Skip to content

last coverity bugs #1166

New issue
New issue
Closed
Closed
last coverity bugs#1166
@radare

Description

@radare
radare
opened on Jun 5, 2018
Hi,

Please find the latest report on new defect(s) introduced to radare2 found with Coverity Scan.

9 new defect(s) introduced to radare2 found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)


** CID 1384363:  Memory - corruptions  (ARRAY_VS_SINGLETON)


________________________________________________________________________________________________________
*** CID 1384363:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/shlr/capstone/arch/M680X/M680XDisassembler.c: 796 in is_sufficient_code_size()
790     		case idx09_hid:
791     			insn_description->insn_size += 1;
792     
793     			if (!read_byte(info, &ir, address++))
794     				retval = false;
795     			else
   CID 1384363:  Memory - corruptions  (ARRAY_VS_SINGLETON)
   Passing "&address" to function "is_indexed09_post_byte_valid" which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
796     				retval = is_indexed09_post_byte_valid(info,
797     						&address, ir, insn_description);
798     
799     			break;
800     
801     		case idx12s_hid:

** CID 1374336:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1748 in TMS320C64x_insn_name()


________________________________________________________________________________________________________
*** CID 1374336:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1748 in TMS320C64x_insn_name()
1742     	// handle special alias first
1743     	for (i = 0; i < ARR_SIZE(alias_insn_names); i++) {
1744     		if (alias_insn_names[i].id == id)
1745     			return alias_insn_names[i].name;
1746     	}
1747     
   CID 1374336:  Memory - illegal accesses  (OVERRUN)
   Overrunning array "insn_name_maps" of 3 16-byte elements at element index 144 (byte offset 2304) using index "id" (which evaluates to 144).
1748     	return insn_name_maps[id].name;
1749     #else
1750     	return NULL;
1751     #endif
1752     }
1753     

** CID 1374332:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1779 in TMS320C64x_group_name()


________________________________________________________________________________________________________
*** CID 1374332:  Memory - illegal accesses  (OVERRUN)
/shlr/capstone/arch/TMS320C64x/TMS320C64xMapping.c: 1779 in TMS320C64x_group_name()
1773     
1774     	for (i = 0; i < ARR_SIZE(group_name_maps); i++) {
1775     		if (group_name_maps[i].id == id)
1776     			return group_name_maps[i].name;
1777     	}
1778     
   CID 1374332:  Memory - illegal accesses  (OVERRUN)
   Overrunning array "group_name_maps" of 7 16-byte elements at element index 132 (byte offset 2112) using index "id" (which evaluates to 132).
1779     	return group_name_maps[id].name;
1780     #else
1781     	return NULL;
1782     #endif
1783     }
1784     

** CID 1374330:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 291 in DecodeMemOperandSc()


________________________________________________________________________________________________________
*** CID 1374330:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 291 in DecodeMemOperandSc()
285     		case 12:
286     		case 13:
287     		case 14:
288     		case 15:
289     			if((offset >= TMS320C64X_REG_A0) && (offset <= TMS320C64X_REG_A31))
290     				offset = (offset - TMS320C64X_REG_A0 + TMS320C64X_REG_B0);
   CID 1374330:  Control flow issues  (DEADCODE)
   Execution cannot reach the expression "offset <= TMS320C64X_REG_B31" inside this statement: "if (offset >= TMS320C64X_RE...".
291     			else if((offset >= TMS320C64X_REG_B0) && (offset <= TMS320C64X_REG_B31))
292     				offset = (offset - TMS320C64X_REG_B0 + TMS320C64X_REG_A0);
293     			offsetreg = getReg(GPRegsDecoderTable, offset);
294     			MCOperand_CreateImm0(Inst, (scaled << 19) | (basereg << 12) | (offsetreg << 5) | (mode << 1) | unit);
295     			break;
296     		default:

** CID 1374328:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 270 in DecodeMemOperandSc()


________________________________________________________________________________________________________
*** CID 1374328:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/TMS320C64x/TMS320C64xDisassembler.c: 270 in DecodeMemOperandSc()
264     	offset = (Val >> 5) & 0x1f;
265     	mode = (Val >> 1) & 0xf;
266     	unit = Val & 1;
267     
268     	if((base >= TMS320C64X_REG_A0) && (base <= TMS320C64X_REG_A31))
269     		base = (base - TMS320C64X_REG_A0 + TMS320C64X_REG_B0);
   CID 1374328:  Control flow issues  (DEADCODE)
   Execution cannot reach the expression "base <= TMS320C64X_REG_B31" inside this statement: "if (base >= TMS320C64X_REG_...".
270     	else if((base >= TMS320C64X_REG_B0) && (base <= TMS320C64X_REG_B31))
271     		base = (base - TMS320C64X_REG_B0 + TMS320C64X_REG_A0);
272     	basereg = getReg(GPRegsDecoderTable, base);
273     
274     	switch(mode) {
275     		case 0:

