Coverity-updates archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
New Defects reported by Coverity Scan for NetBSD-amd64-user
- To: undisclosed-recipients:;
- Subject: New Defects reported by Coverity Scan for NetBSD-amd64-user
- From: scan-admin%coverity.com@localhost
- Date: Tue, 18 Feb 2014 06:45:53 -0800
Hi,
Please find the latest report on new defect(s) introduced to NetBSD found with
Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 20 of 31 defect(s)
** CID 1011: Unchecked return value (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 57872 in sqlite3BtreeDelete()
** CID 1036808: Unchecked return value (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 59099 in sqlite3BtreePutData()
** CID 1100777: Unchecked return value (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 113336 in whereLoopAddVirtual()
** CID 1175803: Unchecked return value from library (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/GCDAProfiling.c: 205 in
recursive_mkdir()
** CID 1036802: Logically dead code (DEADCODE)
/external/public-domain/sqlite/dist/sqlite3.c: 44713 in sqlite3PagerAcquire()
/external/public-domain/sqlite/dist/sqlite3.c: 44718 in sqlite3PagerAcquire()
** CID 1135696: Logically dead code (DEADCODE)
/external/public-domain/sqlite/dist/sqlite3.c: 97484 in sqlite3Pragma()
** CID 1018042: Division or modulo by zero (DIVIDE_BY_ZERO)
/sys/external/bsd/compiler_rt/dist/lib/udivmoddi4.c: 67 in __udivmoddi4()
/sys/external/bsd/compiler_rt/dist/lib/udivmoddi4.c: 66 in __udivmoddi4()
** CID 1036793: Explicit null dereferenced (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 131190 in fts3ExprBalance()
** CID 748774: Explicit null dereferenced (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 138208 in fts3TruncateSegment()
** CID 748775: Explicit null dereferenced (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 138450 in sqlite3Fts3Incrmerge()
** CID 600: Improper use of negative value (NEGATIVE_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 81122 in
sqlite3AlterRenameTable()
** CID 1127341: Improper use of negative value (NEGATIVE_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 86117 in sqlite3CreateView()
** CID 1036855: Dereference null return value (NULL_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 101001 in
selectColumnsFromExprList()
** CID 749095: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
/external/public-domain/sqlite/dist/sqlite3.c: 138462 in sqlite3Fts3Incrmerge()
** CID 1036853: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
/external/public-domain/sqlite/dist/sqlite3.c: 27993 in unixShmMap()
** CID 1127340: Out-of-bounds access (OVERRUN)
/external/public-domain/sqlite/dist/sqlite3.c: 82908 in decodeIntArray()
** CID 1135692: Resource leak (RESOURCE_LEAK)
/external/public-domain/sqlite/dist/shell.c: 3118 in process_input()
** CID 1127339: Wrong sizeof argument (SIZEOF_MISMATCH)
/external/public-domain/sqlite/dist/sqlite3.c: 81981 in statInit()
** CID 1154541: Use of untrusted scalar value (TAINTED_SCALAR)
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
** CID 1135687: Use of untrusted string value (TAINTED_STRING)
/external/public-domain/sqlite/dist/shell.c: 3073 in process_input()
/external/public-domain/sqlite/dist/shell.c: 3078 in process_input()
________________________________________________________________________________________________________
*** CID 1011: Unchecked return value (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 57872 in sqlite3BtreeDelete()
57866 releasePage(pCur->apPage[pCur->iPage--]);
57867 }
57868 rc = balance(pCur);
57869 }
57870
57871 if( rc==SQLITE_OK ){
>>> CID 1011: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "moveToRoot(pCur)".
57872 moveToRoot(pCur);
57873 }
57874 return rc;
57875 }
57876
57877 /*
________________________________________________________________________________________________________
*** CID 1036808: Unchecked return value (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 59099 in sqlite3BtreePutData()
59093 ** version of the b-tree page modified by the accessPayload call
below.
59094 **
59095 ** Note that pCsr must be open on a BTREE_INTKEY table and
saveCursorPosition()
59096 ** and hence saveAllCursors() cannot fail on a BTREE_INTKEY table,
hence
59097 ** saveAllCursors can only return SQLITE_OK.
