Wireshark-dev: [Wireshark-dev] file-elf.c [Was: New Defects reported by Coverity Scan for Wires

From: Joerg Mayer <jmayer@xxxxxxxxx>
Date: Fri, 25 Oct 2013 18:05:21 +0200
Some new Coverity warnings for file-elf.c
-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
--- Begin Message ---
Date: Fri, 25 Oct 2013 05:44:17 -0700
Hi,

Please find the latest report on new defect(s) introduced to Wireshark found with Coverity Scan

Defect(s) Reported-by: Coverity Scan
Showing 7 of 11 defects
	
** CID 1111814: Unused pointer value (UNUSED_VALUE)

** CID 1111813: Unintended sign extension (SIGN_EXTENSION)

** CID 1111812: Unintended sign extension (SIGN_EXTENSION)

** CID 1111811: Unintended sign extension (SIGN_EXTENSION)

** CID 1111810: Unintended sign extension (SIGN_EXTENSION)

** CID 1111809: Unintended sign extension (SIGN_EXTENSION)

** CID 1111808: Unintended sign extension (SIGN_EXTENSION)


________________________________________________________________________
CID 1111814: Unused pointer value (UNUSED_VALUE)

/epan/dissectors/file-elf.c: 1390 ( returned_pointer)
   1387    
   1388                name = wmem_strdup_printf(wmem_packet_scope(), "ProgramHeaderEntry #%u", phnum - i_16 - 1);
   1389    
>>> Pointer "segment_item" returned by "proto_tree_add_text(ph_entry_tree, tvb, value_guard(p_offset), value_guard(segment_size), "Segment")" is never used.
   1390                segment_item = proto_tree_add_text(ph_entry_tree, tvb,
   1391                        value_guard(p_offset), value_guard(segment_size), "Segment");
   1392    
   1393                file_size += segment_size;
   1394    
  
________________________________________________________________________
CID 1111813: Unintended sign extension (SIGN_EXTENSION)

/epan/dissectors/file-elf.c: 652 ( sign_extension)
   649        if (shndx > shnum)
   650            return NULL;
   651    
>>> Suspicious implicit sign extension: "shndx" with type "unsigned short" (16 bits, unsigned) is promoted in "shndx * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "shndx * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
   652        offset = value_guard(shoff + shndx * shentsize);
   653        sh_name = (machine_encoding == ENC_BIG_ENDIAN) ? tvb_get_ntohl(tvb, offset) : tvb_get_letohl(tvb, offset);
   654        return tvb_get_const_stringz(tvb, value_guard(shstrtab_offset + sh_name), NULL);
   655    }
   656    
  
________________________________________________________________________
CID 1111812: Unintended sign extension (SIGN_EXTENSION)

/epan/dissectors/file-elf.c: 652 ( sign_extension)
   649        if (shndx > shnum)
   650            return NULL;
   651    
>>> Suspicious implicit sign extension: "shentsize" with type "unsigned short" (16 bits, unsigned) is promoted in "shndx * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "shndx * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
   652        offset = value_guard(shoff + shndx * shentsize);
   653        sh_name = (machine_encoding == ENC_BIG_ENDIAN) ? tvb_get_ntohl(tvb, offset) : tvb_get_letohl(tvb, offset);
   654        return tvb_get_const_stringz(tvb, value_guard(shstrtab_offset + sh_name), NULL);
   655    }
   656    
  
________________________________________________________________________
CID 1111811: Unintended sign extension (SIGN_EXTENSION)

/epan/dissectors/file-elf.c: 1418 ( sign_extension)
   1415    
   1416            offset += 4;
   1417    
>>> Suspicious implicit sign extension: "shstrndx" with type "unsigned short" (16 bits, unsigned) is promoted in "shstrndx * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "shstrndx * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
   1418            length = shoff + shstrndx * shentsize + 2 * 4 + 2 * register_size;
   1419            if (register_size == REGISTER_32_SIZE) {
   1420                shstrtab_offset = (machine_encoding == ENC_BIG_ENDIAN) ?
   1421                        tvb_get_ntohl(tvb, value_guard(length)) : tvb_get_letohl(tvb, value_guard(length));
   1422            } else {
  
________________________________________________________________________
CID 1111810: Unintended sign extension (SIGN_EXTENSION)

/epan/dissectors/file-elf.c: 1271 ( sign_extension)
   1268                shnum * shentsize, "Section Header Table [%d entries]", shnum);
   1269        section_header_tree = proto_item_add_subtree(section_header_item, ett_elf_section_header);
   1270    
>>> Suspicious implicit sign extension: "shnum" with type "unsigned short" (16 bits, unsigned) is promoted in "ehsize + phnum * phentsize + shnum * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "ehsize + phnum * phentsize + shnum * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
   1271        file_size = ehsize + phnum * phentsize + shnum * shentsize;
   1272    
   1273        /* Collect infos for blackholes */
   1274        segment_info = (segment_info_t *) wmem_alloc(wmem_packet_scope(), sizeof(segment_info_t) * (shnum + phnum + 3));
   1275    
  
________________________________________________________________________
CID 1111809: Unintended sign extension (SIGN_EXTENSION)

/epan/dissectors/file-elf.c: 1271 ( sign_extension)
   1268                shnum * shentsize, "Section Header Table [%d entries]", shnum);
   1269        section_header_tree = proto_item_add_subtree(section_header_item, ett_elf_section_header);
   1270    
>>> Suspicious implicit sign extension: "shentsize" with type "unsigned short" (16 bits, unsigned) is promoted in "ehsize + phnum * phentsize + shnum * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "ehsize + phnum * phentsize + shnum * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
   1271        file_size = ehsize + phnum * phentsize + shnum * shentsize;
   1272    
   1273        /* Collect infos for blackholes */
   1274        segment_info = (segment_info_t *) wmem_alloc(wmem_packet_scope(), sizeof(segment_info_t) * (shnum + phnum + 3));
   1275    
  
________________________________________________________________________
CID 1111808: Unintended sign extension (SIGN_EXTENSION)

/epan/dissectors/file-elf.c: 1271 ( sign_extension)
   1268                shnum * shentsize, "Section Header Table [%d entries]", shnum);
   1269        section_header_tree = proto_item_add_subtree(section_header_item, ett_elf_section_header);
   1270    
>>> Suspicious implicit sign extension: "phnum" with type "unsigned short" (16 bits, unsigned) is promoted in "ehsize + phnum * phentsize + shnum * shentsize" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "ehsize + phnum * phentsize + shnum * shentsize" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
   1271        file_size = ehsize + phnum * phentsize + shnum * shentsize;
   1272    
   1273        /* Collect infos for blackholes */
   1274        segment_info = (segment_info_t *) wmem_alloc(wmem_packet_scope(), sizeof(segment_info_t) * (shnum + phnum + 3));
   1275    
  
________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com

To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py

--- End Message ---