** CID 1232750:  API usage errors  (SWAPPED_ARGUMENTS)


________________________________________________________________________________________________________
*** CID 1232750:  API usage errors  (SWAPPED_ARGUMENTS)
/shlr/capstone/arch/XCore/XCoreDisassembler.c: 338 in DecodeR2RInstruction()
332     }
333     
334     static DecodeStatus DecodeR2RInstruction(MCInst *Inst, unsigned Insn, uint64_t Address,
335     		void *Decoder)
336     {
337     	unsigned Op1, Op2;
   CID 1232750:  API usage errors  (SWAPPED_ARGUMENTS)
   The positions of arguments in the call to "Decode2OpInstruction" do not match the ordering of the parameters:
* "&Op2" is passed to "Op1"
* "&Op1" is passed to "Op2"
338     	DecodeStatus S = Decode2OpInstruction(Insn, &Op2, &Op1);
339     	if (S != MCDisassembler_Success)
340     		return Decode2OpInstructionFail(Inst, Insn, Address, Decoder);
341     
342     	DecodeGRRegsRegisterClass(Inst, Op1, Address, Decoder);
343     	DecodeGRRegsRegisterClass(Inst, Op2, Address, Decoder);

** CID 1222735:  Incorrect expression  (MIXED_ENUMS)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 1025 in printAM2PreOrOffsetIndexOp()


________________________________________________________________________________________________________
*** CID 1222735:  Incorrect expression  (MIXED_ENUMS)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 1025 in printAM2PreOrOffsetIndexOp()
1019     			SStream_concat0(O, ", ");
1020     			if (tmp > HEX_THRESHOLD)
1021     				SStream_concat(O, "#%s0x%x", ARM_AM_getAddrOpcStr(subtracted), tmp);
1022     			else
1023     				SStream_concat(O, "#%s%u", ARM_AM_getAddrOpcStr(subtracted), tmp);
1024     			if (MI->csh->detail) {
   CID 1222735:  Incorrect expression  (MIXED_ENUMS)
   Mixing enum types "enum arm_shifter" and "enum ARM_AM_AddrOpc" for "type".
1025     				MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].shift.type = (arm_shifter)getAM2Op((unsigned int)MCOperand_getImm(MO3));
1026     				MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].shift.value = tmp;
1027     				MI->flat_insn->detail->arm.operands[MI->flat_insn->detail->arm.op_count].subtracted = subtracted == ARM_AM_sub;
1028     			}
1029     		}
1030     		SStream_concat0(O, "]");

** CID 1216470:  Security best practices violations  (STRING_OVERFLOW)
/shlr/capstone/arch/XCore/XCoreInstPrinter.c: 54 in XCore_insn_extract()


________________________________________________________________________________________________________
*** CID 1216470:  Security best practices violations  (STRING_OVERFLOW)
/shlr/capstone/arch/XCore/XCoreInstPrinter.c: 54 in XCore_insn_extract()
48     void XCore_insn_extract(MCInst *MI, const char *code)
49     {
50     	int id;
51     	char *p, *p2;
52     	char tmp[128];
53     
   CID 1216470:  Security best practices violations  (STRING_OVERFLOW)
   You might overrun the 128-character fixed-size string "tmp" by copying "code" without checking the length.
54     	strcpy(tmp, code); // safe because code is way shorter than 128 bytes
55     
56     	// find the first space
57     	p = strchr(tmp, ' ');
58     	if (p) {
59     		p++;

** CID 1196399:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 2087 in printAddrModeImm12Operand()


________________________________________________________________________________________________________
*** CID 1196399:  Control flow issues  (DEADCODE)
/shlr/capstone/arch/ARM/ARMInstPrinter.c: 2087 in printAddrModeImm12Operand()
2081     		if (OffImm >= 0) {
2082     			if (OffImm > HEX_THRESHOLD)
2083     				SStream_concat(O, ", #0x%x", OffImm);
2084     			else
2085     				SStream_concat(O, ", #%u", OffImm);
2086     		} else {
   CID 1196399:  Control flow issues  (DEADCODE)
   Execution cannot reach this statement: "if (OffImm < -9)
 SStream_...".
2087     			if (OffImm < -HEX_THRESHOLD)
2088     				SStream_concat(O, ", #-0x%x", -OffImm);
2089     			else
2090     				SStream_concat(O, ", #-%u", -OffImm);
2091     		}
2092     	}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions