From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 7021 invoked from network); 19 Oct 2023 04:19:11 -0000 Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368) by inbox.vuxu.org with ESMTPUTF8; 19 Oct 2023 04:19:11 -0000 ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1697689151; b=IKh759zur+SiGW4j6/eqddmdQFnU618FgC2JCYBSvqlpdzpV9uXOf+3H6ABPrD95FE7Xg8jAdI oMhZxIppY2RT/08hp1PSnLr1GxjlZC/g4oDdUs9DtjCKEXfepbTOtsle4CaclNylMnyh3ZK8Xs 8+dGleOOnDqudxzRFVUshzHA+8LUbUIT8svDo6NF8bXRcE32yp3HrDXdzaxak7p4npECv6ObPw 7vicCG0Cb1144+tCMsJQ9ky3njrGTNY3pQAOw5cZ7e8xe6MIKlJljuHoGw38lHuHb64tkAAebf GNKc0Z04tRmxYFRlAk/vIrt8QxTmpA126R9ttzqTUzE5Ng==; ARC-Authentication-Results: i=1; zsh.org; iprev=pass (mail-ed1-f47.google.com) smtp.remote-ip=209.85.208.47; dkim=pass header.d=brasslantern-com.20230601.gappssmtp.com header.s=20230601 header.a=rsa-sha256; dmarc=none header.from=brasslantern.com; arc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1697689151; bh=5xA8yfv6LIe+cUVKFVohiGhy/9GGWRavzv6ZycUoU8U=; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help: List-Id:Sender:Content-Transfer-Encoding:Content-Type:To:Subject:Message-ID: Date:From:In-Reply-To:References:MIME-Version:DKIM-Signature:DKIM-Signature; b=A/LrFwQ/PGzOqLbcrOSo4emoSYr+/O4HiOjemMpnSGzn6BhT3sixgouAjIhSUuyDgvA092dH98 xRtnn/dKDyKQEtcbiPnudE/yblvdZiDkIrFLH8ZGbexA6RgaFA1GJo9lnWORZPIM1uICTdsAwC 5s2vH1PpLrc3Zx3/rmKY51gogxnyPJ+aoVpHnZmCpB2Zkl7RSeo23u4XESZZ7D85EGM0R322Nq QEY+Q4lJFe+Jm3drzbCvAnYQMPxU6YeEZ3YQe6NNE0je+Kz1kW5Ka94RN66CVHtwQdRdoflLnl jTzeeaGyPZP5H2Pbeqs+NcGJG4e6/bV6LXt72do7F29ZOQ==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org; s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe: List-Subscribe:List-Help:List-Id:Sender:Content-Transfer-Encoding: Content-Type:To:Subject:Message-ID:Date:From:In-Reply-To:References: MIME-Version:Reply-To:Cc:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID; bh=NBmK1vHKpGw3XzD1UyzIjC+vCKmx3wH6R3aDa8r7P8g=; b=W23o9OATcWq3mYclwTgX88S9eC /DZfVUye3Xgirx6DfioQWm7CC8BHWVfZ6XLNXcacfk1V1LAp7syDjY8U58jgnZR0pQzBfXkAgFy+G KurSK9WgDtpGp0T4vJOxFyQBFsSZTKf+n38Z1Fd4OKbeYwnYC3BVVK7XBuB0dL0tlo/2fhMizHO9h R283X5zUIm2avMOA97aMUGuTO6ugJ0eoFFWV8Oq6OaafclKASoqDkffxVxgRSwHGam/CAbJIlEPql oeUU6VCT+S5cF2+qhxW55Oi0VS100feuXF+c6Ye83QdzZLhxH3V8K13pqgGf8p0xC9rbzoPeI0Xsi qpiY8+hQ==; Received: by zero.zsh.org with local id 1qtKV5-00023j-1D; Thu, 19 Oct 2023 04:19:11 +0000 Authentication-Results: zsh.org; iprev=pass (mail-ed1-f47.google.com) smtp.remote-ip=209.85.208.47; dkim=pass header.d=brasslantern-com.20230601.gappssmtp.com header.s=20230601 header.a=rsa-sha256; dmarc=none header.from=brasslantern.com; arc=none Received: from mail-ed1-f47.google.com ([209.85.208.47]:48457) by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128) id 1qtKUl-0001mN-Vq; Thu, 19 Oct 2023 04:18:53 +0000 Received: by mail-ed1-f47.google.com with SMTP id 4fb4d7f45d1cf-53e08b60febso11774016a12.1 for ; Wed, 18 Oct 2023 21:18:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brasslantern-com.20230601.gappssmtp.com; s=20230601; t=1697689131; x=1698293931; darn=zsh.org; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=NBmK1vHKpGw3XzD1UyzIjC+vCKmx3wH6R3aDa8r7P8g=; b=JoGH6mqQivjK0H4k3CegbqzhACSjUsxMy7q13wdGKb3b2HdTjBK708bAGdzwqIv3d2 ndSG9F+RmWPMcNnez/og2KHpXSUAJXalyhdTFMyyijfJ5tbRK8+s4AXTrDYiujolwcbt XXy5F5+uELbhnW++pelFpqXGryqOXbSjHg68N1W1QnofzR6SWi5WVwpIDm+iUvn7ZKwH 2FGaUtIRYDkhTU3WYt2KmKGkch/Rew9am+QqRsSeGYGHkvR7wDNN1/r+6kwaO2ZQ61WZ XF43oOHCo9JPrluAJ1Sov75os6nWTd8/P0BusQUANr2En+wxhyk9ON8HWuaakreYSf+F /ypQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697689131; x=1698293931; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NBmK1vHKpGw3XzD1UyzIjC+vCKmx3wH6R3aDa8r7P8g=; b=uOXk5g1tZ4W45NVza/VqtK2NN+a4N052tIy80sYhs67ivIQr0CEx7sHW5aHee0+aMR YOjgbNzC3uBi+hWqHAJ9rMGfKWXz1lmXAeS1lOtzHhZcYkVzP/C19d1/BGaoq9K8r9tU uGQJjojRUYCCo0LuchS6X0GYTYkqVOq2wv6EH+ybjX3s2fu3pqcWIgDUpl1y5JRQUYPK 1+hbTEDoqQIJLYEAqV8jffaO3H4UqnqtuoCajuRgvjOEEAbSXz88gMZxgZCMFp6VuTsb 1c029J3kHdvRdGBH7jZmsxn6TgI/57tRKquPdTdkoyh+OTMCxsSex1w2VPeFlIvj/VHa Wm/A== X-Gm-Message-State: AOJu0Yynvc4YBaQOdpvJxjaIhEe38iR8iCBQ1+4ruX9VnPJj2H1jA3wH E9Duc7v8dyGV7koTcZIvUCnlNhrQ8YFyGoAnl3KRhbzCJPh7hGNg/Bc= X-Google-Smtp-Source: AGHT+IFpQCp0i+rbWvaA4iDOMt1GpGVpMTB2yZdcQzene83gDbCZAWDSM14Wohp5Fh8kQkEYZUev/KLOhFkcfmNWr6E= X-Received: by 2002:a17:907:7ba1:b0:9be:e6d4:575a with SMTP id ne33-20020a1709077ba100b009bee6d4575amr839875ejc.13.1697689131098; Wed, 18 Oct 2023 21:18:51 -0700 (PDT) MIME-Version: 1.0 References: <652dee2ec786c_bbea62e6ad4f459a85503b@prd-scan-dashboard-0.mail> In-Reply-To: From: Bart Schaefer Date: Wed, 18 Oct 2023 21:18:40 -0700 Message-ID: Subject: Fwd: New Defects reported by Coverity Scan for zsh To: Zsh hackers list Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Seq: 52234 Archived-At: X-Loop: zsh-workers@zsh.org Errors-To: zsh-workers-owner@zsh.org Precedence: list Precedence: bulk Sender: zsh-workers-request@zsh.org X-no-archive: yes List-Id: List-Help: , List-Subscribe: , List-Unsubscribe: , List-Post: List-Owner: List-Archive: On Mon, Oct 16, 2023 at 7:15=E2=80=AFPM wrote: > > >>> CID 1547833: Memory - illegal accesses (NEGATIVE_RETURNS) > >>> Using variable "*lineptr" as an index to array "typtab". > /Src/hist.c: 3809 in histsplitwords() Needs cast to (unsigned char) after removal of STOUC() macro. > >>> CID 1547832: Resource leaks (RESOURCE_LEAK) > >>> Variable "buf" going out of scope leaks the storage it points to. > /Src/input.c: 668 in stuff() Pretty sure this is spurious, because zstuff() returns -1 only when it either hasn't allocated or has already freed the storage pointed to by buf. > ** CID 1547831: (UNUSED_VALUE) > /Src/Zle/compresult.c: 2090 in printlist() > /Src/Zle/compresult.c: 1997 in printlist() These appear to be accurate, pnl is always immediately assigned 1 after being assigned 0. Also these appear to have been here forever, not sure why it's just flagged now. > >>> CID 1547830: Error handling issues (CHECKED_RETURN) > >>> "fread(void * restrict, size_t, size_t, FILE * restrict)" returns= the number of bytes read, but it is ignored. > /Src/input.c: 632 in zstuff() This is actually incorrect on Coverity's part -- as already discussed, fread() returns the number of objects read, not the number of bytes. > >>> CID 1547829: Error handling issues (NEGATIVE_RETURNS) > >>> "len" is passed to a parameter that cannot be negative. > /Src/input.c: 632 in zstuff() Is it really necessary to check whether ftell(in) returned error after fseek(in, 0, SEEK_END) ? > >>> CID 1547828: Memory - illegal accesses (NEGATIVE_RETURNS) > >>> Using variable "*s" as an index to array "typtab". > /Src/subst.c: 2559 in paramsubst() More unsigned casting. Maybe inblank() and inull() should just do always cast their argument? There may actually be 2 more of these not yet detected. > *** CID 1547827: Null pointer dereferences (FORWARD_NULL) > /Src/Modules/pcre.c: 370 in bin_pcre_match() > >>> Passing null pointer "named" to "zpcre_get_substrings", which der= eferences it. This is from Oliver's 51738 (PCRE's alternative DFA), I'm not going to interpret futher. > ** CID 1547826: Resource leaks (RESOURCE_LEAK) > /Src/input.c: 655 in ztuff() I guess this theoretically could leak one byte. From an unused subroutine that I didn't bother to delete.