59098 */
>>> CID 1036808: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "saveAllCursors(pCsr->pBt,
>>> pCsr->pgnoRoot, pCsr)".
59099 VVA_ONLY(rc =) saveAllCursors(pCsr->pBt, pCsr->pgnoRoot, pCsr);
59100 assert( rc==SQLITE_OK );
59101
59102 /* Check some assumptions:
59103 ** (a) the cursor is open for writing,
59104 ** (b) there is a read/write transaction open,
________________________________________________________________________________________________________
*** CID 1100777: Unchecked return value (CHECKED_RETURN)
/external/public-domain/sqlite/dist/sqlite3.c: 113336 in whereLoopAddVirtual()
113330 pNew->u.vtab.idxStr = pIdxInfo->idxStr;
113331 pNew->u.vtab.isOrdered = (u8)((pIdxInfo->nOrderBy!=0)
113332 && pIdxInfo->orderByConsumed);
113333 pNew->rSetup = 0;
113334 pNew->rRun = sqlite3LogEstFromDouble(pIdxInfo->estimatedCost);
113335 pNew->nOut = sqlite3LogEst(pIdxInfo->estimatedRows);
>>> CID 1100777: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "whereLoopInsert(pBuilder, pNew)".
113336 whereLoopInsert(pBuilder, pNew);
113337 if( pNew->u.vtab.needFree ){
113338 sqlite3_free(pNew->u.vtab.idxStr);
113339 pNew->u.vtab.needFree = 0;
113340 }
113341 }
________________________________________________________________________________________________________
*** CID 1175803: Unchecked return value from library (CHECKED_RETURN)
/sys/external/bsd/compiler_rt/dist/lib/profile/GCDAProfiling.c: 205 in
recursive_mkdir()
199 for (i = 1; path[i] != '\0'; ++i) {
200 if (path[i] != '/') continue;
201 path[i] = '\0';
202 #ifdef _WIN32
203 _mkdir(path);
204 #else
>>> CID 1175803: Unchecked return value from library (CHECKED_RETURN)
>>> No check of the return value of "mkdir(path, 493U)".
205 mkdir(path, 0755); /* Some of these will fail, ignore it. */
206 #endif
207 path[i] = '/';
208 }
209 }
210
________________________________________________________________________________________________________
*** CID 1036802: Logically dead code (DEADCODE)
/external/public-domain/sqlite/dist/sqlite3.c: 44713 in sqlite3PagerAcquire()
44707 /* If the pager is in the error state, return an error immediately.
44708 ** Otherwise, request the page from the PCache layer. */
44709 if( pPager->errCode!=SQLITE_OK ){
44710 rc = pPager->errCode;
44711 }else{
44712
>>> CID 1036802: Logically dead code (DEADCODE)
>>> Execution cannot reach this expression "pagerUseWal(pPager)" inside
>>> statement "if (bMmapOk && pagerUseWal(...".
44713 if( bMmapOk && pagerUseWal(pPager) ){
44714 rc = sqlite3WalFindFrame(pPager->pWal, pgno, &iFrame);
44715 if( rc!=SQLITE_OK ) goto pager_acquire_err;
44716 }
44717
44718 if( bMmapOk && iFrame==0 ){
/external/public-domain/sqlite/dist/sqlite3.c: 44718 in sqlite3PagerAcquire()
44712
44713 if( bMmapOk && pagerUseWal(pPager) ){
44714 rc = sqlite3WalFindFrame(pPager->pWal, pgno, &iFrame);
44715 if( rc!=SQLITE_OK ) goto pager_acquire_err;
44716 }
44717
>>> CID 1036802: Logically dead code (DEADCODE)
>>> Execution cannot reach this expression "iFrame == 0U" inside statement
>>> "if (bMmapOk && iFrame == 0U...".
44718 if( bMmapOk && iFrame==0 ){
44719 void *pData = 0;
44720
44721 rc = sqlite3OsFetch(pPager->fd,
44722 (i64)(pgno-1) * pPager->pageSize, pPager->pageSize, &pData
44723 );
________________________________________________________________________________________________________
*** CID 1135696: Logically dead code (DEADCODE)
/external/public-domain/sqlite/dist/sqlite3.c: 97484 in sqlite3Pragma()
97478 #else
97479 sz = 0;
97480 rc = SQLITE_OK;
97481 #endif
97482 if( rc==SQLITE_OK ){
97483 returnSingleInt(pParse, "mmap_size", sz);
>>> CID 1135696: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "if (rc != 12){
pParse->nE...".
