Coverity-updates archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New Defects reported by Coverity Scan for NetBSD-i386-user



Hi,


Please find the latest report on new defect(s) introduced to NetBSD found with 
Coverity Scan.

Defect(s) Reported-by: Coverity Scan
Showing 20 of 32 defect(s)


** CID 1036808:  Unchecked return value  (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 59099 in sqlite3BtreePutData()

** CID 1100777:  Unchecked return value  (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 113336 in whereLoopAddVirtual()

** CID 1175803:  Unchecked return value from library  (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/GCDAProfiling.c: 205 in 
recursive_mkdir()

** CID 1036802:  Logically dead code  (DEADCODE)
/external/public-domain/sqlite/dist/sqlite3.c: 44713 in sqlite3PagerAcquire()
/external/public-domain/sqlite/dist/sqlite3.c: 44718 in sqlite3PagerAcquire()

** CID 1135696:  Logically dead code  (DEADCODE)
/external/public-domain/sqlite/dist/sqlite3.c: 97484 in sqlite3Pragma()

** CID 1018042:  Division or modulo by zero  (DIVIDE_BY_ZERO)
/sys/external/bsd/compiler_rt/dist/lib/udivmoddi4.c: 67 in __udivmoddi4()
/sys/external/bsd/compiler_rt/dist/lib/udivmoddi4.c: 66 in __udivmoddi4()

** CID 1036793:  Explicit null dereferenced  (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 131190 in fts3ExprBalance()

** CID 748774:  Explicit null dereferenced  (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 138208 in fts3TruncateSegment()

** CID 748775:  Explicit null dereferenced  (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 138450 in sqlite3Fts3Incrmerge()

** CID 600:  Improper use of negative value  (NEGATIVE_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 81122 in 
sqlite3AlterRenameTable()

** CID 1127341:  Improper use of negative value  (NEGATIVE_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 86117 in sqlite3CreateView()

** CID 1036855:  Dereference null return value  (NULL_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 101001 in 
selectColumnsFromExprList()

** CID 749095:  Unintentional integer overflow  (OVERFLOW_BEFORE_WIDEN)
/external/public-domain/sqlite/dist/sqlite3.c: 138462 in sqlite3Fts3Incrmerge()

** CID 1036853:  Unintentional integer overflow  (OVERFLOW_BEFORE_WIDEN)
/external/public-domain/sqlite/dist/sqlite3.c: 27993 in unixShmMap()

** CID 980813:  Out-of-bounds read  (OVERRUN)
/external/public-domain/sqlite/dist/shell.c: 2929 in do_meta_command()

** CID 1127340:  Out-of-bounds access  (OVERRUN)
/external/public-domain/sqlite/dist/sqlite3.c: 82908 in decodeIntArray()

** CID 1135692:  Resource leak  (RESOURCE_LEAK)
/external/public-domain/sqlite/dist/shell.c: 3118 in process_input()

** CID 1127339:  Wrong sizeof argument  (SIZEOF_MISMATCH)
/external/public-domain/sqlite/dist/sqlite3.c: 81981 in statInit()

** CID 1154541:  Use of untrusted scalar value  (TAINTED_SCALAR)
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()

** CID 1135687:  Use of untrusted string value  (TAINTED_STRING)
/external/public-domain/sqlite/dist/shell.c: 3073 in process_input()
/external/public-domain/sqlite/dist/shell.c: 3078 in process_input()


________________________________________________________________________________________________________
*** CID 1036808:  Unchecked return value  (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 59099 in sqlite3BtreePutData()
59093       ** version of the b-tree page modified by the accessPayload call 
below.
59094       **
59095       ** Note that pCsr must be open on a BTREE_INTKEY table and 
saveCursorPosition()
59096       ** and hence saveAllCursors() cannot fail on a BTREE_INTKEY table, 
hence
59097       ** saveAllCursors can only return SQLITE_OK.
59098       */
>>>     CID 1036808:  Unchecked return value  (CHECKED_RETURN)
>>>     No check of the return value of "saveAllCursors(pCsr->pBt, 
>>> pCsr->pgnoRoot, pCsr)".
59099       VVA_ONLY(rc =) saveAllCursors(pCsr->pBt, pCsr->pgnoRoot, pCsr);
59100       assert( rc==SQLITE_OK );
59101     
59102       /* Check some assumptions: 
59103       **   (a) the cursor is open for writing,
59104       **   (b) there is a read/write transaction open,

