GNU bug report logs -
#47362
important potential issues found by covscan in diffutils-3.7 on fedora
Previous Next
Reported by: than <than <at> redhat.com>
Date: Wed, 24 Mar 2021 14:10:01 UTC
Severity: normal
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#47362: important potential issues found by covscan in diffutils-3.7 on fedora
which was filed against the diffutils package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 47362 <at> debbugs.gnu.org.
--
47362: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=47362
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
[Message part 3 (text/plain, inline)]
Thanks for the bug report. Those are all false alarms or are already
fixed in Gnulib, except for a memory leak in ifdef.c for which I
installed the attached patch. Thanks for reporting the problem.
[0001-diff-plug-memory-leak-in-ifdef.c.patch (text/x-patch, attachment)]
[Message part 5 (message/rfc822, inline)]
[Message part 6 (text/plain, inline)]
Dear diffutil devs,
Covscan found 10important potentialin diffutils-3.7 on fedora. The
Coverity covscan result is attached below. It could be that some of them
are false positive but it's worth checking the coverity covscan result.
Thanks!
Best Regards,
Than
List of Defects:
Error: COMPILER_WARNING (CWE-758): [#def1]
diffutils-3.7/lib/exclude.c:636:18: warning[-Wstringop-overflow=]:
writing 1 byte into a region of size 0
# 636 | buf[buf_count] = line_end;
# | ^
# 634|
# 635| buf = xrealloc (buf, buf_count + 1);
# 636|-> buf[buf_count] = line_end;
# 637| lim = buf + buf_count + ! (buf_count == 0 || buf[buf_count -
1] == line_end);
# 638|
Error: RESOURCE_LEAK (CWE-772): [#def2]
diffutils-3.7/lib/freopen-safer.c:42: open_fn: Returning handle opened
by "open". [Note: The source code implementation of the function has
been overridden by a user model.]
diffutils-3.7/lib/freopen-safer.c:42: var_assign: Assigning: "value" =
handle returned from "open("/dev/null", 0)".
diffutils-3.7/lib/freopen-safer.c:52: leaked_handle: Handle variable
"value" going out of scope leaks the handle.
# 50| return false;
# 51| }
# 52|-> return true;
# 53| }
# 54|
Error: CPPCHECK_WARNING (CWE-401): [#def3]
diffutils-3.7/lib/malloca.c:67: error[memleak]: Memory leak: mem
# 65| ((small_t *) p)[-1] = p - mem;
# 66| /* p sa_alignment_max mod 2*sa_alignment_max. */
# 67|-> return p;
# 68| }
# 69| }
Error: RESOURCE_LEAK (CWE-772): [#def4]
diffutils-3.7/lib/regex_internal.c:1684: alloc_fn: Storage is returned
from allocation function "calloc".
diffutils-3.7/lib/regex_internal.c:1684: var_assign: Assigning:
"newstate" = storage returned from "calloc(112UL, 1UL)".
diffutils-3.7/lib/regex_internal.c:1687: noescape: Resource
"&newstate->nodes" is not freed or pointed-to in "re_node_set_init_copy".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1734: noescape: Resource
"&newstate->nodes" is not freed or pointed-to in "re_node_set_remove_at".
diffutils-3.7/lib/regex_internal.c:1727: leaked_storage: Variable
"newstate" going out of scope leaks the storage it points to.
# 1725| if (re_node_set_init_copy (newstate->entrance_nodes,
nodes)
# 1726| != REG_NOERROR)
# 1727|-> return NULL;
# 1728| nctx_nodes = 0;
# 1729| newstate->has_constraint = 1;
Error: BAD_FREE (CWE-763): [#def5]
diffutils-3.7/src/analyze.c:691: offset_free: "free" frees address
offset from "cmp->file[f].linbuf".
# 689| {
# 690| free (cmp->file[f].equivs);
# 691|-> free (cmp->file[f].linbuf + cmp->file[f].linbuf_base);
# 692| }
# 693|
Error: RESOURCE_LEAK (CWE-772): [#def6]
diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from
allocation function "create_diff3_block".
diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" = storage
returned from "create_diff3_block(low[0], high[0], low[1], high[1],
lowc, highc)".
diffutils-3.7/src/diff3.c:798: leaked_storage: Variable "result" going
out of scope leaks the storage it points to.