97484 }else if( rc!=SQLITE_NOTFOUND ){
97485 pParse->nErr++;
97486 pParse->rc = rc;
97487 }
97488 break;
97489 }
________________________________________________________________________________________________________
*** CID 1018042: Division or modulo by zero (DIVIDE_BY_ZERO)
/sys/external/bsd/compiler_rt/dist/lib/udivmoddi4.c: 67 in __udivmoddi4()
61 /* K X
62 * ---
63 * 0 0
64 */
65 if (rem)
66 *rem = n.s.high % d.s.low;
>>> CID 1018042: Division or modulo by zero (DIVIDE_BY_ZERO)
>>> In expression "n.s.high / d.s.low", division by expression "d.s.low"
>>> which may be zero has undefined behavior.
67 return n.s.high / d.s.low;
68 }
69 /* d.s.high != 0 */
70 if (n.s.low == 0)
71 {
72 /* K 0
/sys/external/bsd/compiler_rt/dist/lib/udivmoddi4.c: 66 in __udivmoddi4()
60 {
61 /* K X
62 * ---
63 * 0 0
64 */
65 if (rem)
>>> CID 1018042: Division or modulo by zero (DIVIDE_BY_ZERO)
>>> In expression "n.s.high % d.s.low" modulo by expression "d.s.low" which
>>> may be zero has undefined behavior.
66 *rem = n.s.high % d.s.low;
67 return n.s.high / d.s.low;
68 }
69 /* d.s.high != 0 */
70 if (n.s.low == 0)
71 {
________________________________________________________________________________________________________
*** CID 1036793: Explicit null dereferenced (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 131190 in fts3ExprBalance()
131184 for(iLvl=0; p && iLvl<nMaxDepth; iLvl++){
131185 if( apLeaf[iLvl]==0 ){
131186 apLeaf[iLvl] = p;
131187 p = 0;
131188 }else{
131189 assert( pFree );
>>> CID 1036793: Explicit null dereferenced (FORWARD_NULL)
>>> Dereferencing null pointer "pFree".
131190 pFree->pLeft = apLeaf[iLvl];
131191 pFree->pRight = p;
131192 pFree->pLeft->pParent = pFree;
131193 pFree->pRight->pParent = pFree;
131194
131195 p = pFree;
________________________________________________________________________________________________________
*** CID 748774: Explicit null dereferenced (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 138208 in fts3TruncateSegment()
138202 sqlite3_int64 iAbsLevel, /* Absolute level of segment to
modify */
138203 int iIdx, /* Index within level of segment
to modify */
138204 const char *zTerm, /* Remove terms smaller than this
*/
138205 int nTerm /* Number of bytes in buffer zTerm
*/
138206 ){
138207 int rc = SQLITE_OK; /* Return code */
>>> CID 748774: Explicit null dereferenced (FORWARD_NULL)
>>> Assigning: "root.a" = "NULL".
138208 Blob root = {0,0,0}; /* New root page image */
138209 Blob block = {0,0,0}; /* Buffer used for any other block
*/
138210 sqlite3_int64 iBlock = 0; /* Block id */
138211 sqlite3_int64 iNewStart = 0; /* New value for iStartBlock */
138212 sqlite3_int64 iOldStart = 0; /* Old value for iStartBlock */
138213 sqlite3_stmt *pFetch = 0; /* Statement used to fetch segdir
*/
________________________________________________________________________________________________________
*** CID 748775: Explicit null dereferenced (FORWARD_NULL)
/external/public-domain/sqlite/dist/sqlite3.c: 138450 in sqlite3Fts3Incrmerge()
138444 int nRem = nMerge; /* Number of leaf pages yet to be
written */
138445 Fts3MultiSegReader *pCsr; /* Cursor used to read input data
*/
138446 Fts3SegFilter *pFilter; /* Filter used with cursor pCsr */
138447 IncrmergeWriter *pWriter; /* Writer object */
138448 int nSeg = 0; /* Number of input segments */
138449 sqlite3_int64 iAbsLevel = 0; /* Absolute level number to work
on */
>>> CID 748775: Explicit null dereferenced (FORWARD_NULL)
>>> Assigning: "hint.a" = "NULL".
