 13, 2023, 6:50 PM
Subject: New Defects reported by Coverity Scan for Das U-Boot
To: <tom.rini at gmail.com>
Hi,
Please find the latest report on new defect(s) introduced to Das U-Boot
found with Coverity Scan.
2 new defect(s) introduced to Das U-Boot found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 436073: Resource leaks (RESOURCE_LEAK)
/tools/proftool.c: 1853 in make_flamegraph()
________________________________________________________________________________________________________
*** CID 436073: Resource leaks (RESOURCE_LEAK)
/tools/proftool.c: 1853 in make_flamegraph()
1847
1848 if (make_flame_tree(out_format, &tree))
1849 return -1;
1850
1851 *str = '\0';
1852 if (output_tree(fout, out_format, tree, str, sizeof(str),
0))
>>> CID 436073: Resource leaks (RESOURCE_LEAK)
>>> Variable "tree" going out of scope leaks the storage it points to.
1853 return -1;
1854
1855 return 0;
1856 }
1857
1858 /**
** CID 436072: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 436072: Insecure data handling (TAINTED_SCALAR)
/tools/proftool.c: 515 in read_trace()
509 switch (hdr.type) {
510 case TRACE_CHUNK_FUNCS:
511 /* Ignored at present */
512 break;
513
514 case TRACE_CHUNK_CALLS:
>>> CID 436072: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "hdr.rec_count" to "read_calls", which
uses it as an allocation size.
515 if (read_calls(fin, hdr.rec_count))
516 return 1;
517 break;
518 }
519 }
520 return 0;
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20230214/8d0ed1a2/attachment.sig>
More information about the U-Boot
mailing list