libksba coverity static analysis reports
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Jakuje
	Apr 14 2021, 10:46 AM

Description

Coverity reported also couple of potential issues for libksba (including the identical branches I mentioned in T5393 -- I do non insist on this suppression, but I included it for completeness). Again, nothing super-important, but worth fixing.

libksba-coverity.patch4 KBDownload

Details

Version: 1.5.1

Revisions and Commits

rK libksba
	rKfbb1f303198b Fixes for static analysis reports.

Related Objects

Mentioned In: T5479: Release LibKSBA 1.6.0
Mentioned Here: T5393: gnupg coverity static analysis reports

Event Timeline

Jakuje created this task.Apr 14 2021, 10:46 AM

• werner triaged this task as Normal priority.Apr 14 2021, 8:59 PM

• gniibe claimed this task.Apr 20 2021, 2:39 AM

I can't see null pointer de-reference (you claimed) in [4/5].
Could you please elaborate?

I applied 1,2,3, and 5 in rKfbb1f303198b: Fixes for static analysis reports.

• gniibe added a commit: rKfbb1f303198b: Fixes for static analysis reports..Apr 20 2021, 6:33 AM

In T5395#145417, @gniibe wrote:

I can't see null pointer de-reference (you claimed) in [4/5].
Could you please elaborate?

The report was along these lines:

Error: CLANG_WARNING: [#def23]
libksba-1.5.0/src/ber-decoder.c:1296:22: warning[core.NullDereference]: Array access (from variable 'buf') results in a null pointer dereference
# 1294|                 if ( (c=read_byte (d->reader)) == -1)
# 1295|                   err = eof_or_error (d, 1);
# 1296|->               buf[n] = c;
# 1297|               }
# 1298|             if (err)

but having better look, it is false positive as the for condition contains the !err part, which I initially missed.

Thank you for checking.

Thank you for your confirmation. Closing.

• werner mentioned this in T5479: Release LibKSBA 1.6.0.Jun 10 2021, 2:59 PM