138450 Blob hint = {0, 0, 0}; /* Hint read from %_stat table */
138451 int bDirtyHint = 0; /* True if blob 'hint' has been
modified */
138452
138453 /* Allocate space for the cursor, filter and writer objects */
138454 const int nAlloc = sizeof(*pCsr) + sizeof(*pFilter) +
sizeof(*pWriter);
138455 pWriter = (IncrmergeWriter *)sqlite3_malloc(nAlloc);
________________________________________________________________________________________________________
*** CID 600: Improper use of negative value (NEGATIVE_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 81122 in
sqlite3AlterRenameTable()
81116 if( NEVER(db->mallocFailed) ) goto exit_rename_table;
81117 assert( pSrc->nSrc==1 );
81118 assert( sqlite3BtreeHoldsAllMutexes(pParse->db) );
81119
81120 pTab = sqlite3LocateTableItem(pParse, 0, &pSrc->a[0]);
81121 if( !pTab ) goto exit_rename_table;
>>> CID 600: Improper use of negative value (NEGATIVE_RETURNS)
>>> Assigning: signed variable "iDb" = "sqlite3SchemaToIndex(sqlite3 *,
>>> Schema *)".
81122 iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
81123 zDb = db->aDb[iDb].zName;
81124 db->flags |= SQLITE_PreferBuiltin;
81125
81126 /* Get a NULL terminated version of the new table name. */
81127 zName = sqlite3NameFromToken(db, pName);
________________________________________________________________________________________________________
*** CID 1127341: Improper use of negative value (NEGATIVE_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 86117 in sqlite3CreateView()
86111 p = pParse->pNewTable;
86112 if( p==0 || pParse->nErr ){
86113 sqlite3SelectDelete(db, pSelect);
86114 return;
86115 }
86116 sqlite3TwoPartName(pParse, pName1, pName2, &pName);
>>> CID 1127341: Improper use of negative value (NEGATIVE_RETURNS)
>>> Assigning: signed variable "iDb" = "sqlite3SchemaToIndex(sqlite3 *,
>>> Schema *)".
86117 iDb = sqlite3SchemaToIndex(db, p->pSchema);
86118 sqlite3FixInit(&sFix, pParse, iDb, "view", pName);
86119 if( sqlite3FixSelect(&sFix, pSelect) ){
86120 sqlite3SelectDelete(db, pSelect);
86121 return;
86122 }
________________________________________________________________________________________________________
*** CID 1036855: Dereference null return value (NULL_RETURNS)
/external/public-domain/sqlite/dist/sqlite3.c: 101001 in
selectColumnsFromExprList()
100995 sqlite3DbFree(db, zName);
100996 zName = zNewName;
100997 j = -1;
100998 if( zName==0 ) break;
100999 }
101000 }
>>> CID 1036855: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "pCol".
101001 pCol->zName = zName;
101002 }
101003 if( db->mallocFailed ){
101004 for(j=0; j<i; j++){
101005 sqlite3DbFree(db, aCol[j].zName);
101006 }
________________________________________________________________________________________________________
*** CID 749095: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
/external/public-domain/sqlite/dist/sqlite3.c: 138462 in sqlite3Fts3Incrmerge()
138456 if( !pWriter ) return SQLITE_NOMEM;
138457 pFilter = (Fts3SegFilter *)&pWriter[1];
138458 pCsr = (Fts3MultiSegReader *)&pFilter[1];
138459
138460 rc = fts3IncrmergeHintLoad(p, &hint);
138461 while( rc==SQLITE_OK && nRem>0 ){
>>> CID 749095: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "1024 * p->nIndex" with type "int"
>>> (32 bits, signed) is evaluated using 32-bit arithmetic before being used
>>> in a context which expects an expression of type "i64 const" (64 bits,
>>> signed). To avoid overflow, cast either operand to "i64 const" before
>>> performing the multiplication.
138462 const i64 nMod = FTS3_SEGDIR_MAXLEVEL * p->nIndex;
138463 sqlite3_stmt *pFindLevel = 0; /* SQL used to determine iAbsLevel
*/
138464 int bUseHint = 0; /* True if attempting to append */
138465
138466 /* Search the %_segdir table for the absolute level with the
smallest
138467 ** relative level number that contains at least nMin segments,
if any.
