From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED
	autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 9163 invoked from network); 1 Mar 2023 03:50:22 -0000
Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368)
  by inbox.vuxu.org with ESMTPUTF8; 1 Mar 2023 03:50:22 -0000
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20210803; t=1677642622;
	 b=fdCnglHVkAxmSDSflOtw2yttke46R6wi8gwB4S/IjLAN4Bjkzv3uZ9OGU/tAih+FH+LOfSl5os
	  17rZVplaRlSPIt34T2/Hzqd1UQeJyctwMI8KukD+7YA/UjRDHGVXRYRbEyz3UBY2Ybn2JokN7G
	  g4PvO+G1HjDeIx7INqQTzNygC3m3tnE1+gtsrEkZo3pjUAW0RIu0Op9KkkysJsbifJVYgMWW4I
	  7wfqw+rDMt3hw9jbjHtehM0S5bCkhSiR0AFMtvXyKpsF8lId3QjnpCa0b7cf/RXmwp9653GGyQ
	  wr3ICIH9/5RUqBXNQ+cuHRXzESVT5KddiSCrZRrHyeOCZQ==;
ARC-Authentication-Results: i=1; zsh.org;
	iprev=pass (mail-ed1-f50.google.com) smtp.remote-ip=209.85.208.50;
	dkim=pass header.d=gmail.com header.s=20210112 header.a=rsa-sha256;
	dmarc=pass header.from=gmail.com;
	arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20210803; t=1677642622;
	bh=HAvJMa6JtWI9kC7AzkySsr/33PDoXxHCzQfyRuQiw6w=;
	h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help:
	  List-Id:Sender:Content-Type:Cc:To:Subject:Message-ID:Date:From:References:
	  In-Reply-To:MIME-Version:DKIM-Signature:DKIM-Signature;
	b=nDrM/0FOqSViRSNkwbWjUBrdEY0IIr6i+oA3LXD/0KeRTWOT+KbSSQ+Uv1SLPJPUEbFtx4D6mQ
	  z+ho7++4zCJ1w784XSD+CJjhcAPt+cFyqQPw/n4PrAxWtBF9rzFpLu3cow+44oSUDX3DzdqRMV
	  aBufABajn+qTWq9UY/N21z2vXAT9TvlwrxgUSPPyQwRNAYoZg7HgHczyg6PqU/sAnUhXxJOXNa
	  5Sklpz0VpliUKrLtWIrLhKjo86p7AV92Qid1/PXv/7aaI60Ck0Rg6Qu3YzqZmCa1x1oKEgh5wo
	  PIHXpgLe8qBfqv03ijBOFWTSnglVOnTUngdxQVy/TzCiUQ==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org;
	s=rsa-20210803; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:
	List-Subscribe:List-Help:List-Id:Sender:Content-Type:Cc:To:Subject:Message-ID
	:Date:From:References:In-Reply-To:MIME-Version:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID;
	bh=ku8vkacBhr/90QfkIhudlFdmcd3/sE46Adrgfp4giTg=; b=MZYZhXxtcuq6oOGnOSEjZQyymY
	+PDyhb4UsMg59Pyn411YfXqf4Nhb+TvufPiNYCKt2HiEoDwcaE/Ltp91ibes57bk104/VxTRkc+1d
	gijh0o9snqltJxwaN6ZHWAZhzXz4azCbBypujQOjkxal1xl57Ud0b+rLgepQqyHFNYYrQml3l9GWd
	UE0f17UwR32tdzp8rbfkTPG8kB+uf8HmRD/do3aOeRkc93LVLY7AwCvw4JOeChLRBa1+TYdUP/8n4
	NbPuqe/UnuYELfUwmrvA58uEmTgLpbl0Lc+5X5vaFtPgnndb7B5Ih3+kOKDU1CfdolwJsBrscPa8+
	VM/LW/ig==;
Received: by zero.zsh.org with local
	id 1pXDTy-000Czi-Ag;
	Wed, 01 Mar 2023 03:50:22 +0000
Authentication-Results: zsh.org;
	iprev=pass (mail-ed1-f50.google.com) smtp.remote-ip=209.85.208.50;
	dkim=pass header.d=gmail.com header.s=20210112 header.a=rsa-sha256;
	dmarc=pass header.from=gmail.com;
	arc=none
Received: from mail-ed1-f50.google.com ([209.85.208.50]:42905)
	by zero.zsh.org with esmtps (TLS1.3:TLS_AES_128_GCM_SHA256:128)
	id 1pXDTf-000Cfn-Nv;
	Wed, 01 Mar 2023 03:50:04 +0000
Received: by mail-ed1-f50.google.com with SMTP id o12so48554362edb.9
