[GRASS-dev] Fwd: New Defects reported by Coverity Scan for grass
Markus Neteler
neteler at osgeo.org
Tue Jan 13 07:09:42 PST 2015
FYI, a scan of r64128 done today:
---------- Forwarded message ----------
From: <scan-admin at coverity.com>
Date: Tue, Jan 13, 2015 at 3:39 PM
Subject: New Defects reported by Coverity Scan for grass
Hi,
Please find the latest report on new defect(s) introduced to grass
found with Coverity Scan.
22 new defect(s) introduced to grass found with Coverity Scan.
32 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 22 defect(s)
** CID 1262578: Explicit null dereferenced (FORWARD_NULL)
/lib/gis/ls.c: 118 in G_ls2()
** CID 1262577: Improper use of negative value (NEGATIVE_RETURNS)
** CID 1262576: Improper use of negative value (NEGATIVE_RETURNS)
** CID 1262575: Improper use of negative value (NEGATIVE_RETURNS)
/lib/vector/Vlib/write_nat.c: 205 in V2_rewrite_line_nat()
** CID 1262574: Resource leak (RESOURCE_LEAK)
/lib/driver/text3.c: 152 in convert_str()
** CID 1262573: Resource leak (RESOURCE_LEAK)
/lib/gis/ls.c: 121 in G_ls2()
** CID 1262572: Resource leak (RESOURCE_LEAK)
/misc/m.nviz.image/vector.c: 86 in load_vectors()
** CID 1262571: Resource leak (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 571 in Vect_snap_lines_list_rtree()
** CID 1262570: Resource leak (RESOURCE_LEAK)
/lib/arraystats/class.c: 245 in AS_class_equiprob()
** CID 1262569: Resource leak (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 889 in Vect_snap_lines_list_rtree()
** CID 1262568: Resource leak (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 527 in Vect_snap_lines_list_kdtree()
** CID 1262567: Resource leak (RESOURCE_LEAK)
/misc/m.nviz.image/volume.c: 46 in load_rasters3d()
** CID 1262565: Copy into fixed size buffer (STRING_OVERFLOW)
/display/d.mon/start.c: 60 in start()
/display/d.mon/start.c: 64 in start()
** CID 1262566: Resource leak (RESOURCE_LEAK)
/misc/m.nviz.image/surface.c: 54 in load_rasters()
** CID 1262564: Resource leak (RESOURCE_LEAK)
/lib/vector/Vlib/ascii.c: 475 in Vect_write_ascii()
** CID 1262563: Unbounded source buffer (STRING_SIZE)
/lib/gis/put_window.c: 48 in G_put_window()
** CID 1262562: Copy into fixed size buffer (STRING_OVERFLOW)
/display/d.vect.thematic/main.c: 189 in main()
** CID 1262561: Unbounded source buffer (STRING_SIZE)
/lib/gis/get_window.c: 65 in G_get_window()
** CID 1262560: Unused value (UNUSED_VALUE)
/lib/vector/Vlib/snap.c: 594 in Vect_snap_lines_list_rtree()
** CID 1262559: Unused value (UNUSED_VALUE)
/lib/vector/Vlib/snap.c: 235 in Vect_snap_lines_list_kdtree()
________________________________________________________________________________________________________
*** CID 1262578: Explicit null dereferenced (FORWARD_NULL)
/lib/gis/ls.c: 118 in G_ls2()
112 dir_listing = (char **)G_realloc(dir_listing, (1 + n)
* sizeof(char *));
113 dir_listing[n] = G_store(dp->d_name);
114 n++;
115 }
116
117 /* Sort list of filenames alphabetically */
>>> CID 1262578: Explicit null dereferenced (FORWARD_NULL)
>>> Passing null pointer "dir_listing" to "qsort", which dereferences it.
118 qsort(dir_listing, n, sizeof(char *), cmp_names);
119
120 *num_files = n;
121 return dir_listing;
122 }
123
________________________________________________________________________________________________________
*** CID 1262577: Improper use of negative value (NEGATIVE_RETURNS)
/lib/vector/Vlib/write_nat.c: 46 in V1_write_line_nat()
40 \return feature offset into file
41 \return -1 on error
42 */
43 off_t V1_write_line_nat(struct Map_info *Map, int type,
44 const struct line_pnts *points, const
struct line_cats *cats)
45 {
>>> CID 1262577: Improper use of negative value (NEGATIVE_RETURNS)
>>> A negative constant "-1L" is passed as an argument to a parameter that cannot be negative.
46 return V1__write_line_nat(Map, -1, type, points, cats);
47 }
48
49 /*!