# 796| D_LENARRAY (result, FILEC) + result_offset,
# 797| D_NUMLINES (ptr, FC)))
# 798|-> return 0;
# 799| }
# 800|
Error: RESOURCE_LEAK (CWE-772): [#def7]
diffutils-3.7/src/diff3.c:783: alloc_fn: Storage is returned from
allocation function "create_diff3_block".
diffutils-3.7/src/diff3.c:783: var_assign: Assigning: "result" = storage
returned from "create_diff3_block(low[0], high[0], low[1], high[1],
lowc, highc)".
diffutils-3.7/src/diff3.c:827: leaked_storage: Variable "result" going
out of scope leaks the storage it points to.
# 825| D_LENARRAY (result, FILE0 + d) + result_offset,
# 826| D_NUMLINES (ptr, FO)))
# 827|-> return 0;
# 828|
# 829| /* Catch the lines between here and the next diff */
Error: RESOURCE_LEAK (CWE-772): [#def8]
diffutils-3.7/src/ifdef.c:368: alloc_fn: Storage is returned from
allocation function "xmalloc".
diffutils-3.7/src/ifdef.c:368: var_assign: Assigning: "format" = storage
returned from "xmalloc(spec_prefix_len + pI_len + 2UL)".
diffutils-3.7/src/ifdef.c:370: var_assign: Assigning: "p" = "format".
diffutils-3.7/src/ifdef.c:371: noescape: Resource "format" is not freed
or pointed-to in "memcpy". [Note: The source code implementation of the
function has been overridden by a builtin model.]
diffutils-3.7/src/ifdef.c:372: noescape: Resource "format +
spec_prefix_len" is not freed or pointed-to in "memcpy". [Note: The
source code implementation of the function has been overridden by a
builtin model.]
diffutils-3.7/src/ifdef.c:375: noescape: Resource "format" is not freed
or pointed-to in "fprintf". [Note: The source code implementation of the
function has been overridden by a builtin model.]
diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "p" going out of
scope leaks the storage it points to.
diffutils-3.7/src/ifdef.c:379: leaked_storage: Variable "format" going
out of scope leaks the storage it points to.
# 377| free (format);
# 378| #endif
# 379|-> }
# 380| }
# 381| break;
Error: RESOURCE_LEAK (CWE-772): [#def9]
diffutils-3.7/src/sdiff.c:1166: alloc_fn: Storage is returned from
allocation function "xmalloc".
diffutils-3.7/src/sdiff.c:1166: var_assign: Assigning: "buf" = storage
returned from "xmalloc(strlen(dir) + 1UL + 5UL + 6UL + 1UL)".
diffutils-3.7/src/sdiff.c:1168: noescape: Resource "buf" is not freed or
pointed-to in "sprintf". [Note: The source code implementation of the
function has been overridden by a builtin model.]
diffutils-3.7/src/sdiff.c:1169: noescape: Resource "buf" is not freed or
pointed-to in "mkstemp".
diffutils-3.7/src/sdiff.c:1172: leaked_storage: Variable "buf" going out
of scope leaks the storage it points to.
# 1170| if (0 <= fd)
# 1171| tmpname = buf;
# 1172|-> return fd;
# 1173| }
Error: RESOURCE_LEAK (CWE-772): [#def10]
diffutils-3.7/src/util.c:594: alloc_fn: Storage is returned from
allocation function "xstrdup".
diffutils-3.7/src/util.c:594: var_assign: Assigning: "color_buf" =
storage returned from "xstrdup(p)".
diffutils-3.7/src/util.c:594: var_assign: Assigning: "buf" = "color_buf".
diffutils-3.7/src/util.c:702: leaked_storage: Variable "buf" going out
of scope leaks the storage it points to.
diffutils-3.7/src/util.c:702: leaked_storage: Variable "color_buf" going
out of scope leaks the storage it points to.
# 700| colors_enabled = false;
# 701| }
# 702|-> }
# 703|
# 704| static void
[Message part 7 (text/html, inline)]
This bug report was last modified 4 years and 97 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.