From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 5224 invoked from network); 1 Mar 2023 03:15:37 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 1 Mar 2023 03:15:37 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1677640537; b=DV/AL5thZV50lMZ2u1ptfER+tAUd0HyBpZrdwF2xK6LKUfcP45eRSYJySzwEj6KYTByaLCKFF1 Py/fYWuFXHWHuSTQkkEN2V54Wt9LlwGusWC91Nck+PDll9kt2axl4fT7ZtWS/0Ju+eB5B3/piH 5pstv4GQyv/QHt6GYoFSzeS/Ye6FEJk9+bvjegklCTFWnZBBH7YCiriU31DbfCvezyxMMCQe/z oQwmMKOo+KzZSnG4UQ0KBy9q56hZECPgSUgLQcZqLcmFGYMqOcsTTGg+pCF0pNQlyCX8F5WqKf 28Q1zWIGVGtxKOIw0wJXf/t8GSGP+Mljogx7jwq0sP5MeQ==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (mail-ed1-f50.google.com) smtp.remote-ip=209.85.208.50; dkim=pass header.d=brasslantern-com.20210112.gappssmtp.com header.s=20210112 header.a=rsa-sha256; dmarc=none header.from=brasslantern.com; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1677640537; bh=idV6uOiv5TPfWlyGWtN6j0cLfnCaV1RraCy5AD+MHbQ=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:Content-Type:To:Subject:Message-ID:Date:From:In-Reply-To: References:MIME-Version:DKIM-Signature:DKIM-Signature; b=b67bkgNCgRmsZxGi8NDExy5M2dy3TKxq75pxChVjg2TaorAERolcOFRKAaIvCuHpiGKJQsWxkV u9Io13FNptF9KVVlo5bhvbhq+rBgMylUCY5WqDaeXDdzF8E+X3IDpsa0HmE+IsFmZYKIMxdSs/ B2zZFYQ3duZ1FpKu/OE1VnxQPwmgx/RcgD2OsBRKXFEAmC7ar+btYe/z0FSSQCTAJ12f1aqEgN u6zMS5nthmLmFOYcjkgZKTZTTrY/SorRLWDlak6D0cfwvGtyzBnQZfRlsp4IvrIRi1TANvK9rY invJYPvv5zoHu89DF5eKvbt531mxVSMv8y/1uix551cB8w==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Content-Type:To:Subject:Message-ID: Date:From:In-Reply-To:References:MIME-Version:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=V2xUChSxz68vDulKCJMnn5A5R440DLypGBbdgM08ehc=; b=rOB79Xcb5R8t9p4iEmlqYK1j/q GjGpFnlO08/gllMjZe4gZrQ/e3YIccydrhsrc3esk0fbJG7dxh6XhvOjD1Awv3tGHUF12R81peezo 8TG8HXR9PA4aYhipkwgw5ltIDK7YyX3LbwcNVoGjwWrhASDGx8qWAJM09rKky9lUoA7fR46JLn/wl X5jSWFgbAxOwuDiWMogLX24Be1WObtn+TmWsTP6jRNaMmftegRMXprNrFDlM24uQJIMHIWm4C+7K4 beI5Jmt2FcJIN0xXmT8aYiksiMjDPVefQS8kVQx8/4aalLoBucrVAJNhNrL6rROmU4T8M0tT5Xoxj 0A05tcUg==; Received: by zero.zsh.org with local id 1pXCwK-000BUK-Gz; Wed, 01 Mar 2023 03:15:36 +0000 Authentication-Results: zsh.org; iprev=pass (mail-ed1-f50.google.com) smtp.remote-ip=209.85.208.50; dkim=pass header.d=brasslantern-com.20210112.gappssmtp.com header.s=20210112 header.a=rsa-sha256; dmarc=none header.from=brasslantern.com; arc=none Received: from mail-ed1-f50.google.com ([209.85.208.50]:36569) by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128) id 1pXCuo-000B7g-Fe; Wed, 01 Mar 2023 03:14:02 +0000 Received: by mail-ed1-f50.google.com with SMTP id da10so48500688edb.3 for ; Tue, 28 Feb 2023 19:14:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20210112.gappssmtp.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=V2xUChSxz68vDulKCJMnn5A5R440DLypGBbdgM08ehc=; b=tKVM5lVL5nfOI/aLxg1jxGoKi95QqTvRFE268KuV0h9myMRnSH0dLCP62Yqh3dQ/sa u4j4fTN1VYbzHu9sxgKY8K6sg65SMEbYBvxJ4fi9JqW+/zfmobZD2kCtuAnGGqFj2tJ+ Aac5+ypT7+tc/OyhejTUoXb1UbAqn5Wt+YkkpXHrIAvnVQ8FNjwBPxpE5+XydxdQD3f5 XfKaoXf36S6PPFUHNRCbwPwpe4yBxNkJqpVHTECM/w7tN4E/yrJ5pJP3V/2Uq0c8rxOk vLZnTaTh4PhBMG42kVLEGLfWXmbnmxtzB305jBzvBmipt9SDBgNnw1j/VTWcsYXOGYXj s/2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=V2xUChSxz68vDulKCJMnn5A5R440DLypGBbdgM08ehc=; b=HmUU9aA0peBYuC69itL0izgPrt3ekXcIr5IzcmQtAjw2E7fOhe2MYSGU95FB7YvV5s 5ogK25hDTCs2pzuLqtcCpBm/vqMnVico2zrQC2uiFYvnFW++rgIU2lzYlZxAFYF8lwKU /9s81GUUbrKSODFNUN+v5FWkrChKOdP3M4m9RnPGFBG1YdI/N8RgQDF6aVwpDi7MQe+b Rd7v7oVT4eblH9e2/EbGoifCTvdBejX1sN2hkm4GtiMxna5MxEmHy5jk+6fFSYNCLKNh hR6YTYtJAbloWWp7wzM5aiIb/CVe95jtCW8f1pjpF8YValaQeyGwzjYlWNxkTnR04iq/ g64g== X-Gm-Message-State: AO0yUKWd09ZFszNt4ivJZSqkmtowqYxeClq5ziXzelqPUEVPXH7Iy/24 w0f4rtuKbIdLP0t+aQPPmkSNHf9HvqQ1+WGM1j9ATbLpmI1ubw== X-Google-Smtp-Source: AK7set+WOcp0nPWMVgHoxlfKpyBzT6775wXt4tkO3schaBx2vuEeZLqvjSBsZfuBdcc332hjSqJiza0NMoNnuwL7crk= X-Received: by 2002:a17:906:af0c:b0:878:4a24:1a5c with SMTP id lx12-20020a170906af0c00b008784a241a5cmr2255936ejb.6.1677640442118; Tue, 28 Feb 2023 19:14:02 -0800 (PST) MIME-Version: 1.0 References: <63fdfb42fe26_9c8392b226e1f79b07046a@prd-scan-dashboard-0.mail> In-Reply-To: From: Bart Schaefer Date: Tue, 28 Feb 2023 19:13:51 -0800 Message-ID: Subject: Re: New Defects reported by Coverity Scan for zsh To: Zsh hackers list Content-Type: text/plain; charset="UTF-8" X-Seq: 51498 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: , List-Subscribe: , List-Unsubscribe: , List-Post: List-Owner: List-Archive: Why am I getting this? Who set this up? On Tue, Feb 28, 2023 at 5:01 AM wrote: > > >>> CID 1521554: Control flow issues (MISSING_RESTORE) > >>> Value of non-local "*ss" that was saved in "sav" is not restored as it was along other paths. > 2159 return NULL; Pointer to heap memory, not used again, no need to restore. > /Src/params.c: 6268 in upscope() > >>> Null-checking "pm" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. Caller shouldn't ever pass NULL. Is this going to keep complaining about it? > *** CID 1521548: Memory - illegal accesses (USE_AFTER_FREE) > /Src/builtin.c: 1211 in cd_new_pwd() > 1205 zsfree(getlinknode(dirstack)); > 1206 > 1207 if (chasinglinks) { > 1208 s = findpwd(new_pwd); > 1209 if (s) { > 1210 zsfree(new_pwd); > >>> CID 1521548: Memory - illegal accesses (USE_AFTER_FREE) > >>> Using freed pointer "s". > 1211 new_pwd = s; > 1212 } This is a knock-on to the complaint about findpwd() below. > 7181 if (meta) { > >>> CID 1521546: Uninitialized variables (UNINIT) > >>> Using uninitialized value "t[-1]". > 7182 t[-1] |= 0x80; > 7183 meta = 0; > 7184 } Hm, I guess "t" might not have advanced past its original starting assignment if control passes through the #ifdef MULTIBYTE block about 60 lines earlier, without returning? #ifdef MULTIBYTE_SUPPORT } else if ((how & GETKEY_SINGLE_CHAR) && isset(MULTIBYTE) && (unsigned char) *s > 127) { wint_t wc; int len; len = mb_metacharlenconv(s, &wc); if (wc != WEOF) { *misc = (int)wc; return s + len; } #endif > *** CID 1521545: Resource leaks (RESOURCE_LEAK) > /Src/Modules/param_private.c: 130 in makeprivate() > >>> CID 1521545: Resource leaks (RESOURCE_LEAK) > >>> Variable "gsu" going out of scope leaks the storage it points to. Can't happen unless the definition of PM_TYPE() changes without this code being updated. > *** CID 1521544: Memory - illegal accesses (USE_AFTER_FREE) > /Src/utils.c: 801 in findpwd() > 795 > 796 if (*s == '/') > 797 return xsymlink(s, 0); > 798 s = tricat((pwd[1]) ? pwd : "", "/", s); > 799 t = xsymlink(s, 0); > 800 zsfree(s); > >>> CID 1521544: Memory - illegal accesses (USE_AFTER_FREE) > >>> Using freed pointer "t". > 801 return t; > 802 } Not seeing how it calculates this one, I think xsymlink(s,0) is going to end up returning either a pointer to the static mbuf[] in metafy(), or heap memory. Anyone else see an alternative? Is it treating mbuf as freed stack even though it is declared static?