Hi,
Please find the latest report on new defect(s) introduced to Synchronet found with Coverity Scan.
9 new defect(s) introduced to Synchronet found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)
** CID 349947: (CHECKED_RETURN)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/jsapi.cpp: 3959 in JS_ClearScope()
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/jsapi.cpp: 3965 in JS_ClearScope()
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/jsapi.cpp: 3973 in JS_ClearScope()
________________________________________________________________________________________________________
*** CID 349947: (CHECKED_RETURN)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/jsapi.cpp: 3959 in JS_ClearScope()
3953 /* Clear cached class objects on the global object. */
3954 if (obj->isGlobal()) {
3955 /* This can return false but that doesn't mean it failed. */
3956 obj->unbrand(cx);
3957
3958 for (int key = JSProto_Null; key < JSProto_LIMIT * 3; key++)
>>> CID 349947: (CHECKED_RETURN)
>>> Calling "JS_SetReservedSlot" without checking return value (as is done elsewhere 38 out of 43 times).
3959 JS_SetReservedSlot(cx, obj, key, JSVAL_VOID);
3960
3961 /* Clear regexp statics. */
3962 RegExpStatics::extractFrom(obj)->clear();
3963
3964 /* Clear the CSP eval-is-allowed cache. */
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/jsapi.cpp: 3965 in JS_ClearScope()
3959 JS_SetReservedSlot(cx, obj, key, JSVAL_VOID);
3960
3961 /* Clear regexp statics. */
3962 RegExpStatics::extractFrom(obj)->clear();
3963
3964 /* Clear the CSP eval-is-allowed cache. */
>>> CID 349947: (CHECKED_RETURN)
>>> Calling "JS_SetReservedSlot" without checking return value (as is done elsewhere 38 out of 43 times).
3965 JS_SetReservedSlot(cx, obj, JSRESERVED_GLOBAL_EVAL_ALLOWED, JSVAL_VOID);
3966
3967 /*
3968 * Mark global as cleared. If we try to execute any compile-and-go
3969 * scripts from here on, we will throw.
3970 */
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/jsapi.cpp: 3973 in JS_ClearScope()
3967 /*
3968 * Mark global as cleared. If we try to execute any compile-and-go
3969 * scripts from here on, we will throw.
3970 */
3971 int32 flags = obj->getReservedSlot(JSRESERVED_GLOBAL_FLAGS).toInt32();
3972 flags |= JSGLOBAL_FLAGS_CLEARED;
>>> CID 349947: (CHECKED_RETURN)
>>> Calling "JS_SetReservedSlot" without checking return value (as is done elsewhere 38 out of 43 times).
3973 JS_SetReservedSlot(cx, obj, JSRESERVED_GLOBAL_FLAGS, Jsvalify(Int32Value(flags)));
3974 }
3975
3976 js_InitRandom(cx);
3977 }
3978
** CID 349946: Error handling issues (CHECKED_RETURN)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/Library.cpp: 259 in js::ctypes::Library::Close(JSContext *, unsigned int, unsigned long *)()
________________________________________________________________________________________________________
*** CID 349946: Error handling issues (CHECKED_RETURN)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/Library.cpp: 259 in js::ctypes::Library::Close(JSContext *, unsigned int, unsigned long *)()
253 JS_ReportError(cx, "close doesn't take any arguments");
254 return JS_FALSE;
255 }
256
257 // delete our internal objects
258 Finalize(cx, obj);
>>> CID 349946: Error handling issues (CHECKED_RETURN)
>>> Calling "JS_SetReservedSlot" without checking return value (as is done elsewhere 38 out of 43 times).
259 JS_SetReservedSlot(cx, obj, SLOT_LIBRARY, PRIVATE_TO_JSVAL(NULL));
260
261 JS_SET_RVAL(cx, vp, JSVAL_VOID);
262 return JS_TRUE;
263 }
264
** CID 349945: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 349945: Null pointer dereferences (FORWARD_NULL)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/CTypes.cpp: 4834 in js::ctypes::FunctionType::Create(JSContext *, unsigned int, unsigned long *)()
4828 }
4829
4830 // Pull out the argument types from the array, if any.
4831 JS_ASSERT(!argTypes.length() || arrayObj);
4832 js::AutoArrayRooter items(cx, argTypes.length(), argTypes.begin());
4833 for (jsuint i = 0; i < argTypes.length(); ++i) {
>>> CID 349945: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "arrayObj" to "JS_GetElement", which dereferences it.
4834 if (!JS_GetElement(cx, arrayObj, i, &argTypes[i]))
4835 return JS_FALSE;
4836 }
4837
4838 JSObject* result = CreateInternal(cx, argv[0], argv[1],
4839 argTypes.begin(), argTypes.length());
** CID 43174: Security best practices violations (SECURE_TEMP)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 226 in open_temp_exec_file_name()
________________________________________________________________________________________________________
*** CID 43174: Security best practices violations (SECURE_TEMP)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 226 in open_temp_exec_file_name()
220 static size_t execsize = 0;
221
222 /* Open a temporary file name, and immediately unlink it. */
223 static int
224 open_temp_exec_file_name (char *name)
225 {
>>> CID 43174: Security best practices violations (SECURE_TEMP)
>>> Calling "mkstemp" without securely setting umask first.
226 int fd = mkstemp (name);
227
228 if (fd != -1)
229 unlink (name);
230
231 return fd;
** CID 43169: Resource leaks (RESOURCE_LEAK)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 436 in dlmmap_locked()
________________________________________________________________________________________________________
*** CID 43169: Resource leaks (RESOURCE_LEAK)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 436 in dlmmap_locked()
430 }
431
432 mmap_exec_offset ((char *)start, length) = (char*)ptr - (char*)start;
433
434 execsize += length;
435
>>> CID 43169: Resource leaks (RESOURCE_LEAK)
>>> Variable "ptr" going out of scope leaks the storage it points to.
436 return start;
437 }
438
439 /* Map in a writable and executable chunk of memory if possible.
440 Failing that, fall back to dlmmap_locked. */
441 static void *
** CID 43149: Control flow issues (MISSING_BREAK)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/x86/ffi64.c: 148 in classify_argument()
________________________________________________________________________________________________________
*** CID 43149: Control flow issues (MISSING_BREAK)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/x86/ffi64.c: 148 in classify_argument()
142 case FFI_TYPE_UINT16:
143 case FFI_TYPE_SINT16:
144 case FFI_TYPE_UINT32:
145 case FFI_TYPE_SINT32:
146 case FFI_TYPE_UINT64:
147 case FFI_TYPE_SINT64:
>>> CID 43149: Control flow issues (MISSING_BREAK)
>>> The case for value "14" is not terminated by a "break" statement.
148 case FFI_TYPE_POINTER:
149 {
150 int size = byte_offset + type->size;
151
152 if (size <= 4)
153 {
** CID 43148: Program hangs (LOCK)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 4350 in dlfree()
________________________________________________________________________________________________________
*** CID 43148: Program hangs (LOCK)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 4350 in dlfree()
4344 POSTACTION(fm);
4345 }
4346 }
4347 #if !FOOTERS
4348 #undef fm
4349 #endif /* FOOTERS */
>>> CID 43148: Program hangs (LOCK)
>>> Returning without unlocking "_gm_.mutex".
4350 }
4351
4352 void* dlcalloc(size_t n_elements, size_t elem_size) {
4353 void* mem;
4354 size_t req = 0;
4355 if (n_elements != 0) {
** CID 43147: Program hangs (LOCK)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 4246 in dlmalloc()
________________________________________________________________________________________________________
*** CID 43147: Program hangs (LOCK)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/dlmalloc.c: 4246 in dlmalloc()
4240 }
4241
4242 mem = sys_alloc(gm, nb);
4243
4244 postaction:
4245 POSTACTION(gm);
>>> CID 43147: Program hangs (LOCK)
>>> Returning without unlocking "_gm_.mutex".
4246 return mem;
4247 }
4248
4249 return 0;
4250 }
4251
** CID 43140: Memory - corruptions (BAD_FREE)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 501 in dlmunmap()
________________________________________________________________________________________________________
*** CID 43140: Memory - corruptions (BAD_FREE)
/tmp/sbbs-Feb-28-2022/3rdp/src/mozjs/js-1.8.5/js/src/ctypes/libffi/src/closures.c: 501 in dlmunmap()
495 #if FFI_CLOSURE_TEST
496 printf ("unmapping %zi\n", length);
497 #endif
498
499 if (seg && (code = add_segment_exec_offset (start, seg)) != start)
500 {
>>> CID 43140: Memory - corruptions (BAD_FREE)
>>> "munmap" frees incorrect pointer "code".
501 int ret = munmap (code, length);
502 if (ret)
503 return ret;
504 }
505
506 return munmap (start, length);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp-2FP9gGRhvFklLaQKuBylUrkMFB3WMR2p7qIYKYTZrh4BbWTBf-2B-2Fi5ZUVF-2Fo-2B6flxo-3DBdDU_g4j7BHlu96plUOfCQsO0yRjoWZCZl8YGnZ-2FUtT39hrAWQK-2BbauFoR8oEcd8fVvowWww1uOREp83U-2BQv-2F49ZxHjLovWpQVbJzCo15li7JaqiLVFDhjl0JEgQeQKrnzmY9Xam1jd0jpy91zK33qTfOzOatQbuBkc6tp1BrmOUJzbyc0kg3LQP5h22pzEnSi6XFuU-2FNv7elDIbIVbH0Y0tr0w-3D-3D
--- SBBSecho 3.14-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)
|