19 Oct
2016
19 Oct
'16
2:16 p.m.
Hi,
Please find the latest report on new defect(s) introduced to Osmocom found with Coverity
Scan.
2 new defect(s) introduced to Osmocom found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build
analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 150437: Insecure data handling (TAINTED_SCALAR)
/source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read()
________________________________________________________________________________________________________
*** CID 150437: Insecure data handling (TAINTED_SCALAR)
/source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read()
456 DEBUGP(DLMIB, "<= RAW CHAN len = %d, prim(0x%x) id(0x%x): %s\n",
457 ret, hh->prim, hh->id,
458 get_value_string(prim_names, hh->prim));
459
460 switch (hh->prim) {
461 case PH_DATA_IND:
>> CID 150437: Insecure data handling
(TAINTED_SCALAR)
>> Assigning: "msg->l2h" = "msg->data + 8UL". Both are
now tainted.
462 msg->l2h = msg->data + MISDN_HEADER_LEN;
463 DEBUGP(DLMIB, "RAW CHAN RX: %s\n",
464 osmo_hexdump(msgb_l2(msg), ret - MISDN_HEADER_LEN));
465 /* the number of bytes received indicates that data to send */
466 handle_ts_raw_write(bfd, msgb_l2len(msg));
467 return e1inp_rx_ts(e1i_ts, msg, 0, 0);
** CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH)
/source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in ()
________________________________________________________________________________________________________
*** CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH)
/source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in ()
304 msgb_free(msg);
305 bts->llc_dropped_frame();
306 continue;
307 }
308
309 if (frames) {
>> CID 150436: API usage errors
(PW.PRINTF_ARG_MISMATCH)
>> argument is incompatible with corresponding format string conversion
310 LOGP(DRLCMACDL, LOGL_NOTICE, "%s Discarding LLC PDU "
311 "because lifetime limit reached, "
312 "count=%u new_queue_size=%zu\n",
313 tbf_name(this), frames, llc_queue_size());
314 if (frames > 0xff)
315 frames = 0xff;
19 Oct
19 Oct
2:56 p.m.
Hi.
I appreciate your intention on making code better but do you really
think that re-posting those emails worth your time? I think all the devs
who could fix it are receiving it directly from Coverity already, and
for others it just creates additional noise in ML.
I also do not think that there's any urgency with those - we have about
500 of unfixed defects detected by Coverity so far, +-2 do not make big
difference compared to that amount.
On 10/19/2016 02:16 PM, Neels Hofmeyr wrote:
Hi,
Please find the latest report on new defect(s) introduced to Osmocom found with Coverity
Scan.
2 new defect(s) introduced to Osmocom found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build
analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 150437: Insecure data handling (TAINTED_SCALAR)
/source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read()
________________________________________________________________________________________________________
*** CID 150437: Insecure data handling (TAINTED_SCALAR)
/source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read()
456 DEBUGP(DLMIB, "<= RAW CHAN len = %d, prim(0x%x) id(0x%x): %s\n",
457 ret, hh->prim, hh->id,
458 get_value_string(prim_names, hh->prim));
459
460 switch (hh->prim) {
461 case PH_DATA_IND:
--
Max Suraev <msuraev(a)sysmocom.de> http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Alt-Moabit 93
* 10559 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschaeftsfuehrer / Managing Director: Harald Welte
>> CID 150437: Insecure data handling
(TAINTED_SCALAR)
>> Assigning: "msg->l2h" = "msg->data + 8UL". Both are
now tainted.
462 msg->l2h = msg->data + MISDN_HEADER_LEN;
463 DEBUGP(DLMIB, "RAW CHAN RX: %s\n",
464 osmo_hexdump(msgb_l2(msg), ret - MISDN_HEADER_LEN));
465 /* the number of bytes received indicates that data to send */
466 handle_ts_raw_write(bfd, msgb_l2len(msg));
467 return e1inp_rx_ts(e1i_ts, msg, 0, 0);
** CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH)
/source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in ()
________________________________________________________________________________________________________
*** CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH)
/source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in ()
304 msgb_free(msg);
305 bts->llc_dropped_frame();
306 continue;
307 }
308
309 if (frames) {
>> CID 150436: API usage errors
(PW.PRINTF_ARG_MISMATCH)
>> argument is incompatible with corresponding format string conversion
310 LOGP(DRLCMACDL, LOGL_NOTICE, "%s Discarding LLC PDU "
311 "because lifetime limit reached, "
312 "count=%u new_queue_size=%zu\n",
313 tbf_name(this), frames, llc_queue_size());
314 if (frames > 0xff)
315 frames = 0xff;
20 Oct
20 Oct
1:11 p.m.
On Wed, Oct 19, 2016 at 02:56:05PM +0200, Max wrote:
I think all the devs who could fix it are receiving it
directly from Coverity
already
My impression was that we don't. Do we all see these mails?
Reading and trying to understand takes me time, the forwarding doesn't.
And this mail here takes me time ;)
for others it just creates additional noise in ML.
IMHO justified: on-topic and low volume, easy to skip if you're not interested.
But if anyone else complains as well I'll be happy to cease it.
Of course we should also look at the million coverity warnings that aren't new
from time to time ;)
~Neels
3:33 p.m.
On Thu, Oct 20, 2016 at 01:11:10PM +0200, Neels Hofmeyr wrote:
On Wed, Oct 19, 2016 at 02:56:05PM +0200, Max wrote:
Ah, I see now the list of members on the Osmocom coverity project, quite
exhaustive -- even some inactive members are in there. I guess you're right,
then. Will only send in case I have comments in the future.
~Neels
I think all the devs who could fix it are
receiving it directly from Coverity
already
My impression was that we don't. Do we all see these mails? 
22 Oct
22 Oct
8:30 p.m.
On Thu, Oct 20, 2016 at 03:33:30PM +0200, Neels Hofmeyr wrote:
It might make sense to simply have the reports sent to this mailing list
instead of a number of recipients privately. What do you think?
It's not that we're trying to hide bugs in our code. For sure there are
plenty...
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
My impression
was that we don't. Do we all see these mails?
Ah, I see now the list of members on the Osmocom coverity project, quite
exhaustive -- even some inactive members are in there. I guess you're right,
then. Will only send in case I have comments in the future.
3165
days inactive
3168
days old
4 comments
3 participants
participants (3)
-
Harald Welte -
Max -
Neels Hofmeyr