FAQ
It looks like Coverity ran a new scan today. Here is a summary of new
things it found. If you haven't already, go to
https://scan.coverity.com/projects/191 and poke around. I think you can
just join the Project. I see Nikic's name on the project member list
with today's date, so he figured it out. If it requires an invite let me
know privately and I will send one.

-------- Original Message --------
Subject: New Defects reported by Coverity Scan for PHP
Date: Sat, 19 Oct 2013 12:07:42 -0700
From: scan-admin@coverity.com
To: rasmus@php.net


Hi,

Please find the latest report on new defect(s) introduced to PHP found
with Coverity Scan

Defect(s) Reported-by: Coverity Scan
Showing 7 of 109 defects

** CID 1108571: Structurally dead code (UNREACHABLE)
/ext/gd/gd.c: 5067

** CID 1108570: Uninitialized pointer read (UNINIT)

** CID 1108569: Uninitialized scalar variable (UNINIT)
/ext/zip/lib/zip_source_error.c: 84

** CID 1108568: Uninitialized pointer read (UNINIT)
/ext/gd/libgd/gd_png.c: 340

** CID 1108567: Uninitialized scalar variable (UNINIT)
/ext/gd/libgd/gd_png.c: 336

** CID 1108566: Uninitialized scalar variable (UNINIT)

** CID 1108565: Uninitialized scalar variable (UNINIT)


________________________________________________________________________
CID 1108571: Structurally dead code (UNREACHABLE)

/ext/gd/gd.c: 5067 ( unreachable)
    5064 ZEND_FETCH_RESOURCE(im, gdImagePtr, &IM, -1, "Image", le_gd);
    5065 im_scaled = gdImageScale(im, new_width, new_height);
    5066 goto finish;
CID 1108571: Structurally dead code (UNREACHABLE)
This code cannot be reached: "switch (method) {
   case GD...".
    5067 switch (method) {
    5068 case GD_NEAREST_NEIGHBOUR:
    5069 im_scaled = gdImageScaleNearestNeighbour(im, new_width,
new_height);
    5070 break;
    5071

________________________________________________________________________
CID 1108570: Uninitialized pointer read (UNINIT)

/ext/pdo/pdo_sql_parser.re: 82 ( var_decl)
    79 PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery,
int inquery_len,
    80 char **outquery, int *outquery_len TSRMLS_DC)
    81 {
Declaring variable "s" without initializer.
    82 Scanner s;
    83 char *ptr, *newbuffer;
    84 int t;
    85 int bindno = 0;
    86 int ret = 0;


/ext/pdo/pdo_sql_parser.re: 98 ( uninit_use_in_call)
    95 s.end = inquery + inquery_len + 1;
    96
    97 /* phase 1: look for args */
CID 1108570: Uninitialized pointer read (UNINIT)
Using uninitialized value "s.ptr" when calling "scan(Scanner *)".
    98 while((t = scan(&s)) != PDO_PARSER_EOI) {
    99 if (t == PDO_PARSER_BIND || t == PDO_PARSER_BIND_POS) {
    100 if (t == PDO_PARSER_BIND) {
    101 int len = s.cur - s.tok;
    102 if ((inquery < (s.cur - len)) && isalnum(*(s.cur - len -
1))) {

________________________________________________________________________
CID 1108569: Uninitialized scalar variable (UNINIT)

/ext/zip/lib/zip_source_error.c: 43 ( var_decl)
    40 ZIP_EXTERN(void)
    41 zip_source_error(struct zip_source *src, int *ze, int *se)
    42 {
Declaring variable "e" without initializer.
    43 int e[2];
    44
    45 if (src->src == NULL) {
    46 }
    47 else {


/ext/zip/lib/zip_source_error.c: 84 ( uninit_use)
    81 }
    82
    83 if (ze)
CID 1108569: Uninitialized scalar variable (UNINIT)
Using uninitialized value "e[0]".
    84 *ze = e[0];
    85 if (se)
    86 *se = e[1];
    87 }

________________________________________________________________________
CID 1108568: Uninitialized pointer read (UNINIT)

/ext/gd/libgd/gd_png.c: 126 ( var_decl)
    123 png_uint_32 width, height, rowbytes, w, h;
    124 int bit_depth, color_type, interlace_type;
    125 int num_palette, num_trans;
Declaring variable "palette" without initializer.
    126 png_colorp palette;
    127 png_color_16p trans_gray_rgb;
    128 png_color_16p trans_color_rgb;
    129 png_bytep trans;
    130 volatile png_bytep image_data = NULL;


