[scan-admin at coverity.com: New Defects reported by Coverity Scan for Osmocom]

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Neels Hofmeyr nhofmeyr at sysmocom.de
Wed Oct 19 12:16:11 UTC 2016


Hi,

Please find the latest report on new defect(s) introduced to Osmocom found with Coverity Scan.

2 new defect(s) introduced to Osmocom found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 150437:  Insecure data handling  (TAINTED_SCALAR)
/source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read()


________________________________________________________________________________________________________
*** CID 150437:  Insecure data handling  (TAINTED_SCALAR)
/source-Osmocom/libosmo-abis/src/input/misdn.c: 462 in handle_ts_raw_read()
456     		DEBUGP(DLMIB, "<= RAW CHAN len = %d, prim(0x%x) id(0x%x): %s\n",
457     			ret, hh->prim, hh->id,
458     			get_value_string(prim_names, hh->prim));
459     
460     	switch (hh->prim) {
461     	case PH_DATA_IND:
>>>     CID 150437:  Insecure data handling  (TAINTED_SCALAR)
>>>     Assigning: "msg->l2h" = "msg->data + 8UL". Both are now tainted.
462     		msg->l2h = msg->data + MISDN_HEADER_LEN;
463     		DEBUGP(DLMIB, "RAW CHAN RX: %s\n",
464     			osmo_hexdump(msgb_l2(msg), ret - MISDN_HEADER_LEN));
465     		/* the number of bytes received indicates that data to send */
466     		handle_ts_raw_write(bfd, msgb_l2len(msg));
467     		return e1inp_rx_ts(e1i_ts, msg, 0, 0);

** CID 150436:  API usage errors  (PW.PRINTF_ARG_MISMATCH)
/source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in ()


________________________________________________________________________________________________________
*** CID 150436:  API usage errors  (PW.PRINTF_ARG_MISMATCH)
/source-Osmocom/osmo-pcu/src/tbf_dl.cpp: 310 in ()
304     		msgb_free(msg);
305     		bts->llc_dropped_frame();
306     		continue;
307     	}
308     
309     	if (frames) {
>>>     CID 150436:  API usage errors  (PW.PRINTF_ARG_MISMATCH)
>>>     argument is incompatible with corresponding format string conversion
310     		LOGP(DRLCMACDL, LOGL_NOTICE, "%s Discarding LLC PDU "
311     			"because lifetime limit reached, "
312     			"count=%u new_queue_size=%zu\n",
313     			tbf_name(this), frames, llc_queue_size());
314     		if (frames > 0xff)
315     			frames = 0xff;


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.osmocom.org/pipermail/openbsc/attachments/20161019/ac95ae24/attachment.bin>


More information about the OpenBSC mailing list