Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Several defects detected by coverity #186

Open
pespin opened this issue Mar 27, 2024 · 1 comment
Open

Several defects detected by coverity #186

pespin opened this issue Mar 27, 2024 · 1 comment

Comments

@pespin
Copy link

pespin commented Mar 27, 2024

I recently updated the generated asn1 code in osmo-cbc [1] using current branch mouse07410/vlm_master (12b8e55).

osmo-cbc is being monitored by Coverity as part of the osmocom project [2].

The as1nc generated code changes to osmo-cbc triggered a new scan from coverity with the following new defects reported below. I paste the email report as I received it to my email.

[1] https://gitea.osmocom.org/cellular-infrastructure/osmo-cbc/commit/538bc4c69943cd031a4dc2c74ad6f30d5e5cd0b6
[2] https://scan.coverity.com/projects/osmocom

Hi,

Please find the latest report on new defect(s) introduced to Osmocom found with Coverity Scan.

3 new defect(s) introduced to Osmocom found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 356785:  Integer handling issues  (BAD_SHIFT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/aper_support.c: 345 in aper_put_constrained_whole_number()


________________________________________________________________________________________________________
*** CID 356785:  Integer handling issues  (BAD_SHIFT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/aper_support.c: 345 in aper_put_constrained_whole_number()
339     
340             /* X.691 2002 10.5.7.4 - The indefinite length case. */
341             /* since we limit input to be 'long' we don't handle all numbers */
342             /* and so length determinant is stored as X.691 2002 10.9.3.3 */
343             /* number of bytes to store the range */
344             for (range_len = 3; ; range_len++) {
>>>     CID 356785:  Integer handling issues  (BAD_SHIFT)
>>>     In expression "1 << 8 * range_len", left shifting by more than 31 bits has undefined behavior.  The shift amount, "8 * range_len", is 32.
345                     int bits = 1 << (8 * range_len);
346                     if (range - 1 < bits)
347                             break;
348             }
349             /* number of bytes to store the value */
350             for (value_len = 1; ; value_len++) {

** CID 356784:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/INTEGER.c: 421 in asn_INTEGER2int64()


________________________________________________________________________________________________________
*** CID 356784:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/INTEGER.c: 421 in asn_INTEGER2int64()
415         return asn_imax2INTEGER(st, value);
416     }
417     
418     int asn_INTEGER2int64(const INTEGER_t *st, int64_t *value) {
419         intmax_t v;
420         if(asn_INTEGER2imax(st, &v) == 0) {
>>>     CID 356784:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
>>>     "v < -9223372036854775808L /* -9223372036854775807L - 1 */" is always false regardless of the values of its operands. This occurs as the logical first operand of "||".
421             if(v < INT64_MIN || v > INT64_MAX) {
422                 errno = ERANGE;
423                 return -1;
424             }
425             *value = v;
426             return 0;

** CID 356783:  Integer handling issues  (BAD_SHIFT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/aper_support.c: 272 in aper_put_nsnnwn()


________________________________________________________________________________________________________
*** CID 356783:  Integer handling issues  (BAD_SHIFT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/aper_support.c: 272 in aper_put_nsnnwn()
266                     len = 1;
267             } else if (number < 65536) {
268                     len = 2;
269             } else { /* number > 64K */
270                     int i;
271                     for (i = 3; ; i++) {
>>>     CID 356783:  Integer handling issues  (BAD_SHIFT)
>>>     In expression "1 << 8 * i", left shifting by more than 31 bits has undefined behavior.  The shift amount, "8 * i", is 32.
272                             int bits = 1 << (8 * i);
273                             if (number < bits)
274                                     break;
275                     }
276                     len = i;
277             }
@mouse07410
Copy link
Owner

Any suggestion how to fix those potential range problems?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pespin @mouse07410