________________________________________________________________________________________________________
*** CID 1100777:  Unchecked return value  (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 113336 in whereLoopAddVirtual()
113330           pNew->u.vtab.idxStr = pIdxInfo->idxStr;
113331           pNew->u.vtab.isOrdered = (u8)((pIdxInfo->nOrderBy!=0)
113332                                          && pIdxInfo->orderByConsumed);
113333           pNew->rSetup = 0;
113334           pNew->rRun = sqlite3LogEstFromDouble(pIdxInfo->estimatedCost);
113335           pNew->nOut = sqlite3LogEst(pIdxInfo->estimatedRows);
>>>     CID 1100777:  Unchecked return value  (CHECKED_RETURN)
>>>     No check of the return value of "whereLoopInsert(pBuilder, pNew)".
113336           whereLoopInsert(pBuilder, pNew);
113337           if( pNew->u.vtab.needFree ){
113338             sqlite3_free(pNew->u.vtab.idxStr);
113339             pNew->u.vtab.needFree = 0;
113340           }
113341         }

________________________________________________________________________________________________________
*** CID 1175803:  Unchecked return value from library  (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/GCDAProfiling.c: 205 in 
recursive_mkdir()
199       for (i = 1; path[i] != '\0'; ++i) {
200         if (path[i] != '/') continue;
201         path[i] = '\0';
202     #ifdef _WIN32
203         _mkdir(path);
204     #else
>>>     CID 1175803:  Unchecked return value from library  (CHECKED_RETURN)
>>>     No check of the return value of "mkdir(path, 493U)".
205         mkdir(path, 0755);  /* Some of these will fail, ignore it. */
206     #endif
207         path[i] = '/';
208       }
209     }
210     

________________________________________________________________________________________________________
*** CID 1036802:  Logically dead code  (DEADCODE)
/external/public-domain/sqlite/dist/sqlite3.c: 44713 in sqlite3PagerAcquire()
44707       /* If the pager is in the error state, return an error immediately. 
44708       ** Otherwise, request the page from the PCache layer. */
44709       if( pPager->errCode!=SQLITE_OK ){
44710         rc = pPager->errCode;
44711       }else{
44712     
>>>     CID 1036802:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this expression "pagerUseWal(pPager)" inside 
>>> statement "if (bMmapOk && pagerUseWal(...".
44713         if( bMmapOk && pagerUseWal(pPager) ){
44714           rc = sqlite3WalFindFrame(pPager->pWal, pgno, &iFrame);
44715           if( rc!=SQLITE_OK ) goto pager_acquire_err;
44716         }
44717     
44718         if( bMmapOk && iFrame==0 ){
/external/public-domain/sqlite/dist/sqlite3.c: 44718 in sqlite3PagerAcquire()
44712     
44713         if( bMmapOk && pagerUseWal(pPager) ){
44714           rc = sqlite3WalFindFrame(pPager->pWal, pgno, &iFrame);
44715           if( rc!=SQLITE_OK ) goto pager_acquire_err;
44716         }
44717     
>>>     CID 1036802:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this expression "iFrame == 0U" inside statement 
>>> "if (bMmapOk && iFrame == 0U...".
44718         if( bMmapOk && iFrame==0 ){
44719           void *pData = 0;
44720     
44721           rc = sqlite3OsFetch(pPager->fd, 
44722               (i64)(pgno-1) * pPager->pageSize, pPager->pageSize, &pData
44723           );

________________________________________________________________________________________________________
*** CID 1135696:  Logically dead code  (DEADCODE)
/external/public-domain/sqlite/dist/sqlite3.c: 97484 in sqlite3Pragma()
97478     #else
97479         sz = 0;
97480         rc = SQLITE_OK;
97481     #endif
97482         if( rc==SQLITE_OK ){
97483           returnSingleInt(pParse, "mmap_size", sz);
>>>     CID 1135696:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "if (rc != 12){
  pParse->nE...".
97484         }else if( rc!=SQLITE_NOTFOUND ){
97485           pParse->nErr++;
97486           pParse->rc = rc;
97487         }
97488         break;
97489       }

________________________________________________________________________________________________________
*** CID 1018042:  Division or modulo by zero  (DIVIDE_BY_ZERO)
/sys/external/bsd/compiler_rt/dist/lib/udivmoddi4.c: 67 in __udivmoddi4()
61                 /* K X
62                  * ---
63                  * 0 0
64                  */ 
65                 if (rem)
66                     *rem = n.s.high % d.s.low;
>>>     CID 1018042:  Division or modulo by zero  (DIVIDE_BY_ZERO)
>>>     In expression "n.s.high / d.s.low", division by expression "d.s.low" 
>>> which may be zero has undefined behavior.
67                 return n.s.high / d.s.low;
68             }
69             /* d.s.high != 0 */
70             if (n.s.low == 0)
71             {
72                 /* K 0
/sys/external/bsd/compiler_rt/dist/lib/udivmoddi4.c: 66 in __udivmoddi4()
60             {
61                 /* K X
62                  * ---
63                  * 0 0
64                  */ 
65                 if (rem)
>>>     CID 1018042:  Division or modulo by zero  (DIVIDE_BY_ZERO)
>>>     In expression "n.s.high % d.s.low" modulo by expression "d.s.low" which 
>>> may be zero has undefined behavior.
66                     *rem = n.s.high % d.s.low;
67                 return n.s.high / d.s.low;
68             }
69             /* d.s.high != 0 */
70             if (n.s.low == 0)
71             {

________________________________________________________________________________________________________
*** CID 1036793:  Explicit null dereferenced  (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 131190 in fts3ExprBalance()
131184             for(iLvl=0; p && iLvl<nMaxDepth; iLvl++){
131185               if( apLeaf[iLvl]==0 ){
131186                 apLeaf[iLvl] = p;
131187                 p = 0;
131188               }else{
131189                 assert( pFree );
>>>     CID 1036793:  Explicit null dereferenced  (FORWARD_NULL)
>>>     Dereferencing null pointer "pFree".
131190                 pFree->pLeft = apLeaf[iLvl];
131191                 pFree->pRight = p;
131192                 pFree->pLeft->pParent = pFree;
131193                 pFree->pRight->pParent = pFree;
131194     
131195                 p = pFree;

________________________________________________________________________________________________________
*** CID 748774:  Explicit null dereferenced  (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 138208 in fts3TruncateSegment()
138202       sqlite3_int64 iAbsLevel,        /* Absolute level of segment to 
modify */
138203       int iIdx,                       /* Index within level of segment 
to modify */
138204       const char *zTerm,              /* Remove terms smaller than this 
*/
138205       int nTerm                      /* Number of bytes in buffer zTerm 
*/
138206     ){
138207       int rc = SQLITE_OK;             /* Return code */
>>>     CID 748774:  Explicit null dereferenced  (FORWARD_NULL)
>>>     Assigning: "root.a" = "NULL".
138208       Blob root = {0,0,0};            /* New root page image */
138209       Blob block = {0,0,0};           /* Buffer used for any other block 
*/
138210       sqlite3_int64 iBlock = 0;       /* Block id */
138211       sqlite3_int64 iNewStart = 0;    /* New value for iStartBlock */
138212       sqlite3_int64 iOldStart = 0;    /* Old value for iStartBlock */
138213       sqlite3_stmt *pFetch = 0;       /* Statement used to fetch segdir 
*/

________________________________________________________________________________________________________
*** CID 748775:  Explicit null dereferenced  (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 138450 in sqlite3Fts3Incrmerge()
138444       int nRem = nMerge;              /* Number of leaf pages yet to  be 
written */
138445       Fts3MultiSegReader *pCsr;       /* Cursor used to read input data 
*/
138446       Fts3SegFilter *pFilter;         /* Filter used with cursor pCsr */
138447       IncrmergeWriter *pWriter;       /* Writer object */
138448       int nSeg = 0;                   /* Number of input segments */
138449       sqlite3_int64 iAbsLevel = 0;    /* Absolute level number to work 
on */
>>>     CID 748775:  Explicit null dereferenced  (FORWARD_NULL)
>>>     Assigning: "hint.a" = "NULL".
138450       Blob hint = {0, 0, 0};          /* Hint read from %_stat table */
138451       int bDirtyHint = 0;             /* True if blob 'hint' has been 
modified */
138452     
138453       /* Allocate space for the cursor, filter and writer objects */
138454       const int nAlloc = sizeof(*pCsr) + sizeof(*pFilter) + 
sizeof(*pWriter);
138455       pWriter = (IncrmergeWriter *)sqlite3_malloc(nAlloc);

