Hi,
Please find the latest report on new defect(s) introduced to Osmocom found with Coverity Scan.
2 new defect(s) introduced to Osmocom found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s)
** CID 150437: Insecure data handling (TAINTED_SCALAR) /source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read()
________________________________________________________________________________________________________ *** CID 150437: Insecure data handling (TAINTED_SCALAR) /source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read() 456 DEBUGP(DLMIB, "<= RAW CHAN len = %d, prim(0x%x) id(0x%x): %s\n", 457 ret, hh->prim, hh->id, 458 get_value_string(prim_names, hh->prim)); 459 460 switch (hh->prim) { 461 case PH_DATA_IND:
CID 150437: Insecure data handling (TAINTED_SCALAR) Assigning: "msg->l2h" = "msg->data + 8UL". Both are now tainted.
462 msg->l2h = msg->data + MISDN_HEADER_LEN; 463 DEBUGP(DLMIB, "RAW CHAN RX: %s\n", 464 osmo_hexdump(msgb_l2(msg), ret - MISDN_HEADER_LEN)); 465 /* the number of bytes received indicates that data to send */ 466 handle_ts_raw_write(bfd, msgb_l2len(msg)); 467 return e1inp_rx_ts(e1i_ts, msg, 0, 0);
** CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH) /source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in ()
________________________________________________________________________________________________________ *** CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH) /source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in () 304 msgb_free(msg); 305 bts->llc_dropped_frame(); 306 continue; 307 } 308 309 if (frames) {
CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH) argument is incompatible with corresponding format string conversion
310 LOGP(DRLCMACDL, LOGL_NOTICE, "%s Discarding LLC PDU " 311 "because lifetime limit reached, " 312 "count=%u new_queue_size=%zu\n", 313 tbf_name(this), frames, llc_queue_size()); 314 if (frames > 0xff) 315 frames = 0xff;
Hi.
I appreciate your intention on making code better but do you really think that re-posting those emails worth your time? I think all the devs who could fix it are receiving it directly from Coverity already, and for others it just creates additional noise in ML.
I also do not think that there's any urgency with those - we have about 500 of unfixed defects detected by Coverity so far, +-2 do not make big difference compared to that amount.
On 10/19/2016 02:16 PM, Neels Hofmeyr wrote:
Hi,
Please find the latest report on new defect(s) introduced to Osmocom found with Coverity Scan.
2 new defect(s) introduced to Osmocom found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s)
** CID 150437: Insecure data handling (TAINTED_SCALAR) /source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read()
*** CID 150437: Insecure data handling (TAINTED_SCALAR) /source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read() 456 DEBUGP(DLMIB, "<= RAW CHAN len = %d, prim(0x%x) id(0x%x): %s\n", 457 ret, hh->prim, hh->id, 458 get_value_string(prim_names, hh->prim)); 459 460 switch (hh->prim) { 461 case PH_DATA_IND:
CID 150437: Insecure data handling (TAINTED_SCALAR) Assigning: "msg->l2h" = "msg->data + 8UL". Both are now tainted.462 msg->l2h = msg->data + MISDN_HEADER_LEN; 463 DEBUGP(DLMIB, "RAW CHAN RX: %s\n", 464 osmo_hexdump(msgb_l2(msg), ret - MISDN_HEADER_LEN)); 465 /* the number of bytes received indicates that data to send */ 466 handle_ts_raw_write(bfd, msgb_l2len(msg)); 467 return e1inp_rx_ts(e1i_ts, msg, 0, 0);
** CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH) /source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in ()
*** CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH) /source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in () 304 msgb_free(msg); 305 bts->llc_dropped_frame(); 306 continue; 307 } 308 309 if (frames) {
CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH) argument is incompatible with corresponding format string conversion310 LOGP(DRLCMACDL, LOGL_NOTICE, "%s Discarding LLC PDU " 311 "because lifetime limit reached, " 312 "count=%u new_queue_size=%zu\n", 313 tbf_name(this), frames, llc_queue_size()); 314 if (frames > 0xff) 315 frames = 0xff;
On Wed, Oct 19, 2016 at 02:56:05PM +0200, Max wrote:
I think all the devs who could fix it are receiving it directly from Coverity already
My impression was that we don't. Do we all see these mails? Reading and trying to understand takes me time, the forwarding doesn't. And this mail here takes me time ;)
for others it just creates additional noise in ML.
IMHO justified: on-topic and low volume, easy to skip if you're not interested. But if anyone else complains as well I'll be happy to cease it.
Of course we should also look at the million coverity warnings that aren't new from time to time ;)
~Neels
On Thu, Oct 20, 2016 at 01:11:10PM +0200, Neels Hofmeyr wrote:
On Wed, Oct 19, 2016 at 02:56:05PM +0200, Max wrote:
I think all the devs who could fix it are receiving it directly from Coverity already
My impression was that we don't. Do we all see these mails?
Ah, I see now the list of members on the Osmocom coverity project, quite exhaustive -- even some inactive members are in there. I guess you're right, then. Will only send in case I have comments in the future.
~Neels
On Thu, Oct 20, 2016 at 03:33:30PM +0200, Neels Hofmeyr wrote:
My impression was that we don't. Do we all see these mails?
Ah, I see now the list of members on the Osmocom coverity project, quite exhaustive -- even some inactive members are in there. I guess you're right, then. Will only send in case I have comments in the future.
It might make sense to simply have the reports sent to this mailing list instead of a number of recipients privately. What do you think?
It's not that we're trying to hide bugs in our code. For sure there are plenty...
-
Harald Welte -
Max -
Neels Hofmeyr