[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget
From: |
Darshit Shah |
Subject: |
[Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget |
Date: |
Sat, 15 Aug 2015 15:41:56 +0530 |
I just ran coverity scan against the latest git code and it came up
with a bunch of new defects. Maybe we should take a look at them when
possible?
---------- Forwarded message ----------
From: <address@hidden>
Date: Sat, Aug 15, 2015 at 3:33 PM
Subject: New Defects reported by Coverity Scan for GNU Wget
To: address@hidden
Hi,
Please find the latest report on new defect(s) introduced to GNU Wget
found with Coverity Scan.
8 new defect(s) introduced to GNU Wget found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 8 of 8 defect(s)
** CID 1316412: Control flow issues (DEADCODE)
/src/http.c: 2862 in metalink_from_http()
________________________________________________________________________________________________________
*** CID 1316412: Control flow issues (DEADCODE)
/src/http.c: 2862 in metalink_from_http()
2856
2857 return metalink;
2858
2859 fail:
2860 /* Free all allocated memory. */
2861 if (metalink)
>>> CID 1316412: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "metalink_delete(metalink);".
2862 metalink_delete (metalink);
2863 else
2864 metalink_file_delete (mfile);
2865 return NULL;
2866 }
2867 #endif /* HAVE_METALINK */
** CID 1316411: (FORWARD_NULL)
/src/recur.c: 438 in retrieve_tree()
/src/recur.c: 438 in retrieve_tree()
________________________________________________________________________________________________________
*** CID 1316411: (FORWARD_NULL)
/src/recur.c: 438 in retrieve_tree()
432 if (children)
433 {
434 struct urlpos *child = children;
435 struct url *url_parsed = url_parse (url, NULL, i, true);
436 struct iri *ci;
437 char *referer_url = url;
>>> CID 1316411: (FORWARD_NULL)
>>> Comparing "url_parsed" to null implies that "url_parsed" might be null.
438 bool strip_auth = (url_parsed != NULL
439 && url_parsed->user != NULL);
440 assert (url_parsed != NULL);
441
442 /* Strip auth info if present */
443 if (strip_auth)
/src/recur.c: 438 in retrieve_tree()
432 if (children)
433 {
434 struct urlpos *child = children;
435 struct url *url_parsed = url_parse (url, NULL, i, true);
436 struct iri *ci;
437 char *referer_url = url;
>>> CID 1316411: (FORWARD_NULL)
>>> Comparing "url_parsed" to null implies that "url_parsed" might be null.
438 bool strip_auth = (url_parsed != NULL
439 && url_parsed->user != NULL);
440 assert (url_parsed != NULL);
441
442 /* Strip auth info if present */
443 if (strip_auth)
** CID 1316410: Null pointer dereferences (FORWARD_NULL)
/src/metalink.c: 430 in retrieve_from_metalink()
________________________________________________________________________________________________________
*** CID 1316410: Null pointer dereferences (FORWARD_NULL)
/src/metalink.c: 430 in retrieve_from_metalink()
424 && filename != NULL && file_exists_p (filename))
425 {
426 logprintf (LOG_VERBOSE, _("Removing %s.\n"), quote
(filename));
427 if (unlink (filename))
428 logprintf (LOG_NOTQUIET, "unlink: %s\n", strerror (errno));
429 }
>>> CID 1316410: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "output_stream" to "fclose", which dereferences it.
430 fclose (output_stream);
431 output_stream = NULL;
432 xfree (filename);
433 } /* Iterate over files. */
434
435 /* Restore original values. */
** CID 1316409: Integer handling issues (NEGATIVE_RETURNS)
/src/http.c: 2806 in metalink_from_http()
________________________________________________________________________________________________________
*** CID 1316409: Integer handling issues (NEGATIVE_RETURNS)
/src/http.c: 2806 in metalink_from_http()
2800 /* The hash here is assumed to be base64. We need
the hash in hex.
2801 Therefore we convert: base64 -> binary -> hex. */
2802 const size_t dig_hash_str_len = strlen (dig_hash);
2803 char *bin_hash = alloca (dig_hash_str_len * 3 / 4 + 1);
2804 size_t hash_bin_len;
2805
>>> CID 1316409: Integer handling issues (NEGATIVE_RETURNS)
>>> Assigning: unsigned variable "hash_bin_len" = "base64_decode".
2806 hash_bin_len = base64_decode (dig_hash, bin_hash);
2807
2808 /* One slot for me, one for zero-termination. */
2809 mfile->checksums =
2810 xrealloc (mfile->checksums,
2811 sizeof (metalink_checksum_t *) *
(hash_count + 2));
** CID 1316408: Resource leaks (RESOURCE_LEAK)
/src/retr.c: 1007 in retrieve_url()
________________________________________________________________________________________________________
*** CID 1316408: Resource leaks (RESOURCE_LEAK)
/src/retr.c: 1007 in retrieve_url()
1001 RESTORE_METHOD;
1002
1003 bail:
1004 if (register_status)
1005 inform_exit_status (result);
1006
>>> CID 1316408: Resource leaks (RESOURCE_LEAK)
>>> Variable "u" going out of scope leaks the storage it points to.