        for <zsh-workers@zsh.org>; Tue, 28 Feb 2023 19:50:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=ku8vkacBhr/90QfkIhudlFdmcd3/sE46Adrgfp4giTg=;
        b=UaoiLsNoI+K1A2dPObksG2MWlaHWGJNa8zMdgoW1E8cs373Rm+IbhceidJi24yWVkY
         bBPhkMr3H4q19oKtos2VyKgq0pAaLAba/b6cnvnZQBlJ1O6advB+btfT358ByjIMXwMl
         QodK4zYurUqaTzW2kIBkiJl0/umYJMfSa5iwd476N1tW/KjH5MRZVTG3o2qn/4tnC0B0
         Yhm//1TBtq3WR7pTmzjJCAl5h5Cj65x9S2x+PWT3HX74dp9ju/PMYa5KdN2GKOJI06cL
         6qb8lbY/Usj+1creL2kGg2F9u0qX2+RJdZL9TtiPS9+QUkchxg1bB0QOvpuXaBiMiNwk
         n99g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:references:in-reply-to
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ku8vkacBhr/90QfkIhudlFdmcd3/sE46Adrgfp4giTg=;
        b=x8wlU7u/Jux1PlhTN8OscMVqMPdUsCt6xF4dBkCGWvCtvtqdzzfLuCzhDJE+Pt1Kl/
         mS0qXZTYlwDaDP68bt6A44/9YX4iIaoxET0HXTaymE6fGTIJjn1xaBO8QlkFMsuKKylt
         SGaez5iEnjdBZeIrSRMlbgvoZ5P0smVrvqRVVBrOLQQXMoUWMheGINF+Z4/42Y5p6wqc
         jwKZ/4rH53/ZJzmCr/SoNgKdOCGgY0NfxFs5711I6QpRm17iuIU4t17HIS4cuQLMS/Pd
         x2jkGJvz5LCkszq2Ute6N1oIk9grhOBH+1vlw+Ws2sdmRdBsSn1wXiOKS0RuRbIeUSlc
         1ChA==
X-Gm-Message-State: AO0yUKUGLFgy5yIHfxsgyVKEanRqpVE2zWaQ8N87GGt12SuyNu6IpIc0
	JasoMlepUgf+Zgh5Hlw61IGAgJiVB/R9B0Cd7cog3vHi
X-Google-Smtp-Source: AK7set/VNESKdzfI3shYg+KjYsuV7cnfO9bgKvHVLTr5PEBthxUP8mb/Wa7HO2/dcHP2faVrs39VNKuQO6kebOHhkdw=
X-Received: by 2002:a17:906:4f99:b0:8af:3e28:acc with SMTP id
 o25-20020a1709064f9900b008af3e280accmr2289044eju.1.1677642603049; Tue, 28 Feb
 2023 19:50:03 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:a17:907:6d9e:b0:8fc:2473:c0d5 with HTTP; Tue, 28 Feb 2023
 19:50:02 -0800 (PST)
In-Reply-To: <CAH+w=7aQPenHX600ixMVmuHsR+y0JrAi6AVDjw=HnNhRg1bBcw@mail.gmail.com>
References: <63fdfb42fe26_9c8392b226e1f79b07046a@prd-scan-dashboard-0.mail>
 <CAH+w=7ZeUFAP3kpFUxuagz9iv+a98SAr4EQ4iXAFvEZBuXc_2A@mail.gmail.com> <CAH+w=7aQPenHX600ixMVmuHsR+y0JrAi6AVDjw=HnNhRg1bBcw@mail.gmail.com>
From: Mikael Magnusson <mikachu@gmail.com>
Date: Wed, 1 Mar 2023 04:50:02 +0100
Message-ID: <CAHYJk3T6h-1qVVLKwcum0T5GR80Umnc9No7=6Thx0KLGngr4iw@mail.gmail.com>
Subject: Re: New Defects reported by Coverity Scan for zsh
To: Bart Schaefer <schaefer@brasslantern.com>
Cc: Zsh hackers list <zsh-workers@zsh.org>
Content-Type: text/plain; charset="UTF-8"
X-Seq: 51499
Archived-At: <https://zsh.org/workers/51499>
X-Loop: zsh-workers@zsh.org
Errors-To: zsh-workers-owner@zsh.org
Precedence: list
Precedence: bulk
Sender: zsh-workers-request@zsh.org
X-no-archive: yes
List-Id: <zsh-workers.zsh.org>
List-Help: <http://www.zsh.org/sympa/help>, <mailto:sympa@zsh.org?subject=HELP>
List-Subscribe: <http://www.zsh.org/sympa/subscribe/zsh-workers>, <mailto:sympa@zsh.org?subject=SUB%20zsh-workers>
List-Unsubscribe: <http://www.zsh.org/sympa/signoff/zsh-workers>, <mailto:sympa@zsh.org?subject=SIG%20zsh-workers>
List-Post: <mailto:zsh-workers@zsh.org>
List-Owner: <mailto:zsh-workers-request@zsh.org>
List-Archive: <http://www.zsh.org/sympa/arc/zsh-workers>