________________________________________________________________________________________________________
*** CID 600:  Improper use of negative value  (NEGATIVE_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 81122 in 
sqlite3AlterRenameTable()
81116       if( NEVER(db->mallocFailed) ) goto exit_rename_table;
81117       assert( pSrc->nSrc==1 );
81118       assert( sqlite3BtreeHoldsAllMutexes(pParse->db) );
81119     
81120       pTab = sqlite3LocateTableItem(pParse, 0, &pSrc->a[0]);
81121       if( !pTab ) goto exit_rename_table;
>>>     CID 600:  Improper use of negative value  (NEGATIVE_RETURNS)
>>>     Assigning: signed variable "iDb" = "sqlite3SchemaToIndex(sqlite3 *, 
>>> Schema *)".
81122       iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
81123       zDb = db->aDb[iDb].zName;
81124       db->flags |= SQLITE_PreferBuiltin;
81125     
81126       /* Get a NULL terminated version of the new table name. */
81127       zName = sqlite3NameFromToken(db, pName);

________________________________________________________________________________________________________
*** CID 1127341:  Improper use of negative value  (NEGATIVE_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 86117 in sqlite3CreateView()
86111       p = pParse->pNewTable;
86112       if( p==0 || pParse->nErr ){
86113         sqlite3SelectDelete(db, pSelect);
86114         return;
86115       }
86116       sqlite3TwoPartName(pParse, pName1, pName2, &pName);
>>>     CID 1127341:  Improper use of negative value  (NEGATIVE_RETURNS)
>>>     Assigning: signed variable "iDb" = "sqlite3SchemaToIndex(sqlite3 *, 
>>> Schema *)".
86117       iDb = sqlite3SchemaToIndex(db, p->pSchema);
86118       sqlite3FixInit(&sFix, pParse, iDb, "view", pName);
86119       if( sqlite3FixSelect(&sFix, pSelect) ){
86120         sqlite3SelectDelete(db, pSelect);
86121         return;
86122       }

________________________________________________________________________________________________________
*** CID 1036855:  Dereference null return value  (NULL_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 101001 in 
selectColumnsFromExprList()
100995             sqlite3DbFree(db, zName);
100996             zName = zNewName;
100997             j = -1;
100998             if( zName==0 ) break;
100999           }
101000         }
>>>     CID 1036855:  Dereference null return value  (NULL_RETURNS)
>>>     Dereferencing a null pointer "pCol".
101001         pCol->zName = zName;
101002       }
101003       if( db->mallocFailed ){
101004         for(j=0; j<i; j++){
101005           sqlite3DbFree(db, aCol[j].zName);
101006         }

________________________________________________________________________________________________________
*** CID 749095:  Unintentional integer overflow  (OVERFLOW_BEFORE_WIDEN)
/external/public-domain/sqlite/dist/sqlite3.c: 138462 in sqlite3Fts3Incrmerge()
138456       if( !pWriter ) return SQLITE_NOMEM;
138457       pFilter = (Fts3SegFilter *)&pWriter[1];
138458       pCsr = (Fts3MultiSegReader *)&pFilter[1];
138459     
138460       rc = fts3IncrmergeHintLoad(p, &hint);
138461       while( rc==SQLITE_OK && nRem>0 ){
>>>     CID 749095:  Unintentional integer overflow  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "1024 * p->nIndex" with type "int" 
>>> (32 bits, signed) is evaluated using 32-bit arithmetic  before being used 
>>> in a context which expects an expression of type "i64 const" (64 bits, 
>>> signed).  To avoid overflow, cast either operand to "i64 const" before 
>>> performing the multiplication.
138462         const i64 nMod = FTS3_SEGDIR_MAXLEVEL * p->nIndex;
138463         sqlite3_stmt *pFindLevel = 0; /* SQL used to determine iAbsLevel 
*/
138464         int bUseHint = 0;             /* True if attempting to append */
138465     
138466         /* Search the %_segdir table for the absolute level with the 
smallest
138467         ** relative level number that contains at least nMin segments, 
if any.

________________________________________________________________________________________________________
*** CID 1036853:  Unintentional integer overflow  (OVERFLOW_BEFORE_WIDEN)
/external/public-domain/sqlite/dist/sqlite3.c: 27993 in unixShmMap()
27987               static const int pgsz = 4096;
27988               int iPg;
27989     
27990               /* Write to the last byte of each newly allocated or 
extended page */
27991               assert( (nByte % pgsz)==0 );
27992               for(iPg=(sStat.st_size/pgsz); iPg<(nByte/pgsz); iPg++){
>>>     CID 1036853:  Unintentional integer overflow  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "iPg * 4096" with type "int" (32 
>>> bits, signed) is evaluated using 32-bit arithmetic  before being used in a 
>>> context which expects an expression of type "i64" (64 bits, signed).  To 
>>> avoid overflow, cast either operand to "i64" before performing the 
>>> multiplication.
27993                 if( seekAndWriteFd(pShmNode->h, iPg*pgsz + pgsz-1, "", 1, 
0)!=1 ){
27994                   const char *zFile = pShmNode->zFilename;
27995                   rc = unixLogError(SQLITE_IOERR_SHMSIZE, "write", zFile);
27996                   goto shmpage_out;
27997                 }
27998               }