50 \brief Writes feature to 'coor' file at topological level
(internal use only)
51
________________________________________________________________________________________________________
*** CID 1262576: Improper use of negative value (NEGATIVE_RETURNS)
/lib/vector/Vlib/write_nat.c: 133 in V1_rewrite_line_nat()
127 }
128 else {
129 /* differ -> delete the old and append new */
130 /* delete old */
131 V1_delete_line_nat(Map, offset);
132
>>> CID 1262576: Improper use of negative value (NEGATIVE_RETURNS)
>>> A negative constant "-1L" is passed as an argument to a parameter that cannot be negative.
133 return V1__write_line_nat(Map, -1, type, points, cats);
134 }
135 }
136
137 /*!
138 \brief Rewrites feature to 'coor' file at topological level
(internal use only)
________________________________________________________________________________________________________
*** CID 1262575: Improper use of negative value (NEGATIVE_RETURNS)
/lib/vector/Vlib/write_nat.c: 205 in V2_rewrite_line_nat()
199 offset = old_offset;
200 }
201 else {
202 /* differ -> delete the old and append new */
203 /* delete old */
204 V1_delete_line_nat(Map, old_offset);
>>> CID 1262575: Improper use of negative value (NEGATIVE_RETURNS)
>>> Assigning: "offset" = a negative value.
205 offset = -1;
206 }
207
208 /* delete feature from topology */
209 if (0 != V2__delete_line_from_topo_nat(Map, line, type,
old_points, old_cats))
210 return -1;
________________________________________________________________________________________________________
*** CID 1262574: Resource leak (RESOURCE_LEAK)
/lib/driver/text3.c: 152 in convert_str()
146
147 i = res;
148 cd = iconv_open("UCS-2BE", from);
149 if (cd == (iconv_t) -1)
150 return -1;
151 if (iconv(cd, (char **)&p1, &len, (char **)&p2, &i) ==
(size_t) -1)
>>> CID 1262574: Resource leak (RESOURCE_LEAK)
>>> Variable "cd" going out of scope leaks the storage it points to.
152 return -1;
153 iconv_close(cd);
154
155 res -= i;
156 }
157 #else
________________________________________________________________________________________________________
*** CID 1262573: Resource leak (RESOURCE_LEAK)
/lib/gis/ls.c: 121 in G_ls2()
115 }
116
117 /* Sort list of filenames alphabetically */
118 qsort(dir_listing, n, sizeof(char *), cmp_names);
119
120 *num_files = n;
>>> CID 1262573: Resource leak (RESOURCE_LEAK)
>>> Variable "dfd" going out of scope leaks the storage it points to.
121 return dir_listing;
122 }
123
124 /**
125 * \brief Prints a directory listing to a stream, in
prettified column format
126 *
________________________________________________________________________________________________________
*** CID 1262572: Resource leak (RESOURCE_LEAK)
/misc/m.nviz.image/vector.c: 86 in load_vectors()
80
81 for (i = 0; vect->answers[i]; i++) {
82 mapset = G_find_vector2(vect->answers[i], "");
83 if (mapset == NULL) {
84 G_fatal_error(_("Vector map <%s> not found"), vect->answers[i]);
85 }
>>> CID 1262572: Resource leak (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "G_fully_qualified_name(vect->answers[i], mapset)" leaks it.
86 id = Nviz_new_map_obj(map_obj_type,
87 G_fully_qualified_name(vect->answers[i],
88 mapset), 0.0, data);
89
90 /* set position */
91 x = atof(position->answers[i * 3 + 0]);
________________________________________________________________________________________________________
*** CID 1262571: Resource leak (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 571 in Vect_snap_lines_list_rtree()
565 List = Vect_new_list();
566 if (getenv("GRASS_VECTOR_LOWMEM")) {
567 char *filename = G_tempfile();
568
569 rtreefd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600);
570 remove(filename);
>>> CID 1262571: Resource leak (RESOURCE_LEAK)
>>> Variable "filename" going out of scope leaks the storage it points to.
571 }
572 RTree = RTreeCreateTree(rtreefd, 0, 2);
573
574 thresh2 = thresh * thresh;
575
576 /* Go through all lines in vector, and add each point to
structure of points */
________________________________________________________________________________________________________
*** CID 1262570: Resource leak (RESOURCE_LEAK)
/lib/arraystats/class.c: 245 in AS_class_equiprob()
239 }
240
241 if (j < (*nbreaks)) {
242 G_warning(_("There are classbreaks outside the range
min-max. Number of "
243 "classes reduced to %i, but using
probabilities for %i classes."),
244 j + 1, *nbreaks + 1);
>>> CID 1262570: Resource leak (RESOURCE_LEAK)
>>> Ignoring storage allocated by "G__realloc("lib/arraystats/class.c", 245, classbreaks, j * 8UL)" leaks it.