/ext/gd/libgd/gd_png.c: 340 ( uninit_use)
    337 /* load the palette and mark all entries "open" (unused) for
now */
    338 open = im->open;
    339 for (i = 0; i < num_palette; ++i) {
CID 1108568: Uninitialized pointer read (UNINIT)
Using uninitialized value "palette".
    340 im->red[i] = palette[i].red;
    341 im->green[i] = palette[i].green;
    342 im->blue[i] = palette[i].blue;
    343 open[i] = 1;
    344 }

________________________________________________________________________
CID 1108567: Uninitialized scalar variable (UNINIT)

/ext/gd/libgd/gd_png.c: 125 ( var_decl)
    122 png_infop info_ptr;
    123 png_uint_32 width, height, rowbytes, w, h;
    124 int bit_depth, color_type, interlace_type;
Declaring variable "num_palette" without initializer.
    125 int num_palette, num_trans;
    126 png_colorp palette;
    127 png_color_16p trans_gray_rgb;
    128 png_color_16p trans_color_rgb;
    129 png_bytep trans;


/ext/gd/libgd/gd_png.c: 336 ( uninit_use)
    333 png_read_end(png_ptr, NULL); /* ...done! */
    334
    335 if (!im->trueColor) {
CID 1108567: Uninitialized scalar variable (UNINIT)
Using uninitialized value "num_palette".
    336 im->colorsTotal = num_palette;
    337 /* load the palette and mark all entries "open" (unused) for
now */
    338 open = im->open;
    339 for (i = 0; i < num_palette; ++i) {
    340 im->red[i] = palette[i].red;

________________________________________________________________________
CID 1108566: Uninitialized scalar variable (UNINIT)

/sapi/fpm/fpm/fastcgi.c: 429 ( var_decl)
    426 char buf[128];
    427 char *tmp = buf;
    428 size_t buf_size = sizeof(buf);
Declaring variable "val_len" without initializer.
    429 int name_len, val_len;
    430 uint eff_name_len;
    431 char *s;
    432 int ret = 1;
    433 size_t bytes_consumed;


/sapi/fpm/fpm/fastcgi.c: 443 ( uninit_use_in_call)
    440 break;
    441 }
    442 p += bytes_consumed;
CID 1108566: Uninitialized scalar variable (UNINIT)
Using uninitialized value "val_len" when calling "fcgi_get_params_len(int *, unsigned char *, unsigned char *)".
    443 bytes_consumed = fcgi_get_params_len(&val_len, p, end);
    444 if (!bytes_consumed) {
    445 /* Malformated request */
    446 ret = 0;
    447 break;

________________________________________________________________________
CID 1108565: Uninitialized scalar variable (UNINIT)

/sapi/fpm/fpm/fastcgi.c: 429 ( var_decl)
    426 char buf[128];
    427 char *tmp = buf;
    428 size_t buf_size = sizeof(buf);
Declaring variable "name_len" without initializer.
    429 int name_len, val_len;
    430 uint eff_name_len;
    431 char *s;
    432 int ret = 1;
    433 size_t bytes_consumed;


/sapi/fpm/fpm/fastcgi.c: 436 ( uninit_use_in_call)
    433 size_t bytes_consumed;
    434
    435 while (p < end) {
CID 1108565: Uninitialized scalar variable (UNINIT)
Using uninitialized value "name_len" when calling "fcgi_get_params_len(int *, unsigned char *, unsigned char *)".
    436 bytes_consumed = fcgi_get_params_len(&name_len, p, end);
    437 if (!bytes_consumed) {
    438 /* Malformated request */
    439 ret = 0;
    440 break;

________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com

To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py

Search Discussions

  • Ferenc Kovacs at Oct 20, 2013 at 12:40 am

    On Sun, Oct 20, 2013 at 2:29 AM, Rasmus Lerdorf wrote:

    It looks like Coverity ran a new scan today. Here is a summary of new
    things it found. If you haven't already, go to
    https://scan.coverity.com/projects/191 and poke around. I think you can
    just join the Project. I see Nikic's name on the project member list
    with today's date, so he figured it out. If it requires an invite let me
    know privately and I will send one.