On 3/1/23, Bart Schaefer <schaefer@brasslantern.com> wrote:
> Why am I getting this?  Who set this up?

Presumably at some point you joined the project on coverity (you are
listed as an admin there, I don't think I could have added you against
your will). I think I originally set it up, but I've not run the build
for just over a year. I did today, so that's why you got the little
mail notification.

> On Tue, Feb 28, 2023 at 5:01 AM <scan-admin@coverity.com> wrote:
>>
>> >>>     CID 1521554:  Control flow issues  (MISSING_RESTORE)
>> >>>     Value of non-local "*ss" that was saved in "sav" is not restored
>> >>> as it was along other paths.
>> 2159                    return NULL;
>
> Pointer to heap memory, not used again, no need to restore.
>
>> /Src/params.c: 6268 in upscope()
>> >>>     Null-checking "pm" suggests that it may be null, but it has
>> >>> already been dereferenced on all paths leading to the check.
>
> Caller shouldn't ever pass NULL.  Is this going to keep complaining about
> it?

These mails ideally only include new issues (sometimes if code changes
a bit, it might not realize it's the same thing and include it again),
but it will be listed on the site until someone either changes the
code or marks it as Ignore on the site.

>> *** CID 1521548:  Memory - illegal accesses  (USE_AFTER_FREE)
>> /Src/builtin.c: 1211 in cd_new_pwd()
>> 1205            zsfree(getlinknode(dirstack));
>> 1206
>> 1207         if (chasinglinks) {
>> 1208            s = findpwd(new_pwd);
>> 1209            if (s) {
>> 1210                zsfree(new_pwd);
>> >>>     CID 1521548:  Memory - illegal accesses  (USE_AFTER_FREE)
>> >>>     Using freed pointer "s".
>> 1211                new_pwd = s;
>> 1212            }
>
> This is a knock-on to the complaint about findpwd() below.
>
>> 7181            if (meta) {
>> >>>     CID 1521546:  Uninitialized variables  (UNINIT)
>> >>>     Using uninitialized value "t[-1]".
>> 7182                t[-1] |= 0x80;
>> 7183                meta = 0;
>> 7184            }
>
> Hm, I guess "t" might not have advanced past its original starting
> assignment if control passes through the #ifdef MULTIBYTE block about
> 60 lines earlier, without returning?
>
> #ifdef MULTIBYTE_SUPPORT
>         } else if ((how & GETKEY_SINGLE_CHAR) &&
>                    isset(MULTIBYTE) && (unsigned char) *s > 127) {
>             wint_t wc;
>             int len;
>             len = mb_metacharlenconv(s, &wc);
>             if (wc != WEOF) {
>                 *misc = (int)wc;
>                 return s + len;
>             }
> #endif
>
>
>> *** CID 1521545:  Resource leaks  (RESOURCE_LEAK)
>> /Src/Modules/param_private.c: 130 in makeprivate()
>> >>>     CID 1521545:  Resource leaks  (RESOURCE_LEAK)
>> >>>     Variable "gsu" going out of scope leaks the storage it points to.
>
> Can't happen unless the definition of PM_TYPE() changes without this
> code being updated.
>
>> *** CID 1521544:  Memory - illegal accesses  (USE_AFTER_FREE)
>> /Src/utils.c: 801 in findpwd()
>> 795
>> 796         if (*s == '/')
>> 797             return xsymlink(s, 0);
>> 798         s = tricat((pwd[1]) ? pwd : "", "/", s);
>> 799         t = xsymlink(s, 0);
>> 800         zsfree(s);
>> >>>     CID 1521544:  Memory - illegal accesses  (USE_AFTER_FREE)
>> >>>     Using freed pointer "t".
>> 801         return t;
>> 802     }
>
> Not seeing how it calculates this one, I think xsymlink(s,0) is going
> to end up returning either a pointer to the static mbuf[] in metafy(),
> or heap memory.  Anyone else see an alternative?  Is it treating mbuf
> as freed stack even though it is declared static?

-- 
Mikael Magnusson