[GRASS-dev] Fwd: New Defects reported by Coverity Scan for grass

Markus Neteler neteler at osgeo.org
Tue Jan 13 07:09:42 PST 2015


FYI, a scan of r64128 done today:


---------- Forwarded message ----------
From:  <scan-admin at coverity.com>
Date: Tue, Jan 13, 2015 at 3:39 PM
Subject: New Defects reported by Coverity Scan for grass

Hi,

Please find the latest report on new defect(s) introduced to grass
found with Coverity Scan.

22 new defect(s) introduced to grass found with Coverity Scan.
32 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 22 defect(s)


** CID 1262578:  Explicit null dereferenced  (FORWARD_NULL)
/lib/gis/ls.c: 118 in G_ls2()

** CID 1262577:  Improper use of negative value  (NEGATIVE_RETURNS)

** CID 1262576:  Improper use of negative value  (NEGATIVE_RETURNS)

** CID 1262575:  Improper use of negative value  (NEGATIVE_RETURNS)
/lib/vector/Vlib/write_nat.c: 205 in V2_rewrite_line_nat()

** CID 1262574:  Resource leak  (RESOURCE_LEAK)
/lib/driver/text3.c: 152 in convert_str()

** CID 1262573:  Resource leak  (RESOURCE_LEAK)
/lib/gis/ls.c: 121 in G_ls2()

** CID 1262572:  Resource leak  (RESOURCE_LEAK)
/misc/m.nviz.image/vector.c: 86 in load_vectors()

** CID 1262571:  Resource leak  (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 571 in Vect_snap_lines_list_rtree()

** CID 1262570:  Resource leak  (RESOURCE_LEAK)
/lib/arraystats/class.c: 245 in AS_class_equiprob()

** CID 1262569:  Resource leak  (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 889 in Vect_snap_lines_list_rtree()

** CID 1262568:  Resource leak  (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 527 in Vect_snap_lines_list_kdtree()

** CID 1262567:  Resource leak  (RESOURCE_LEAK)
/misc/m.nviz.image/volume.c: 46 in load_rasters3d()

** CID 1262565:  Copy into fixed size buffer  (STRING_OVERFLOW)
/display/d.mon/start.c: 60 in start()
/display/d.mon/start.c: 64 in start()

** CID 1262566:  Resource leak  (RESOURCE_LEAK)
/misc/m.nviz.image/surface.c: 54 in load_rasters()

** CID 1262564:  Resource leak  (RESOURCE_LEAK)
/lib/vector/Vlib/ascii.c: 475 in Vect_write_ascii()

** CID 1262563:  Unbounded source buffer  (STRING_SIZE)
/lib/gis/put_window.c: 48 in G_put_window()

** CID 1262562:  Copy into fixed size buffer  (STRING_OVERFLOW)
/display/d.vect.thematic/main.c: 189 in main()

** CID 1262561:  Unbounded source buffer  (STRING_SIZE)
/lib/gis/get_window.c: 65 in G_get_window()

** CID 1262560:  Unused value  (UNUSED_VALUE)
/lib/vector/Vlib/snap.c: 594 in Vect_snap_lines_list_rtree()

** CID 1262559:  Unused value  (UNUSED_VALUE)
/lib/vector/Vlib/snap.c: 235 in Vect_snap_lines_list_kdtree()


________________________________________________________________________________________________________
*** CID 1262578:  Explicit null dereferenced  (FORWARD_NULL)
/lib/gis/ls.c: 118 in G_ls2()
112             dir_listing = (char **)G_realloc(dir_listing, (1 + n)
* sizeof(char *));
113             dir_listing[n] = G_store(dp->d_name);
114             n++;
115         }
116
117         /* Sort list of filenames alphabetically */
>>>     CID 1262578:  Explicit null dereferenced  (FORWARD_NULL)
>>>     Passing null pointer "dir_listing" to "qsort", which dereferences it.
118         qsort(dir_listing, n, sizeof(char *), cmp_names);
119
120         *num_files = n;
121         return dir_listing;
122     }
123

________________________________________________________________________________________________________
*** CID 1262577:  Improper use of negative value  (NEGATIVE_RETURNS)
/lib/vector/Vlib/write_nat.c: 46 in V1_write_line_nat()
40       \return feature offset into file
41       \return -1 on error
42     */
43     off_t V1_write_line_nat(struct Map_info *Map, int type,
44                             const struct line_pnts *points, const
struct line_cats *cats)
45     {
>>>     CID 1262577:  Improper use of negative value  (NEGATIVE_RETURNS)
>>>     A negative constant "-1L" is passed as an argument to a parameter that cannot be negative.
46         return V1__write_line_nat(Map, -1, type, points, cats);
47     }
48
49     /*!
50       \brief Writes feature to 'coor' file at topological level
(internal use only)
51