    -------- Original Message --------
    Subject: New Defects reported by Coverity Scan for PHP
    Date: Sat, 19 Oct 2013 12:07:42 -0700
    From: scan-admin@coverity.com
    To: rasmus@php.net


    Hi,

    Please find the latest report on new defect(s) introduced to PHP found
    with Coverity Scan

    Defect(s) Reported-by: Coverity Scan
    Showing 7 of 109 defects

    ** CID 1108571: Structurally dead code (UNREACHABLE)
    /ext/gd/gd.c: 5067

    ** CID 1108570: Uninitialized pointer read (UNINIT)

    ** CID 1108569: Uninitialized scalar variable (UNINIT)
    /ext/zip/lib/zip_source_error.c: 84

    ** CID 1108568: Uninitialized pointer read (UNINIT)
    /ext/gd/libgd/gd_png.c: 340

    ** CID 1108567: Uninitialized scalar variable (UNINIT)
    /ext/gd/libgd/gd_png.c: 336

    ** CID 1108566: Uninitialized scalar variable (UNINIT)

    ** CID 1108565: Uninitialized scalar variable (UNINIT)


    ________________________________________________________________________
    CID 1108571: Structurally dead code (UNREACHABLE)

    /ext/gd/gd.c: 5067 ( unreachable)
    5064 ZEND_FETCH_RESOURCE(im, gdImagePtr, &IM, -1, "Image",
    le_gd);
    5065 im_scaled = gdImageScale(im, new_width, new_height);
    5066 goto finish;
    CID 1108571: Structurally dead code (UNREACHABLE)
    This code cannot be reached: "switch (method) {
    case GD...".
    5067 switch (method) {
    5068 case GD_NEAREST_NEIGHBOUR:
    5069 im_scaled =
    gdImageScaleNearestNeighbour(im, new_width,
    new_height);
    5070 break;
    5071

    ________________________________________________________________________
    CID 1108570: Uninitialized pointer read (UNINIT)

    /ext/pdo/pdo_sql_parser.re: 82 ( var_decl)
    79 PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery,
    int inquery_len,
    80 char **outquery, int *outquery_len TSRMLS_DC)
    81 {
    Declaring variable "s" without initializer.
    82 Scanner s;
    83 char *ptr, *newbuffer;
    84 int t;
    85 int bindno = 0;
    86 int ret = 0;


    /ext/pdo/pdo_sql_parser.re: 98 ( uninit_use_in_call)
    95 s.end = inquery + inquery_len + 1;
    96
    97 /* phase 1: look for args */
    CID 1108570: Uninitialized pointer read (UNINIT)
    Using uninitialized value "s.ptr" when calling "scan(Scanner *)".
    98 while((t = scan(&s)) != PDO_PARSER_EOI) {
    99 if (t == PDO_PARSER_BIND || t ==
    PDO_PARSER_BIND_POS) {
    100 if (t == PDO_PARSER_BIND) {
    101 int len = s.cur - s.tok;
    102 if ((inquery < (s.cur - len)) &&
    isalnum(*(s.cur - len -
    1))) {

    ________________________________________________________________________
    CID 1108569: Uninitialized scalar variable (UNINIT)

    /ext/zip/lib/zip_source_error.c: 43 ( var_decl)
    40 ZIP_EXTERN(void)
    41 zip_source_error(struct zip_source *src, int *ze, int *se)
    42 {
    Declaring variable "e" without initializer.
    43 int e[2];
    44
    45 if (src->src == NULL) {
    46 }
    47 else {


    /ext/zip/lib/zip_source_error.c: 84 ( uninit_use)
    81 }
    82
    83 if (ze)
    CID 1108569: Uninitialized scalar variable (UNINIT)
    Using uninitialized value "e[0]".
    84 *ze = e[0];
    85 if (se)
    86 *se = e[1];
    87 }

    ________________________________________________________________________
    CID 1108568: Uninitialized pointer read (UNINIT)

    /ext/gd/libgd/gd_png.c: 126 ( var_decl)
    123 png_uint_32 width, height, rowbytes, w, h;
    124 int bit_depth, color_type, interlace_type;
    125 int num_palette, num_trans;
    Declaring variable "palette" without initializer.
    126 png_colorp palette;
    127 png_color_16p trans_gray_rgb;
    128 png_color_16p trans_color_rgb;
    129 png_bytep trans;
    130 volatile png_bytep image_data = NULL;


    /ext/gd/libgd/gd_png.c: 340 ( uninit_use)
    337 /* load the palette and mark all entries "open"
    (unused) for
    now */
    338 open = im->open;
    339 for (i = 0; i < num_palette; ++i) {
    CID 1108568: Uninitialized pointer read (UNINIT)
    Using uninitialized value "palette".
    340 im->red[i] = palette[i].red;
    341 im->green[i] = palette[i].green;
    342 im->blue[i] = palette[i].blue;
    343 open[i] = 1;
    344 }