245 G_realloc(classbreaks, j * sizeof(double));
246 for (i = 0; i < j; i++)
247 classbreaks[i] = 0;
248 }
249
250 j = 0;
________________________________________________________________________________________________________
*** CID 1262569: Resource leak (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 889 in Vect_snap_lines_list_rtree()
883 RTreeDestroyTree(RTree);
884 if (rtreefd >= 0)
885 close(rtreefd);
886
887 G_verbose_message(_("Snapped vertices: %d"), nsnapped);
888 G_verbose_message(_("New vertices: %d"), ncreated);
>>> CID 1262569: Resource leak (RESOURCE_LEAK)
>>> Variable "List" going out of scope leaks the storage it points to.
889 }
890
891
892 /*!
893 \brief Snap lines in vector map to existing vertex in threshold.
894
________________________________________________________________________________________________________
*** CID 1262568: Resource leak (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 527 in Vect_snap_lines_list_kdtree()
521 G_free(Index);
522 G_free(New);
523 kdtree_destroy(KDTree);
524
525 G_verbose_message(_("Snapped vertices: %d"), nsnapped);
526 G_verbose_message(_("New vertices: %d"), ncreated);
>>> CID 1262568: Resource leak (RESOURCE_LEAK)
>>> Variable "List" going out of scope leaks the storage it points to.
527 }
528
529 static void
530 Vect_snap_lines_list_rtree(struct Map_info *Map, const struct
ilist *List_lines,
531 double thresh, struct Map_info *Err)
532 {
________________________________________________________________________________________________________
*** CID 1262567: Resource leak (RESOURCE_LEAK)
/misc/m.nviz.image/volume.c: 46 in load_rasters3d()
40 mapset = G_find_raster3d(params->volume->answers[i], "");
41 if (mapset == NULL) {
42 G_fatal_error(_("3d raster map <%s> not found"),
43 params->volume->answers[i]);
44 }
45
>>> CID 1262567: Resource leak (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "G_fully_qualified_name(params->volume->answers[i], mapset)" leaks it.
46 id = Nviz_new_map_obj(MAP_OBJ_VOL,
47 G_fully_qualified_name(params->volume->
48 answers[i], mapset), 0.0,
49 data);
50
51 /* set position */
________________________________________________________________________________________________________
*** CID 1262565: Copy into fixed size buffer (STRING_OVERFLOW)
/display/d.mon/start.c: 60 in start()
54 G_fatal_error(_("Unable to get current working directory"));
55 ptr = output_path + strlen(output_path) - 1;
56 if (*(ptr++) != HOST_DIRSEP) {
57 *(ptr++) = HOST_DIRSEP;
58 *(ptr) = '\0';
59 }
>>> CID 1262565: Copy into fixed size buffer (STRING_OVERFLOW)
>>> You might overrun the 4096 byte fixed-size string "output_path" by copying "output_name" without checking the length.
60 strcat(output_path, output_name);
61 G_message(_("Output file: %s"), output_path);
62 }
63 else {
64 strcpy(output_path, output_name); /* already full path */
65 }
/display/d.mon/start.c: 64 in start()
58 *(ptr) = '\0';
59 }
60 strcat(output_path, output_name);
61 G_message(_("Output file: %s"), output_path);
62 }
63 else {
>>> CID 1262565: Copy into fixed size buffer (STRING_OVERFLOW)
>>> You might overrun the 4096 byte fixed-size string "output_path" by copying "output_name" without checking the length.
64 strcpy(output_path, output_name); /* already full path */
65 }
66
67 env_name = NULL;
68 G_asprintf(&env_name, "MONITOR_%s_MAPFILE", G_store_upper(name));
69 G_setenv(env_name, output_path);
________________________________________________________________________________________________________
*** CID 1262566: Resource leak (RESOURCE_LEAK)
/misc/m.nviz.image/surface.c: 54 in load_rasters()
48 mapset = G_find_raster2(params->elev_map->answers[i], "");
49 if (mapset == NULL) {
50 G_fatal_error(_("Raster map <%s> not found"),
51 params->elev_map->answers[i]);
52 }
53
>>> CID 1262566: Resource leak (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by "G_fully_qualified_name(params->elev_map->answers[i], mapset)" leaks it.