1007 return result;
1008 }
1009
1010 /* Find the URLs in the file and call retrieve_url() for each of them.
1011 If HTML is true, treat the file as HTML, and construct the URLs
1012 accordingly.
** CID 1316407: Resource leaks (RESOURCE_LEAK)
/src/http.c: 2679 in metalink_from_http()
________________________________________________________________________________________________________
*** CID 1316407: Resource leaks (RESOURCE_LEAK)
/src/http.c: 2679 in metalink_from_http()
2673
2674 sig_count++;
2675 }
2676 }
2677 }
2678 fclose (output_stream);
>>> CID 1316407: Resource leaks (RESOURCE_LEAK)
>>> Variable "iri" going out of scope leaks the storage it points to.
2679 }
2680 else
2681 {
2682 logputs (LOG_NOTQUIET, _("Could not create
temporary file. "
2683 "Skipping signature
download.\n"));
2684 }
** CID 1316406: (RESOURCE_LEAK)
/src/http.c: 1277 in parse_strict_transport_security()
/src/http.c: 1307 in parse_strict_transport_security()
/src/http.c: 1307 in parse_strict_transport_security()
________________________________________________________________________________________________________
*** CID 1316406: (RESOURCE_LEAK)
/src/http.c: 1277 in parse_strict_transport_security()
1271 if (header)
1272 {
1273 /* Process the STS header. Keys should be matched
case-insensitively. */
1274 for (; extract_param (&header, &name, &value, ';',
&is_url_encoded); is_url_encoded = false)
1275 {
1276 if (BOUNDED_EQUAL_NO_CASE(name.b, name.e, "max-age"))
>>> CID 1316406: (RESOURCE_LEAK)
>>> Overwriting "c_max_age" in "c_max_age = strdupdelim(value.b, value.e)"
>>> leaks the storage that "c_max_age" points to.
1277 c_max_age = strdupdelim (value.b, value.e);
1278 else if (BOUNDED_EQUAL_NO_CASE(name.b, name.e,
"includeSubDomains"))
1279 is = true;
1280 }
1281
1282 /* pass the parsed values over */
/src/http.c: 1307 in parse_strict_transport_security()
1301 /* something weird happened */
1302 logprintf (LOG_VERBOSE, "Could not parse
String-Transport-Security header\n");
1303 success = false;
1304 }
1305 }
1306
>>> CID 1316406: (RESOURCE_LEAK)
>>> Variable "c_max_age" going out of scope leaks the storage it points to.
1307 return success;
1308 }
1309 #endif
1310
1311 /* Persistent connections. Currently, we cache the most recently used
1312 connection as persistent, provided that the HTTP server agrees to
/src/http.c: 1307 in parse_strict_transport_security()
1301 /* something weird happened */
1302 logprintf (LOG_VERBOSE, "Could not parse
String-Transport-Security header\n");
1303 success = false;
1304 }
1305 }
1306
>>> CID 1316406: (RESOURCE_LEAK)
>>> Variable "c_max_age" going out of scope leaks the storage it points to.
1307 return success;
1308 }
1309 #endif
1310
1311 /* Persistent connections. Currently, we cache the most recently used
1312 connection as persistent, provided that the HTTP server agrees to
** CID 1316405: Security best practices violations (SECURE_TEMP)
/src/http.c: 2611 in metalink_from_http()
________________________________________________________________________________________________________
*** CID 1316405: Security best practices violations (SECURE_TEMP)
/src/http.c: 2611 in metalink_from_http()
2605 )
2606 {
2607 /* Download the signature to a temporary file. */
2608 FILE *_output_stream = output_stream;
2609 bool _output_stream_regular = output_stream_regular;
2610
>>> CID 1316405: Security best practices violations (SECURE_TEMP)
>>> "tmpfile" creates files with predictable names, which is unsafe.
2611 output_stream = tmpfile ();
2612 if (output_stream)
2613 {
2614 struct iri *iri = iri_new ();
2615 struct url *url;
2616 int url_err;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/gnu-wget?tab=overview
To manage Coverity Scan email notifications for "address@hidden",
click
https://scan.coverity.com/subscriptions/edit?email=darnir%40gmail.com&token=a247cf0e017fe1ea3e52680a7e0c1fcf
--
Thanking You,
Darshit Shah
- [Bug-wget] Fwd: New Defects reported by Coverity Scan for GNU Wget,
Darshit Shah <=