    ________________________________________________________________________
    CID 1108567: Uninitialized scalar variable (UNINIT)

    /ext/gd/libgd/gd_png.c: 125 ( var_decl)
    122 png_infop info_ptr;
    123 png_uint_32 width, height, rowbytes, w, h;
    124 int bit_depth, color_type, interlace_type;
    Declaring variable "num_palette" without initializer.
    125 int num_palette, num_trans;
    126 png_colorp palette;
    127 png_color_16p trans_gray_rgb;
    128 png_color_16p trans_color_rgb;
    129 png_bytep trans;


    /ext/gd/libgd/gd_png.c: 336 ( uninit_use)
    333 png_read_end(png_ptr, NULL); /* ...done! */
    334
    335 if (!im->trueColor) {
    CID 1108567: Uninitialized scalar variable (UNINIT)
    Using uninitialized value "num_palette".
    336 im->colorsTotal = num_palette;
    337 /* load the palette and mark all entries "open"
    (unused) for
    now */
    338 open = im->open;
    339 for (i = 0; i < num_palette; ++i) {
    340 im->red[i] = palette[i].red;

    ________________________________________________________________________
    CID 1108566: Uninitialized scalar variable (UNINIT)

    /sapi/fpm/fpm/fastcgi.c: 429 ( var_decl)
    426 char buf[128];
    427 char *tmp = buf;
    428 size_t buf_size = sizeof(buf);
    Declaring variable "val_len" without initializer.
    429 int name_len, val_len;
    430 uint eff_name_len;
    431 char *s;
    432 int ret = 1;
    433 size_t bytes_consumed;


    /sapi/fpm/fpm/fastcgi.c: 443 ( uninit_use_in_call)
    440 break;
    441 }
    442 p += bytes_consumed;
    CID 1108566: Uninitialized scalar variable (UNINIT)
    Using uninitialized value "val_len" when calling
    "fcgi_get_params_len(int *, unsigned char *, unsigned char *)".
    443 bytes_consumed = fcgi_get_params_len(&val_len, p,
    end);
    444 if (!bytes_consumed) {
    445 /* Malformated request */
    446 ret = 0;
    447 break;

    ________________________________________________________________________
    CID 1108565: Uninitialized scalar variable (UNINIT)

    /sapi/fpm/fpm/fastcgi.c: 429 ( var_decl)
    426 char buf[128];
    427 char *tmp = buf;
    428 size_t buf_size = sizeof(buf);
    Declaring variable "name_len" without initializer.
    429 int name_len, val_len;
    430 uint eff_name_len;
    431 char *s;
    432 int ret = 1;
    433 size_t bytes_consumed;


    /sapi/fpm/fpm/fastcgi.c: 436 ( uninit_use_in_call)
    433 size_t bytes_consumed;
    434
    435 while (p < end) {
    CID 1108565: Uninitialized scalar variable (UNINIT)
    Using uninitialized value "name_len" when calling
    "fcgi_get_params_len(int *, unsigned char *, unsigned char *)".
    436 bytes_consumed = fcgi_get_params_len(&name_len, p,
    end);
    437 if (!bytes_consumed) {
    438 /* Malformated request */
    439 ret = 0;
    440 break;

    ________________________________________________________________________
    To view the defects in Coverity Scan visit, http://scan.coverity.com

    To unsubscribe from the email notification for new defects,
    http://scan5.coverity.com/cgi-bin/unsubscribe.py



    --
    PHP Internals - PHP Runtime Development Mailing List
    To unsubscribe, visit: http://www.php.net/unsub.php
    Hi, according to my irc backlog, Felipe talked to the Coverity guys today
    and figured out that they changed their workflow so that we have to send
    our build to them for analyzing, and they mentioned that most floss project
    automated this process (which I think we should also).
    Felipe was added to our coverity project, and he approved Nikita's account
    request
    For those interested and not (yet) having an account: one can sign up at
    https://scan.coverity.com/users/sign_in and after signing in you can look
    up the php project, and click on the add me to the project link then the
    admins can accept the request.

    --
    Ferenc Kovács
    @Tyr43l - http://tyrael.hu

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-internals @
categoriesphp
postedOct 20, '13 at 12:29a
activeOct 20, '13 at 12:40a
posts2
users2
websitephp.net

2 users in discussion

Rasmus Lerdorf: 1 post Ferenc Kovacs: 1 post

People

Translate

site design / logo © 2022 Grokbase