[Nasm-bugs] [Bug 3392373] New: bugs found by pvs-studio

no-reply at bugzilla-nasm.gorcunov.org no-reply at bugzilla-nasm.gorcunov.org
Thu Nov 17 01:31:31 PST 2016 

https://bugzilla.nasm.us/show_bug.cgi?id=3392373

            Bug ID: 3392373
           Summary: bugs found by pvs-studio
           Product: NASM
           Version: unspecified
          Hardware: All
                OS: All
            Status: OPEN
          Severity: normal
          Priority: Medium
         Component: Assembler
          Assignee: nobody at nasm.us
          Reporter: martin at ubique.se
                CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us

Created attachment 411570
  --> https://bugzilla.nasm.us/attachment.cgi?id=411570&action=edit
patch

Hi all!

I have analyzed the nasm project source using pvs-studio.

The work resulted in 14 commits which can be browsed at
https://github.com/martinlindhe/nasm/commits/pvs-fixes
Attached is a patch with all the commits from that branch.

I ran tests to make sure I didn't break anything.
(git checkout master; make golden; git checkout pvs-fixes; make; make test)

A few fixes are notable:

fix value overflow in output/outmacho.c ('V629 Consider inspecting the '1 <<
s->align' expression. Bit shifting of the 32-bit value with a subsequent
expansion to the 64-bit type.'):

```
-       newaddr = ALIGN(s->addr, 1 << s->align);
+        newaddr = ALIGN(s->addr, 1L << s->align);
```

fix memset() call in nasmlib/md5c.c to use size of struct ctx, rather than the
size of the pointer. fixes pvs-studio 'V512 A call of the 'memset' function
will lead to underflow of the buffer 'ctx'.':

```
-    memset((char *) ctx, 0, sizeof(ctx));      /* In case it's sensitive */
+    memset((char *) ctx, 0, sizeof(*ctx));     /* In case it's sensitive */
```

fix operator priority error with parenthesis in disasm/disasm.c. fixes
pvs-studio error 'V502 Perhaps the '?:' operator works in a different way than
it was expected. The '?:' operator has a lower priority than the '!='
operator.':                                                               

```
-            if (osize != (segsize == 16) ? 16 : 32)
+            if (osize != (segsize == 16 ? 16 : 32))
```

and more.

In addition, pvs-studio is pointing out some code fragments that I am unsure
how to resolve, or if they are real issues. It would be great if someone more
familiar with the code base had a look at these:

asm/float.c:587 err     V512 A call of the 'memcpy' function will lead to
underflow of the buffer 'mult'.

asm/assemble.c:338      warn    V507 Pointer to local array 'xdata' is stored
outside the scope of this array. Such a pointer will become invalid.

asm/assemble.c:356      warn    V507 Pointer to local array 'xdata' is stored
outside the scope of this array. Such a pointer will become invalid.

asm/assemble.c:2351     err     V536 Be advised that the utilized constant
value is represented by an octal form. Oct: 0370, Dec: 248.

asm/nasm.c:492  err     V595 The 'ofile' pointer was utilized before it was
verified against nullptr. Check lines: 492, 499.

asm/parser.c:528        warn    V557 Array underrun is possible. The value of
'slot' index could reach -1.

output/outas86.c:408    warn    V684 A value of the variable 'sym->flags' is
not modified. Consider inspecting the expression. It is possible that '1'
should be present instead of '0'.

Best regards
Martin Lindhe

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.

More information about the Nasm-bugs mailing list