[Nasm-bugs] [Bug 3392373] New: bugs found by pvs-studio
no-reply at bugzilla-nasm.gorcunov.org
no-reply at bugzilla-nasm.gorcunov.org
Thu Nov 17 01:31:31 PST 2016
https://bugzilla.nasm.us/show_bug.cgi?id=3392373
Bug ID: 3392373
Summary: bugs found by pvs-studio
Product: NASM
Version: unspecified
Hardware: All
OS: All
Status: OPEN
Severity: normal
Priority: Medium
Component: Assembler
Assignee: nobody at nasm.us
Reporter: martin at ubique.se
CC: gorcunov at gmail.com, hpa at zytor.com, nasm-bugs at nasm.us
Created attachment 411570
--> https://bugzilla.nasm.us/attachment.cgi?id=411570&action=edit
patch
Hi all!
I have analyzed the nasm project source using pvs-studio.
The work resulted in 14 commits which can be browsed at
https://github.com/martinlindhe/nasm/commits/pvs-fixes
Attached is a patch with all the commits from that branch.
I ran tests to make sure I didn't break anything.
(git checkout master; make golden; git checkout pvs-fixes; make; make test)
A few fixes are notable:
fix value overflow in output/outmacho.c ('V629 Consider inspecting the '1 <<
s->align' expression. Bit shifting of the 32-bit value with a subsequent
expansion to the 64-bit type.'):
```
- newaddr = ALIGN(s->addr, 1 << s->align);
+ newaddr = ALIGN(s->addr, 1L << s->align);
```
fix memset() call in nasmlib/md5c.c to use size of struct ctx, rather than the
size of the pointer. fixes pvs-studio 'V512 A call of the 'memset' function
will lead to underflow of the buffer 'ctx'.':
```
- memset((char *) ctx, 0, sizeof(ctx)); /* In case it's sensitive */
+ memset((char *) ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
```
fix operator priority error with parenthesis in disasm/disasm.c. fixes
pvs-studio error 'V502 Perhaps the '?:' operator works in a different way than
it was expected. The '?:' operator has a lower priority than the '!='
operator.':
```
- if (osize != (segsize == 16) ? 16 : 32)
+ if (osize != (segsize == 16 ? 16 : 32))
```
and more.
In addition, pvs-studio is pointing out some code fragments that I am unsure
how to resolve, or if they are real issues. It would be great if someone more
familiar with the code base had a look at these:
asm/float.c:587 err V512 A call of the 'memcpy' function will lead to
underflow of the buffer 'mult'.
asm/assemble.c:338 warn V507 Pointer to local array 'xdata' is stored
outside the scope of this array. Such a pointer will become invalid.
asm/assemble.c:356 warn V507 Pointer to local array 'xdata' is stored
outside the scope of this array. Such a pointer will become invalid.
asm/assemble.c:2351 err V536 Be advised that the utilized constant
value is represented by an octal form. Oct: 0370, Dec: 248.
asm/nasm.c:492 err V595 The 'ofile' pointer was utilized before it was
verified against nullptr. Check lines: 492, 499.
asm/parser.c:528 warn V557 Array underrun is possible. The value of
'slot' index could reach -1.
output/outas86.c:408 warn V684 A value of the variable 'sym->flags' is
not modified. Consider inspecting the expression. It is possible that '1'
should be present instead of '0'.
Best regards
Martin Lindhe
--
You are receiving this mail because:
You are on the CC list for the bug.
You are watching all bug changes.
More information about the Nasm-bugs
mailing list