[PHP-INTERNALS] Fwd: New Defects reported by Coverity Scan for PHP

On Sun, Oct 20, 2013 at 2:29 AM, Rasmus Lerdorf wrote:

It looks like Coverity ran a new scan today. Here is a summary of new
things it found. If you haven't already, go to
https://scan.coverity.com/projects/191 and poke around. I think you can
just join the Project. I see Nikic's name on the project member list
with today's date, so he figured it out. If it requires an invite let me
know privately and I will send one.

-------- Original Message --------
Subject: New Defects reported by Coverity Scan for PHP
Date: Sat, 19 Oct 2013 12:07:42 -0700
From: scan-admin@coverity.com
To: rasmus@php.net


Hi,

Please find the latest report on new defect(s) introduced to PHP found
with Coverity Scan

Defect(s) Reported-by: Coverity Scan
Showing 7 of 109 defects

** CID 1108571: Structurally dead code (UNREACHABLE)
/ext/gd/gd.c: 5067

** CID 1108570: Uninitialized pointer read (UNINIT)

** CID 1108569: Uninitialized scalar variable (UNINIT)
/ext/zip/lib/zip_source_error.c: 84

** CID 1108568: Uninitialized pointer read (UNINIT)
/ext/gd/libgd/gd_png.c: 340

** CID 1108567: Uninitialized scalar variable (UNINIT)
/ext/gd/libgd/gd_png.c: 336

** CID 1108566: Uninitialized scalar variable (UNINIT)

** CID 1108565: Uninitialized scalar variable (UNINIT)


________________________________________________________________________
CID 1108571: Structurally dead code (UNREACHABLE)

/ext/gd/gd.c: 5067 ( unreachable)
5064 ZEND_FETCH_RESOURCE(im, gdImagePtr, &IM, -1, "Image",
le_gd);
5065 im_scaled = gdImageScale(im, new_width, new_height);
5066 goto finish;
case GD...".
5067 switch (method) {
5068 case GD_NEAREST_NEIGHBOUR:
5069 im_scaled =
gdImageScaleNearestNeighbour(im, new_width,
new_height);
5070 break;
5071

________________________________________________________________________
CID 1108570: Uninitialized pointer read (UNINIT)

/ext/pdo/pdo_sql_parser.re: 82 ( var_decl)
79 PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery,
int inquery_len,
80 char **outquery, int *outquery_len TSRMLS_DC)
81 {
82 Scanner s;
83 char *ptr, *newbuffer;
84 int t;
85 int bindno = 0;
86 int ret = 0;


/ext/pdo/pdo_sql_parser.re: 98 ( uninit_use_in_call)
95 s.end = inquery + inquery_len + 1;
96
97 /* phase 1: look for args */
98 while((t = scan(&s)) != PDO_PARSER_EOI) {
99 if (t == PDO_PARSER_BIND || t ==
PDO_PARSER_BIND_POS) {
100 if (t == PDO_PARSER_BIND) {
101 int len = s.cur - s.tok;
102 if ((inquery < (s.cur - len)) &&
isalnum(*(s.cur - len -
1))) {

________________________________________________________________________
CID 1108569: Uninitialized scalar variable (UNINIT)

/ext/zip/lib/zip_source_error.c: 43 ( var_decl)
40 ZIP_EXTERN(void)
41 zip_source_error(struct zip_source *src, int *ze, int *se)
42 {
43 int e[2];
44
45 if (src->src == NULL) {
46 }
47 else {


/ext/zip/lib/zip_source_error.c: 84 ( uninit_use)
81 }
82
83 if (ze)
84 *ze = e[0];
85 if (se)
86 *se = e[1];
87 }

________________________________________________________________________
CID 1108568: Uninitialized pointer read (UNINIT)

/ext/gd/libgd/gd_png.c: 126 ( var_decl)
123 png_uint_32 width, height, rowbytes, w, h;
124 int bit_depth, color_type, interlace_type;
125 int num_palette, num_trans;
126 png_colorp palette;
127 png_color_16p trans_gray_rgb;
128 png_color_16p trans_color_rgb;
129 png_bytep trans;
130 volatile png_bytep image_data = NULL;


/ext/gd/libgd/gd_png.c: 340 ( uninit_use)
337 /* load the palette and mark all entries "open"
(unused) for
now */
338 open = im->open;
339 for (i = 0; i < num_palette; ++i) {
340 im->red[i] = palette[i].red;
341 im->green[i] = palette[i].green;
342 im->blue[i] = palette[i].blue;
343 open[i] = 1;
344 }

________________________________________________________________________
CID 1108567: Uninitialized scalar variable (UNINIT)

/ext/gd/libgd/gd_png.c: 125 ( var_decl)
122 png_infop info_ptr;
123 png_uint_32 width, height, rowbytes, w, h;
124 int bit_depth, color_type, interlace_type;
125 int num_palette, num_trans;
126 png_colorp palette;
127 png_color_16p trans_gray_rgb;
128 png_color_16p trans_color_rgb;
129 png_bytep trans;


/ext/gd/libgd/gd_png.c: 336 ( uninit_use)
333 png_read_end(png_ptr, NULL); /* ...done! */
334
335 if (!im->trueColor) {
336 im->colorsTotal = num_palette;
337 /* load the palette and mark all entries "open"
(unused) for
now */
338 open = im->open;
339 for (i = 0; i < num_palette; ++i) {
340 im->red[i] = palette[i].red;

________________________________________________________________________
CID 1108566: Uninitialized scalar variable (UNINIT)

/sapi/fpm/fpm/fastcgi.c: 429 ( var_decl)
426 char buf[128];
427 char *tmp = buf;
428 size_t buf_size = sizeof(buf);
429 int name_len, val_len;
430 uint eff_name_len;
431 char *s;
432 int ret = 1;
433 size_t bytes_consumed;


/sapi/fpm/fpm/fastcgi.c: 443 ( uninit_use_in_call)
440 break;
441 }
442 p += bytes_consumed;
"fcgi_get_params_len(int *, unsigned char *, unsigned char *)".
443 bytes_consumed = fcgi_get_params_len(&val_len, p,
end);
444 if (!bytes_consumed) {
445 /* Malformated request */
446 ret = 0;
447 break;

________________________________________________________________________
CID 1108565: Uninitialized scalar variable (UNINIT)

/sapi/fpm/fpm/fastcgi.c: 429 ( var_decl)
426 char buf[128];
427 char *tmp = buf;
428 size_t buf_size = sizeof(buf);
429 int name_len, val_len;
430 uint eff_name_len;
431 char *s;
432 int ret = 1;
433 size_t bytes_consumed;


/sapi/fpm/fpm/fastcgi.c: 436 ( uninit_use_in_call)
433 size_t bytes_consumed;
434
435 while (p < end) {
"fcgi_get_params_len(int *, unsigned char *, unsigned char *)".
436 bytes_consumed = fcgi_get_params_len(&name_len, p,
end);
437 if (!bytes_consumed) {
438 /* Malformated request */
439 ret = 0;
440 break;

________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com

To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py



--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php