54 id = Nviz_new_map_obj(MAP_OBJ_SURF,
55 G_fully_qualified_name(params->
56 elev_map->answers[i],
57 mapset), 0.0, data);
58 }
59 else {
________________________________________________________________________________________________________
*** CID 1262564: Resource leak (RESOURCE_LEAK)
/lib/vector/Vlib/ascii.c: 475 in Vect_write_ascii()
469 col_name =
db_get_column_name(db_get_table_column(Table, j));
470 G_important_message("%s", col_name);
471 }
472 G_warning(_("Export cancelled"));
473 db_close_database(driver);
474 db_shutdown_driver(driver);
>>> CID 1262564: Resource leak (RESOURCE_LEAK)
>>> Variable "Table" going out of scope leaks the storage it points to.
475 return -1;
476 }
477 }
478 i++;
479 }
480 columns[icol] = NULL;
________________________________________________________________________________________________________
*** CID 1262563: Unbounded source buffer (STRING_SIZE)
/lib/gis/put_window.c: 48 in G_put_window()
42 * \return -1 on error (no diagnostic message is printed)
43 *
44 * \sa G_get_window(), G_set_window(), python.core.use_temp_region()
45 */
46 int G_put_window(const struct Cell_head *window)
47 {
>>> CID 1262563: Unbounded source buffer (STRING_SIZE)
>>> Assigning: "wind" = "getenv". "wind" is now tainted.
48 char *wind = getenv("WIND_OVERRIDE");
49
50 return wind ? G_put_element_window(window, "windows", wind)
51 : G_put_element_window(window, "", "WIND");
52 }
53
________________________________________________________________________________________________________
*** CID 1262562: Copy into fixed size buffer (STRING_OVERFLOW)
/display/d.vect.thematic/main.c: 189 in main()
183 verbose = TRUE;
184
185 G_get_set_window(&window);
186
187 /* Read map options */
188
>>> CID 1262562: Copy into fixed size buffer (STRING_OVERFLOW)
>>> You might overrun the 128 byte fixed-size string "map_name" by copying "map_opt->answer" without checking the length.
189 strcpy(map_name, map_opt->answer);
190
191 /* open vector */
192 level = Vect_open_old(&Map, map_name, "");
193
194 if (level < 2)
________________________________________________________________________________________________________
*** CID 1262561: Unbounded source buffer (STRING_SIZE)
/lib/gis/get_window.c: 65 in G_get_window()
59 if (regvar) {
60 char **tokens = G_tokenize(regvar, ";");
61 G__read_Cell_head_array(tokens, &st->dbwindow, 0);
62 G_free_tokens(tokens);
63 }
64 else {
>>> CID 1262561: Unbounded source buffer (STRING_SIZE)
>>> Assigning: "wind" = "getenv". "wind" is now tainted.
65 char *wind = getenv("WIND_OVERRIDE");
66 if (wind)
67 G_get_element_window(&st->dbwindow, "windows", wind, G_mapset());
68 else
69 G_get_element_window(&st->dbwindow, "", "WIND", G_mapset());
70 }
________________________________________________________________________________________________________
*** CID 1262560: Unused value (UNUSED_VALUE)
/lib/vector/Vlib/snap.c: 594 in Vect_snap_lines_list_rtree()
588 line = List_lines->value[line_idx];
589
590 G_debug(3, "line = %d", line);
591 if (!Vect_line_alive(Map, line))
592 continue;
593
>>> CID 1262560: Unused value (UNUSED_VALUE)
>>> Value from "Vect_read_line(Map, Points, Cats, line)" is assigned to "ltype" here, but that stored value is not used before it is overwritten.
594 ltype = Vect_read_line(Map, Points, Cats, line);
595
596 for (v = 0; v < Points->n_points; v++) {
597 G_debug(3, " vertex v = %d", v);
598 nvertices++;
599
________________________________________________________________________________________________________
*** CID 1262559: Unused value (UNUSED_VALUE)
/lib/vector/Vlib/snap.c: 235 in Vect_snap_lines_list_kdtree()
229 line = List_lines->value[line_idx];
230
231 G_debug(3, "line = %d", line);
232 if (!Vect_line_alive(Map, line))
233 continue;
234
>>> CID 1262559: Unused value (UNUSED_VALUE)
>>> Value from "Vect_read_line(Map, Points, Cats, line)" is assigned to "ltype" here, but that stored value is not used before it is overwritten.
235 ltype = Vect_read_line(Map, Points, Cats, line);
236
237 for (v = 0; v < Points->n_points; v++) {
238 G_debug(3, " vertex v = %d", v);
239 nvertices++;
240
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/1038?tab=overview
More information about the grass-dev
mailing list