________________________________________________________________________________________________________
*** CID 980813:  Out-of-bounds read  (OVERRUN)
/external/public-domain/sqlite/dist/shell.c: 2929 in do_meta_command()
2923     #endif
2924     
2925       if( c=='w' && strncmp(azArg[0], "width", n)==0 && nArg>1 ){
2926         int j;
2927         assert( nArg<=ArraySize(azArg) );
2928         for(j=1; j<nArg && j<ArraySize(p->colWidth); j++){
>>>     CID 980813:  Out-of-bounds read  (OVERRUN)
>>>     Overrunning array "azArg" of 50 4-byte elements at element index 99 
>>> (byte offset 396) using index "j" (which evaluates to 99).
2929           p->colWidth[j-1] = (int)integerValue(azArg[j]);
2930         }
2931       }else
2932     
2933       {
2934         fprintf(stderr, "Error: unknown command or invalid arguments: "

________________________________________________________________________________________________________
*** CID 1127340:  Out-of-bounds access  (OVERRUN)
/external/public-domain/sqlite/dist/sqlite3.c: 82908 in decodeIntArray()
82902       int i;
82903       tRowcnt v;
82904     
82905     #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
82906       if( z==0 ) z = "";
82907     #else
>>>     CID 1127340:  Out-of-bounds access  (OVERRUN)
>>>     Assigning: "z" = """". "z" now points to byte 0 of """" (which consists 
>>> of 1 bytes).
82908       if( NEVER(z==0) ) z = "";
82909     #endif
82910       for(i=0; *z && i<nOut; i++){
82911         v = 0;
82912         while( (c=z[0])>='0' && c<='9' ){
82913           v = v*10 + c - '0';

________________________________________________________________________________________________________
*** CID 1135692:  Resource leak  (RESOURCE_LEAK)
/external/public-domain/sqlite/dist/shell.c: 3118 in process_input()
3112         if( !_all_whitespace(zSql) ){
3113           fprintf(stderr, "Error: incomplete SQL: %s\n", zSql);
3114         }
3115         free(zSql);
3116       }
3117       free(zLine);
>>>     CID 1135692:  Resource leak  (RESOURCE_LEAK)
>>>     Variable "zSql" going out of scope leaks the storage it points to.
3118       return errCnt>0;
3119     }
3120     
3121     /*
3122     ** Return a pathname which is the user's home directory.  A
3123     ** 0 return indicates an error of some kind.

________________________________________________________________________________________________________
*** CID 1127339:  Wrong sizeof argument  (SIZEOF_MISMATCH)
/external/public-domain/sqlite/dist/sqlite3.c: 81981 in statInit()
81975           p->aBest[i].iCol = i;
81976         }
81977       }
81978     #endif
81979     
81980       /* Return a pointer to the allocated object to the caller */
>>>     CID 1127339:  Wrong sizeof argument  (SIZEOF_MISMATCH)
>>>     Passing argument "p" of type "Stat4Accum *" and argument "4 /* sizeof 
>>> (p) */" to function "sqlite3_result_blob(sqlite3_context *, void const *, 
>>> int, void (*)(void *))" is suspicious.  Did you intend to use "sizeof(*p)" 
>>> instead of "sizeof (p)" ?
81981       sqlite3_result_blob(context, p, sizeof(p), stat4Destructor);
81982     }
81983     static const FuncDef statInitFuncdef = {
81984       1+IsStat34,      /* nArg */
81985       SQLITE_UTF8,     /* funcFlags */
81986       0,               /* pUserData */

