This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.
Neels Hofmeyr nhofmeyr at sysmocom.deHi, Please find the latest report on new defect(s) introduced to Osmocom found with Coverity Scan. 2 new defect(s) introduced to Osmocom found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 150437: Insecure data handling (TAINTED_SCALAR) /source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read() ________________________________________________________________________________________________________ *** CID 150437: Insecure data handling (TAINTED_SCALAR) /source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read() 456 DEBUGP(DLMIB, "<= RAW CHAN len = %d, prim(0x%x) id(0x%x): %s\n", 457 ret, hh->prim, hh->id, 458 get_value_string(prim_names, hh->prim)); 459 460 switch (hh->prim) { 461 case PH_DATA_IND: >>> CID 150437: Insecure data handling (TAINTED_SCALAR) >>> Assigning: "msg->l2h" = "msg->data + 8UL". Both are now tainted. 462 msg->l2h = msg->data + MISDN_HEADER_LEN; 463 DEBUGP(DLMIB, "RAW CHAN RX: %s\n", 464 osmo_hexdump(msgb_l2(msg), ret - MISDN_HEADER_LEN)); 465 /* the number of bytes received indicates that data to send */ 466 handle_ts_raw_write(bfd, msgb_l2len(msg)); 467 return e1inp_rx_ts(e1i_ts, msg, 0, 0); ** CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH) /source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in () ________________________________________________________________________________________________________ *** CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH) /source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in () 304 msgb_free(msg); 305 bts->llc_dropped_frame(); 306 continue; 307 } 308 309 if (frames) { >>> CID 150436: API usage errors (PW.PRINTF_ARG_MISMATCH) >>> argument is incompatible with corresponding format string conversion 310 LOGP(DRLCMACDL, LOGL_NOTICE, "%s Discarding LLC PDU " 311 "because lifetime limit reached, " 312 "count=%u new_queue_size=%zu\n", 313 tbf_name(this), frames, llc_queue_size()); 314 if (frames > 0xff) 315 frames = 0xff; -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://lists.osmocom.org/pipermail/openbsc/attachments/20161019/ac95ae24/attachment.bin>