________________________________________________________________________________________________________
*** CID 1262576:  Improper use of negative value  (NEGATIVE_RETURNS)
/lib/vector/Vlib/write_nat.c: 133 in V1_rewrite_line_nat()
127         }
128         else {
129             /* differ -> delete the old and append new */
130             /* delete old */
131             V1_delete_line_nat(Map, offset);
132
>>>     CID 1262576:  Improper use of negative value  (NEGATIVE_RETURNS)
>>>     A negative constant "-1L" is passed as an argument to a parameter that cannot be negative.
133             return V1__write_line_nat(Map, -1, type, points, cats);
134         }
135     }
136
137     /*!
138       \brief Rewrites feature to 'coor' file at topological level
(internal use only)

________________________________________________________________________________________________________
*** CID 1262575:  Improper use of negative value  (NEGATIVE_RETURNS)
/lib/vector/Vlib/write_nat.c: 205 in V2_rewrite_line_nat()
199             offset = old_offset;
200         }
201         else {
202             /* differ -> delete the old and append new */
203             /* delete old */
204             V1_delete_line_nat(Map, old_offset);
>>>     CID 1262575:  Improper use of negative value  (NEGATIVE_RETURNS)
>>>     Assigning: "offset" = a negative value.
205             offset = -1;
206         }
207
208         /* delete feature from topology */
209         if (0 != V2__delete_line_from_topo_nat(Map, line, type,
old_points, old_cats))
210             return -1;

________________________________________________________________________________________________________
*** CID 1262574:  Resource leak  (RESOURCE_LEAK)
/lib/driver/text3.c: 152 in convert_str()
146
147             i = res;
148             cd = iconv_open("UCS-2BE", from);
149             if (cd == (iconv_t) -1)
150                 return -1;
151             if (iconv(cd, (char **)&p1, &len, (char **)&p2, &i) ==
(size_t) -1)
>>>     CID 1262574:  Resource leak  (RESOURCE_LEAK)
>>>     Variable "cd" going out of scope leaks the storage it points to.
152                 return -1;
153             iconv_close(cd);
154
155             res -= i;
156         }
157     #else

________________________________________________________________________________________________________
*** CID 1262573:  Resource leak  (RESOURCE_LEAK)
/lib/gis/ls.c: 121 in G_ls2()
115         }
116
117         /* Sort list of filenames alphabetically */
118         qsort(dir_listing, n, sizeof(char *), cmp_names);
119
120         *num_files = n;
>>>     CID 1262573:  Resource leak  (RESOURCE_LEAK)
>>>     Variable "dfd" going out of scope leaks the storage it points to.
121         return dir_listing;
122     }
123
124     /**
125      * \brief Prints a directory listing to a stream, in
prettified column format
126      *

________________________________________________________________________________________________________
*** CID 1262572:  Resource leak  (RESOURCE_LEAK)
/misc/m.nviz.image/vector.c: 86 in load_vectors()
80
81         for (i = 0; vect->answers[i]; i++) {
82      mapset = G_find_vector2(vect->answers[i], "");
83      if (mapset == NULL) {
84          G_fatal_error(_("Vector map <%s> not found"), vect->answers[i]);
85      }
>>>     CID 1262572:  Resource leak  (RESOURCE_LEAK)
>>>     Failing to save or free storage allocated by "G_fully_qualified_name(vect->answers[i], mapset)" leaks it.
86      id = Nviz_new_map_obj(map_obj_type,
87                            G_fully_qualified_name(vect->answers[i],
88                                                   mapset), 0.0, data);
89
90      /* set position */
91      x = atof(position->answers[i * 3 + 0]);

________________________________________________________________________________________________________
*** CID 1262571:  Resource leak  (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 571 in Vect_snap_lines_list_rtree()
565         List = Vect_new_list();
566         if (getenv("GRASS_VECTOR_LOWMEM")) {
567             char *filename = G_tempfile();
568
569             rtreefd = open(filename, O_RDWR | O_CREAT | O_EXCL, 0600);
570             remove(filename);
>>>     CID 1262571:  Resource leak  (RESOURCE_LEAK)
>>>     Variable "filename" going out of scope leaks the storage it points to.
571         }
572         RTree = RTreeCreateTree(rtreefd, 0, 2);
573
574         thresh2 = thresh * thresh;
575
576         /* Go through all lines in vector, and add each point to
structure of points */

________________________________________________________________________________________________________
*** CID 1262570:  Resource leak  (RESOURCE_LEAK)
/lib/arraystats/class.c: 245 in AS_class_equiprob()
239         }
240
241         if (j < (*nbreaks)) {
242             G_warning(_("There are classbreaks outside the range
min-max. Number of "
243                         "classes reduced to %i, but using
probabilities for %i classes."),
244                       j + 1, *nbreaks + 1);
>>>     CID 1262570:  Resource leak  (RESOURCE_LEAK)
>>>     Ignoring storage allocated by "G__realloc("lib/arraystats/class.c", 245, classbreaks, j * 8UL)" leaks it.
245             G_realloc(classbreaks, j * sizeof(double));
246             for (i = 0; i < j; i++)
247                 classbreaks[i] = 0;
248         }
249
250         j = 0;

________________________________________________________________________________________________________
*** CID 1262569:  Resource leak  (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 889 in Vect_snap_lines_list_rtree()
883         RTreeDestroyTree(RTree);
884         if (rtreefd >= 0)
885             close(rtreefd);
886
887         G_verbose_message(_("Snapped vertices: %d"), nsnapped);
888         G_verbose_message(_("New vertices: %d"), ncreated);
>>>     CID 1262569:  Resource leak  (RESOURCE_LEAK)
>>>     Variable "List" going out of scope leaks the storage it points to.
889     }
890
891
892     /*!
893        \brief Snap lines in vector map to existing vertex in threshold.
894

________________________________________________________________________________________________________
*** CID 1262568:  Resource leak  (RESOURCE_LEAK)
/lib/vector/Vlib/snap.c: 527 in Vect_snap_lines_list_kdtree()
521         G_free(Index);
522         G_free(New);
523         kdtree_destroy(KDTree);
524
525         G_verbose_message(_("Snapped vertices: %d"), nsnapped);
526         G_verbose_message(_("New vertices: %d"), ncreated);
>>>     CID 1262568:  Resource leak  (RESOURCE_LEAK)
>>>     Variable "List" going out of scope leaks the storage it points to.
527     }
528
529     static void
530     Vect_snap_lines_list_rtree(struct Map_info *Map, const struct
ilist *List_lines,
531                          double thresh, struct Map_info *Err)
532     {

________________________________________________________________________________________________________
*** CID 1262567:  Resource leak  (RESOURCE_LEAK)
/misc/m.nviz.image/volume.c: 46 in load_rasters3d()
40      mapset = G_find_raster3d(params->volume->answers[i], "");
41      if (mapset == NULL) {
42          G_fatal_error(_("3d raster map <%s> not found"),
43                        params->volume->answers[i]);
44      }
45
>>>     CID 1262567:  Resource leak  (RESOURCE_LEAK)
>>>     Failing to save or free storage allocated by "G_fully_qualified_name(params->volume->answers[i], mapset)" leaks it.
46      id = Nviz_new_map_obj(MAP_OBJ_VOL,
47                            G_fully_qualified_name(params->volume->
48                                                   answers[i], mapset), 0.0,
49                            data);
50
51      /* set position */

________________________________________________________________________________________________________
*** CID 1262565:  Copy into fixed size buffer  (STRING_OVERFLOW)
/display/d.mon/start.c: 60 in start()
54                 G_fatal_error(_("Unable to get current working directory"));
55             ptr = output_path + strlen(output_path) - 1;
56             if (*(ptr++) != HOST_DIRSEP) {
57                 *(ptr++) = HOST_DIRSEP;
58                 *(ptr) = '\0';
59             }
>>>     CID 1262565:  Copy into fixed size buffer  (STRING_OVERFLOW)
>>>     You might overrun the 4096 byte fixed-size string "output_path" by copying "output_name" without checking the length.
60             strcat(output_path, output_name);
61             G_message(_("Output file: %s"), output_path);
62         }
63         else {
64             strcpy(output_path, output_name); /* already full path */
65         }
/display/d.mon/start.c: 64 in start()
58                 *(ptr) = '\0';
59             }
60             strcat(output_path, output_name);
61             G_message(_("Output file: %s"), output_path);
62         }
63         else {
>>>     CID 1262565:  Copy into fixed size buffer  (STRING_OVERFLOW)
>>>     You might overrun the 4096 byte fixed-size string "output_path" by copying "output_name" without checking the length.
64             strcpy(output_path, output_name); /* already full path */
65         }
66
67         env_name = NULL;
68         G_asprintf(&env_name, "MONITOR_%s_MAPFILE", G_store_upper(name));
69         G_setenv(env_name, output_path);

________________________________________________________________________________________________________
*** CID 1262566:  Resource leak  (RESOURCE_LEAK)
/misc/m.nviz.image/surface.c: 54 in load_rasters()
48          mapset = G_find_raster2(params->elev_map->answers[i], "");
49          if (mapset == NULL) {
50              G_fatal_error(_("Raster map <%s> not found"),
51                            params->elev_map->answers[i]);
52          }
53
>>>     CID 1262566:  Resource leak  (RESOURCE_LEAK)
>>>     Failing to save or free storage allocated by "G_fully_qualified_name(params->elev_map->answers[i], mapset)" leaks it.
54          id = Nviz_new_map_obj(MAP_OBJ_SURF,
55                                G_fully_qualified_name(params->
56                                                       elev_map->answers[i],
57                                                       mapset), 0.0, data);
58      }
59      else {