________________________________________________________________________________________________________
*** CID 1036853: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
/external/public-domain/sqlite/dist/sqlite3.c: 27993 in unixShmMap()
27987 static const int pgsz = 4096;
27988 int iPg;
27989
27990 /* Write to the last byte of each newly allocated or
extended page */
27991 assert( (nByte % pgsz)==0 );
27992 for(iPg=(sStat.st_size/pgsz); iPg<(nByte/pgsz); iPg++){
>>> CID 1036853: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "iPg * 4096" with type "int" (32
>>> bits, signed) is evaluated using 32-bit arithmetic before being used in a
>>> context which expects an expression of type "i64" (64 bits, signed). To
>>> avoid overflow, cast either operand to "i64" before performing the
>>> multiplication.
27993 if( seekAndWriteFd(pShmNode->h, iPg*pgsz + pgsz-1, "", 1,
0)!=1 ){
27994 const char *zFile = pShmNode->zFilename;
27995 rc = unixLogError(SQLITE_IOERR_SHMSIZE, "write", zFile);
27996 goto shmpage_out;
27997 }
27998 }
________________________________________________________________________________________________________
*** CID 1127340: Out-of-bounds access (OVERRUN)
/external/public-domain/sqlite/dist/sqlite3.c: 82908 in decodeIntArray()
82902 int i;
82903 tRowcnt v;
82904
82905 #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
82906 if( z==0 ) z = "";
82907 #else
>>> CID 1127340: Out-of-bounds access (OVERRUN)
>>> Assigning: "z" = """". "z" now points to byte 0 of """" (which consists
>>> of 1 bytes).
82908 if( NEVER(z==0) ) z = "";
82909 #endif
82910 for(i=0; *z && i<nOut; i++){
82911 v = 0;
82912 while( (c=z[0])>='0' && c<='9' ){
82913 v = v*10 + c - '0';
________________________________________________________________________________________________________
*** CID 1135692: Resource leak (RESOURCE_LEAK)
/external/public-domain/sqlite/dist/shell.c: 3118 in process_input()
3112 if( !_all_whitespace(zSql) ){
3113 fprintf(stderr, "Error: incomplete SQL: %s\n", zSql);
3114 }
3115 free(zSql);
3116 }
3117 free(zLine);
>>> CID 1135692: Resource leak (RESOURCE_LEAK)
>>> Variable "zSql" going out of scope leaks the storage it points to.
3118 return errCnt>0;
3119 }
3120
3121 /*
3122 ** Return a pathname which is the user's home directory. A
3123 ** 0 return indicates an error of some kind.
________________________________________________________________________________________________________
*** CID 1127339: Wrong sizeof argument (SIZEOF_MISMATCH)
/external/public-domain/sqlite/dist/sqlite3.c: 81981 in statInit()
81975 p->aBest[i].iCol = i;
81976 }
81977 }
81978 #endif
81979
81980 /* Return a pointer to the allocated object to the caller */
>>> CID 1127339: Wrong sizeof argument (SIZEOF_MISMATCH)
>>> Passing argument "p" of type "Stat4Accum *" and argument "8 /* sizeof
>>> (p) */" to function "sqlite3_result_blob(sqlite3_context *, void const *,
>>> int, void (*)(void *))" is suspicious. Did you intend to use "sizeof(*p)"
>>> instead of "sizeof (p)" ?
81981 sqlite3_result_blob(context, p, sizeof(p), stat4Destructor);
81982 }
81983 static const FuncDef statInitFuncdef = {
81984 1+IsStat34, /* nArg */
81985 SQLITE_UTF8, /* funcFlags */
81986 0, /* pUserData */
________________________________________________________________________________________________________
*** CID 1154541: Use of untrusted scalar value (TAINTED_SCALAR)
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
3025 int errCnt = 0; /* Number of errors seen */
3026 int lineno = 0; /* Current line number */
3027 int startline = 0; /* Line number for start of current input
*/
3028
3029 while( errCnt==0 || !bail_on_error || (in==0 &&
stdin_is_interactive) ){
3030 fflush(p->out);
>>> CID 1154541: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "zLine" = "one_input_line(FILE *, char *, int)", which
>>> taints "zLine".
