Wireshark-dev: [Wireshark-dev] file-elf.c [Was: New Defects reported by Coverity Scan for Wires
From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Fri, 25 Oct 2013 18:05:21 +0200
Some new Coverity warnings for file-elf.c -- Joerg Mayer <jmayer@xxxxxxxxx> We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology.
--- Begin Message ---From: scan-admin@xxxxxxxxxxxxDate: Fri, 25 Oct 2013 05:44:17 -0700Hi, Please find the latest report on new defect(s) introduced to Wireshark found with Coverity Scan Defect(s) Reported-by: Coverity Scan Showing 7 of 11 defects ** CID 1111814: Unused pointer value (UNUSED_VALUE) ** CID 1111813: Unintended sign extension (SIGN_EXTENSION) ** CID 1111812: Unintended sign extension (SIGN_EXTENSION) ** CID 1111811: Unintended sign extension (SIGN_EXTENSION) ** CID 1111810: Unintended sign extension (SIGN_EXTENSION) ** CID 1111809: Unintended sign extension (SIGN_EXTENSION) ** CID 1111808: Unintended sign extension (SIGN_EXTENSION) ________________________________________________________________________ CID 1111814: Unused pointer value (UNUSED_VALUE) /epan/dissectors/file-elf.c: 1390 ( returned_pointer) 1387 1388 name = wmem_strdup_printf(wmem_packet_scope(), "ProgramHeaderEntry #%u", phnum - i_16 - 1); 1389 >>> Pointer "segment_item" returned by "proto_tree_add_text(ph_entry_tree, tvb, value_guard(p_offset), value_guard(segment_size), "Segment")" is never used. 1390 segment_item = proto_tree_add_text(ph_entry_tree, tvb, 1391 value_guard(p_offset), value_guard(segment_size), "Segment"); 1392 1393 file_size += segment_size; 1394 ________________________________________________________________________ CID 1111813: Unintended sign extension (SIGN_EXTENSION) /epan/dissectors/file-elf.c: 652 ( sign_extension) 649 if (shndx > shnum) 650 return NULL; 651 >>> Suspicious implicit sign extension: "shndx" with type "unsigned short" (16 bits, unsigned) is promoted in "shndx * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "shndx * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 652 offset = value_guard(shoff + shndx * shentsize); 653 sh_name = (machine_encoding == ENC_BIG_ENDIAN) ? tvb_get_ntohl(tvb, offset) : tvb_get_letohl(tvb, offset); 654 return tvb_get_const_stringz(tvb, value_guard(shstrtab_offset + sh_name), NULL); 655 } 656 ________________________________________________________________________ CID 1111812: Unintended sign extension (SIGN_EXTENSION) /epan/dissectors/file-elf.c: 652 ( sign_extension) 649 if (shndx > shnum) 650 return NULL; 651 >>> Suspicious implicit sign extension: "shentsize" with type "unsigned short" (16 bits, unsigned) is promoted in "shndx * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "shndx * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 652 offset = value_guard(shoff + shndx * shentsize); 653 sh_name = (machine_encoding == ENC_BIG_ENDIAN) ? tvb_get_ntohl(tvb, offset) : tvb_get_letohl(tvb, offset); 654 return tvb_get_const_stringz(tvb, value_guard(shstrtab_offset + sh_name), NULL); 655 } 656 ________________________________________________________________________ CID 1111811: Unintended sign extension (SIGN_EXTENSION) /epan/dissectors/file-elf.c: 1418 ( sign_extension) 1415 1416 offset += 4; 1417 >>> Suspicious implicit sign extension: "shstrndx" with type "unsigned short" (16 bits, unsigned) is promoted in "shstrndx * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "shstrndx * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 1418 length = shoff + shstrndx * shentsize + 2 * 4 + 2 * register_size; 1419 if (register_size == REGISTER_32_SIZE) { 1420 shstrtab_offset = (machine_encoding == ENC_BIG_ENDIAN) ? 1421 tvb_get_ntohl(tvb, value_guard(length)) : tvb_get_letohl(tvb, value_guard(length)); 1422 } else { ________________________________________________________________________ CID 1111810: Unintended sign extension (SIGN_EXTENSION) /epan/dissectors/file-elf.c: 1271 ( sign_extension) 1268 shnum * shentsize, "Section Header Table [%d entries]", shnum); 1269 section_header_tree = proto_item_add_subtree(section_header_item, ett_elf_section_header); 1270 >>> Suspicious implicit sign extension: "shnum" with type "unsigned short" (16 bits, unsigned) is promoted in "ehsize + phnum * phentsize + shnum * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ehsize + phnum * phentsize + shnum * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 1271 file_size = ehsize + phnum * phentsize + shnum * shentsize; 1272 1273 /* Collect infos for blackholes */ 1274 segment_info = (segment_info_t *) wmem_alloc(wmem_packet_scope(), sizeof(segment_info_t) * (shnum + phnum + 3)); 1275 ________________________________________________________________________ CID 1111809: Unintended sign extension (SIGN_EXTENSION) /epan/dissectors/file-elf.c: 1271 ( sign_extension) 1268 shnum * shentsize, "Section Header Table [%d entries]", shnum); 1269 section_header_tree = proto_item_add_subtree(section_header_item, ett_elf_section_header); 1270 >>> Suspicious implicit sign extension: "shentsize" with type "unsigned short" (16 bits, unsigned) is promoted in "ehsize + phnum * phentsize + shnum * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ehsize + phnum * phentsize + shnum * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 1271 file_size = ehsize + phnum * phentsize + shnum * shentsize; 1272 1273 /* Collect infos for blackholes */ 1274 segment_info = (segment_info_t *) wmem_alloc(wmem_packet_scope(), sizeof(segment_info_t) * (shnum + phnum + 3)); 1275 ________________________________________________________________________ CID 1111808: Unintended sign extension (SIGN_EXTENSION) /epan/dissectors/file-elf.c: 1271 ( sign_extension) 1268 shnum * shentsize, "Section Header Table [%d entries]", shnum); 1269 section_header_tree = proto_item_add_subtree(section_header_item, ett_elf_section_header); 1270 >>> Suspicious implicit sign extension: "phnum" with type "unsigned short" (16 bits, unsigned) is promoted in "ehsize + phnum * phentsize + shnum * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "ehsize + phnum * phentsize + shnum * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 1271 file_size = ehsize + phnum * phentsize + shnum * shentsize; 1272 1273 /* Collect infos for blackholes */ 1274 segment_info = (segment_info_t *) wmem_alloc(wmem_packet_scope(), sizeof(segment_info_t) * (shnum + phnum + 3)); 1275 ________________________________________________________________________ To view the defects in Coverity Scan visit, http://scan.coverity.com To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
--- End Message ---
- Prev by Date: Re: [Wireshark-dev] Updating COL_INFO column during packet dissection
- Next by Date: [Wireshark-dev] GPL2 (not 2+) license in checklicenses.py
- Previous by thread: Re: [Wireshark-dev] Updating COL_INFO column during packet dissection
- Next by thread: [Wireshark-dev] GPL2 (not 2+) license in checklicenses.py
- Index(es):