________________________________________________________________________________________________________
*** CID 1262564:  Resource leak  (RESOURCE_LEAK)
/lib/vector/Vlib/ascii.c: 475 in Vect_write_ascii()
469                                     col_name =
db_get_column_name(db_get_table_column(Table, j));
470                                     G_important_message("%s", col_name);
471                                 }
472                                 G_warning(_("Export cancelled"));
473                                 db_close_database(driver);
474                                 db_shutdown_driver(driver);
>>>     CID 1262564:  Resource leak  (RESOURCE_LEAK)
>>>     Variable "Table" going out of scope leaks the storage it points to.
475                                 return -1;
476                             }
477                         }
478                         i++;
479                     }
480                     columns[icol] = NULL;

________________________________________________________________________________________________________
*** CID 1262563:  Unbounded source buffer  (STRING_SIZE)
/lib/gis/put_window.c: 48 in G_put_window()
42      * \return -1 on error (no diagnostic message is printed)
43      *
44      * \sa G_get_window(), G_set_window(), python.core.use_temp_region()
45      */
46     int G_put_window(const struct Cell_head *window)
47     {
>>>     CID 1262563:  Unbounded source buffer  (STRING_SIZE)
>>>     Assigning: "wind" = "getenv". "wind" is now tainted.
48         char *wind = getenv("WIND_OVERRIDE");
49
50         return wind ? G_put_element_window(window, "windows", wind)
51      : G_put_element_window(window, "", "WIND");
52     }
53

________________________________________________________________________________________________________
*** CID 1262562:  Copy into fixed size buffer  (STRING_OVERFLOW)
/display/d.vect.thematic/main.c: 189 in main()
183             verbose = TRUE;
184
185         G_get_set_window(&window);
186
187         /* Read map options */
188
>>>     CID 1262562:  Copy into fixed size buffer  (STRING_OVERFLOW)
>>>     You might overrun the 128 byte fixed-size string "map_name" by copying "map_opt->answer" without checking the length.
189         strcpy(map_name, map_opt->answer);
190
191         /* open vector */
192         level = Vect_open_old(&Map, map_name, "");
193
194         if (level < 2)

________________________________________________________________________________________________________
*** CID 1262561:  Unbounded source buffer  (STRING_SIZE)
/lib/gis/get_window.c: 65 in G_get_window()
59         if (regvar) {
60      char **tokens = G_tokenize(regvar, ";");
61      G__read_Cell_head_array(tokens, &st->dbwindow, 0);
62      G_free_tokens(tokens);
63         }
64         else {
>>>     CID 1262561:  Unbounded source buffer  (STRING_SIZE)
>>>     Assigning: "wind" = "getenv". "wind" is now tainted.
65      char *wind = getenv("WIND_OVERRIDE");
66      if (wind)
67          G_get_element_window(&st->dbwindow, "windows", wind, G_mapset());
68      else
69          G_get_element_window(&st->dbwindow, "", "WIND", G_mapset());
70         }

________________________________________________________________________________________________________
*** CID 1262560:  Unused value  (UNUSED_VALUE)
/lib/vector/Vlib/snap.c: 594 in Vect_snap_lines_list_rtree()
588             line = List_lines->value[line_idx];
589
590             G_debug(3, "line =  %d", line);
591             if (!Vect_line_alive(Map, line))
592                 continue;
593
>>>     CID 1262560:  Unused value  (UNUSED_VALUE)
>>>     Value from "Vect_read_line(Map, Points, Cats, line)" is assigned to "ltype" here, but that stored value is not used before it is overwritten.
594             ltype = Vect_read_line(Map, Points, Cats, line);
595
596             for (v = 0; v < Points->n_points; v++) {
597                 G_debug(3, "  vertex v = %d", v);
598                 nvertices++;
599

________________________________________________________________________________________________________
*** CID 1262559:  Unused value  (UNUSED_VALUE)
/lib/vector/Vlib/snap.c: 235 in Vect_snap_lines_list_kdtree()
229             line = List_lines->value[line_idx];
230
231             G_debug(3, "line =  %d", line);
232             if (!Vect_line_alive(Map, line))
233                 continue;
234
>>>     CID 1262559:  Unused value  (UNUSED_VALUE)
>>>     Value from "Vect_read_line(Map, Points, Cats, line)" is assigned to "ltype" here, but that stored value is not used before it is overwritten.
235             ltype = Vect_read_line(Map, Points, Cats, line);
236
237             for (v = 0; v < Points->n_points; v++) {
238                 G_debug(3, "  vertex v = %d", v);
239                 nvertices++;
240


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/1038?tab=overview


More information about the grass-dev mailing list