________________________________________________________________________________________________________
*** CID 1154541:  Use of untrusted scalar value  (TAINTED_SCALAR)
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
3025       int errCnt = 0;           /* Number of errors seen */
3026       int lineno = 0;           /* Current line number */
3027       int startline = 0;        /* Line number for start of current input 
*/
3028     
3029       while( errCnt==0 || !bail_on_error || (in==0 && 
stdin_is_interactive) ){
3030         fflush(p->out);
>>>     CID 1154541:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "zLine" = "one_input_line(FILE *, char *, int)", which 
>>> taints "zLine".
3031         zLine = one_input_line(in, zLine, nSql>0);
3032         if( zLine==0 ){
3033           /* End of input */
3034           if( stdin_is_interactive ) printf("\n");
3035           break;
3036         }
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
3025       int errCnt = 0;           /* Number of errors seen */
3026       int lineno = 0;           /* Current line number */
3027       int startline = 0;        /* Line number for start of current input 
*/
3028     
3029       while( errCnt==0 || !bail_on_error || (in==0 && 
stdin_is_interactive) ){
3030         fflush(p->out);
>>>     CID 1154541:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "zLine" = "one_input_line(FILE *, char *, int)", which 
>>> taints "zLine".
3031         zLine = one_input_line(in, zLine, nSql>0);
3032         if( zLine==0 ){
3033           /* End of input */
3034           if( stdin_is_interactive ) printf("\n");
3035           break;
3036         }
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
3025       int errCnt = 0;           /* Number of errors seen */
3026       int lineno = 0;           /* Current line number */
3027       int startline = 0;        /* Line number for start of current input 
*/
3028     
3029       while( errCnt==0 || !bail_on_error || (in==0 && 
stdin_is_interactive) ){
3030         fflush(p->out);
>>>     CID 1154541:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "zLine" = "one_input_line(FILE *, char *, int)", which 
>>> taints "zLine".
3031         zLine = one_input_line(in, zLine, nSql>0);
3032         if( zLine==0 ){
3033           /* End of input */
3034           if( stdin_is_interactive ) printf("\n");
3035           break;
3036         }
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
3025       int errCnt = 0;           /* Number of errors seen */
3026       int lineno = 0;           /* Current line number */
3027       int startline = 0;        /* Line number for start of current input 
*/
3028     
3029       while( errCnt==0 || !bail_on_error || (in==0 && 
stdin_is_interactive) ){
3030         fflush(p->out);
>>>     CID 1154541:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "zLine" = "one_input_line(FILE *, char *, int)", which 
>>> taints "zLine".
3031         zLine = one_input_line(in, zLine, nSql>0);
3032         if( zLine==0 ){
3033           /* End of input */
3034           if( stdin_is_interactive ) printf("\n");
3035           break;
3036         }

________________________________________________________________________________________________________
*** CID 1135687:  Use of untrusted string value  (TAINTED_STRING)
/external/public-domain/sqlite/dist/shell.c: 3073 in process_input()
3067         }
3068         nSqlPrior = nSql;
3069         if( nSql==0 ){
3070           int i;
3071           for(i=0; zLine[i] && IsSpace(zLine[i]); i++){}
3072           assert( nAlloc>0 && zSql!=0 );
>>>     CID 1135687:  Use of untrusted string value  (TAINTED_STRING)
>>>     Call to function "memcpy(void * restrict, void const * restrict, 
>>> size_t)" with tainted argument "zLine + i" transitively taints "zSql".
3073           memcpy(zSql, zLine+i, nLine+1-i);
3074           startline = lineno;
3075           nSql = nLine-i;
3076         }else{
3077           zSql[nSql++] = '\n';
3078           memcpy(zSql+nSql, zLine, nLine+1);
/external/public-domain/sqlite/dist/shell.c: 3078 in process_input()
3072           assert( nAlloc>0 && zSql!=0 );
3073           memcpy(zSql, zLine+i, nLine+1-i);
3074           startline = lineno;
3075           nSql = nLine-i;
3076         }else{
3077           zSql[nSql++] = '\n';
>>>     CID 1135687:  Use of untrusted string value  (TAINTED_STRING)
>>>     Call to function "memcpy(void * restrict, void const * restrict, 
>>> size_t)" with tainted argument "zLine" transitively taints "zSql".
3078           memcpy(zSql+nSql, zLine, nLine+1);
3079           nSql += nLine;
3080         }
3081         if( nSql && line_contains_semicolon(&zSql[nSqlPrior], 
nSql-nSqlPrior)
3082                     && sqlite3_complete(zSql) ){
3083           p->cnt = 0;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
http://scan.coverity.com/projects/156?tab=Overview

To unsubscribe from the email notification for new defects, 
http://scan5.coverity.com/cgi-bin/unsubscribe.py




Home | Main Index | Thread Index | Old Index