---------- Forwarded message --------- From: <scan-ad...@coverity.com> Date: Mon, Feb 13, 2023, 6:50 PM Subject: New Defects reported by Coverity Scan for Das U-Boot To: <tom.r...@gmail.com>
Hi, Please find the latest report on new defect(s) introduced to Das U-Boot found with Coverity Scan. 2 new defect(s) introduced to Das U-Boot found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 436073: Resource leaks (RESOURCE_LEAK) /tools/proftool.c: 1853 in make_flamegraph() ________________________________________________________________________________________________________ *** CID 436073: Resource leaks (RESOURCE_LEAK) /tools/proftool.c: 1853 in make_flamegraph() 1847 1848 if (make_flame_tree(out_format, &tree)) 1849 return -1; 1850 1851 *str = '\0'; 1852 if (output_tree(fout, out_format, tree, str, sizeof(str), 0)) >>> CID 436073: Resource leaks (RESOURCE_LEAK) >>> Variable "tree" going out of scope leaks the storage it points to. 1853 return -1; 1854 1855 return 0; 1856 } 1857 1858 /** ** CID 436072: Insecure data handling (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 436072: Insecure data handling (TAINTED_SCALAR) /tools/proftool.c: 515 in read_trace() 509 switch (hdr.type) { 510 case TRACE_CHUNK_FUNCS: 511 /* Ignored at present */ 512 break; 513 514 case TRACE_CHUNK_CALLS: >>> CID 436072: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted expression "hdr.rec_count" to "read_calls", which uses it as an allocation size. 515 if (read_calls(fin, hdr.rec_count)) 516 return 1; 517 break; 518 } 519 } 520 return 0; -- Tom
signature.asc
Description: PGP signature