3031 zLine = one_input_line(in, zLine, nSql>0);
3032 if( zLine==0 ){
3033 /* End of input */
3034 if( stdin_is_interactive ) printf("\n");
3035 break;
3036 }
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
3025 int errCnt = 0; /* Number of errors seen */
3026 int lineno = 0; /* Current line number */
3027 int startline = 0; /* Line number for start of current input
*/
3028
3029 while( errCnt==0 || !bail_on_error || (in==0 &&
stdin_is_interactive) ){
3030 fflush(p->out);
>>> CID 1154541: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "zLine" = "one_input_line(FILE *, char *, int)", which
>>> taints "zLine".
3031 zLine = one_input_line(in, zLine, nSql>0);
3032 if( zLine==0 ){
3033 /* End of input */
3034 if( stdin_is_interactive ) printf("\n");
3035 break;
3036 }
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
3025 int errCnt = 0; /* Number of errors seen */
3026 int lineno = 0; /* Current line number */
3027 int startline = 0; /* Line number for start of current input
*/
3028
3029 while( errCnt==0 || !bail_on_error || (in==0 &&
stdin_is_interactive) ){
3030 fflush(p->out);
>>> CID 1154541: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "zLine" = "one_input_line(FILE *, char *, int)", which
>>> taints "zLine".
3031 zLine = one_input_line(in, zLine, nSql>0);
3032 if( zLine==0 ){
3033 /* End of input */
3034 if( stdin_is_interactive ) printf("\n");
3035 break;
3036 }
/external/public-domain/sqlite/dist/shell.c: 3031 in process_input()
3025 int errCnt = 0; /* Number of errors seen */
3026 int lineno = 0; /* Current line number */
3027 int startline = 0; /* Line number for start of current input
*/
3028
3029 while( errCnt==0 || !bail_on_error || (in==0 &&
stdin_is_interactive) ){
3030 fflush(p->out);
>>> CID 1154541: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "zLine" = "one_input_line(FILE *, char *, int)", which
>>> taints "zLine".
3031 zLine = one_input_line(in, zLine, nSql>0);
3032 if( zLine==0 ){
3033 /* End of input */
3034 if( stdin_is_interactive ) printf("\n");
3035 break;
3036 }
________________________________________________________________________________________________________
*** CID 1135687: Use of untrusted string value (TAINTED_STRING)
/external/public-domain/sqlite/dist/shell.c: 3073 in process_input()
3067 }
3068 nSqlPrior = nSql;
3069 if( nSql==0 ){
3070 int i;
3071 for(i=0; zLine[i] && IsSpace(zLine[i]); i++){}
3072 assert( nAlloc>0 && zSql!=0 );
>>> CID 1135687: Use of untrusted string value (TAINTED_STRING)
>>> Call to function "memcpy(void * restrict, void const * restrict,
>>> size_t)" with tainted argument "zLine + i" transitively taints "zSql".
3073 memcpy(zSql, zLine+i, nLine+1-i);
3074 startline = lineno;
3075 nSql = nLine-i;
3076 }else{
3077 zSql[nSql++] = '\n';
3078 memcpy(zSql+nSql, zLine, nLine+1);
/external/public-domain/sqlite/dist/shell.c: 3078 in process_input()
3072 assert( nAlloc>0 && zSql!=0 );
3073 memcpy(zSql, zLine+i, nLine+1-i);
3074 startline = lineno;
3075 nSql = nLine-i;
3076 }else{
3077 zSql[nSql++] = '\n';
>>> CID 1135687: Use of untrusted string value (TAINTED_STRING)
>>> Call to function "memcpy(void * restrict, void const * restrict,
>>> size_t)" with tainted argument "zLine" transitively taints "zSql".
3078 memcpy(zSql+nSql, zLine, nLine+1);
3079 nSql += nLine;
3080 }
3081 if( nSql && line_contains_semicolon(&zSql[nSqlPrior],
nSql-nSqlPrior)
3082 && sqlite3_complete(zSql) ){
3083 p->cnt = 0;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/156?tab=Overview
To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py
Home |
Main Index |
Thread Index |
Old Index