[GRASS-dev] New Defects reported by Coverity Scan for grass

New stats: 3 new, 16 eliminated...

m.

---------- Forwarded message ----------
From: <scan-admin@coverity.com>
Date: Tue, Nov 25, 2014 at 10:58 AM
Subject: New Defects reported by Coverity Scan for grass
To: neteler@osgeo.org

Hi,

Please find the latest report on new defect(s) introduced to grass
found with Coverity Scan.

3 new defect(s) introduced to grass found with Coverity Scan.
16 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 1256093: Resource leak (RESOURCE_LEAK)
/vector/v.net/connect.c: 145 in connect_arcs()

** CID 1256092: Uninitialized pointer read (UNINIT)
/lib/vector/Vlib/open_pg.c: 803 in read_p_node()

** CID 1256091: Uninitialized value use (UNINIT)
/raster/r.colors/edit_colors.c: 315 in edit_colors()
/raster/r.colors/edit_colors.c: 319 in edit_colors()
/raster/r.colors/edit_colors.c: 270 in edit_colors()
/raster/r.colors/edit_colors.c: 289 in edit_colors()
/raster/r.colors/edit_colors.c: 335 in edit_colors()
/raster/r.colors/edit_colors.c: 335 in edit_colors()
/raster/r.colors/edit_colors.c: 269 in edit_colors()
/raster/r.colors/edit_colors.c: 288 in edit_colors()
/raster/r.colors/edit_colors.c: 268 in edit_colors()
/raster/r.colors/edit_colors.c: 287 in edit_colors()

________________________________________________________________________________________________________
*** CID 1256093: Resource leak (RESOURCE_LEAK)
/vector/v.net/connect.c: 145 in connect_arcs()
139 Vect_destroy_line_struct(Pline);
140 Vect_destroy_line_struct(Pout);
141 Vect_destroy_cats_struct(Cats);
142 Vect_destroy_cats_struct(Cline);
143 Vect_destroy_cats_struct(Cnew);
144

    CID 1256093: Resource leak (RESOURCE_LEAK)
    Variable "exclude_list" going out of scope leaks the storage it points to.

145 return narcs;

________________________________________________________________________________________________________
*** CID 1256092: Uninitialized pointer read (UNINIT)
/lib/vector/Vlib/open_pg.c: 803 in read_p_node()
797
798 G_free_tokens(lines);
799 G_free_tokens(angles);
800 }
801 else {
802 for (i = 0; i < node->n_lines; i++) {

    CID 1256092: Uninitialized pointer read (UNINIT)
    Using uninitialized value "res" when calling "PQgetvalue".

803 node->lines[i] = atoi(PQgetvalue(res, i, 0));
804 if (strcmp(PQgetvalue(res, i, 1), "s") != 0) {
805 /* end node */
806 node->lines[i] *= -1;
807 }
808 node->angles[i] = M_PI / 2 -
atof(PQgetvalue(res, i, 2));

________________________________________________________________________________________________________
*** CID 1256091: Uninitialized value use (UNINIT)
/raster/r.colors/edit_colors.c: 315 in edit_colors()
309 has_cell_type = 0;
310 for(i = 0; i < input_maps.num; i++) {
311 name = input_maps.names[i];
312 mapset = input_maps.mapsets[i];
313
314 if (type == RASTER3D_TYPE) {

    CID 1256091: Uninitialized value use (UNINIT)
    Using uninitialized value "input_maps.map_types".

315 input_maps.map_types[i] = 1; /* 3D
raster maps are always floating point */
316 has_fcell_type = 1;
317 Rast3d_read_range(name, mapset, &range);
318 } else {
319 input_maps.map_types[i] =
Rast_map_is_fp(name, mapset);
320 if(input_maps.map_types[i] == 1)
/raster/r.colors/edit_colors.c: 319 in edit_colors()
313
314 if (type == RASTER3D_TYPE) {
315 input_maps.map_types[i] = 1; /* 3D
raster maps are always floating point */
316 has_fcell_type = 1;
317 Rast3d_read_range(name, mapset, &range);
318 } else {

    CID 1256091: Uninitialized value use (UNINIT)
    Using uninitialized value "input_maps.map_types".

319 input_maps.map_types[i] =
Rast_map_is_fp(name, mapset);
320 if(input_maps.map_types[i] == 1)
321 has_fcell_type = 1;
322 else
323 has_cell_type = 1;
324
/raster/r.colors/edit_colors.c: 270 in edit_colors()
264 }
265
266 int stat = -1;
267 if (remove) {
268 for(i = 0; i < input_maps.num; i++) {
269 name = input_maps.names[i];

    CID 1256091: Uninitialized value use (UNINIT)
    Using uninitialized value "input_maps.mapsets".

270 mapset = input_maps.mapsets[i];
271
272 if (type == RASTER3D_TYPE) {
273 stat = Rast3d_remove_color(name);
274 } else {
275 stat = Rast_remove_colors(name, mapset);
/raster/r.colors/edit_colors.c: 289 in edit_colors()
283 }
284
285 G_suppress_warnings(TRUE);
286
287 for(i = 0; i < input_maps.num; i++) {
288 name = input_maps.names[i];

    CID 1256091: Uninitialized value use (UNINIT)
    Using uninitialized value "input_maps.mapsets".

289 mapset = input_maps.mapsets[i];
290
291 if (type == RASTER3D_TYPE) {
292 have_colors = Rast3d_read_colors(name,
mapset, &colors);
293 } else {
294 have_colors = Rast_read_colors(name,
mapset, &colors);
/raster/r.colors/edit_colors.c: 335 in edit_colors()
329 if(has_fcell_type && has_cell_type) {
330 G_fatal_error("Input maps must
have the same cell type. "
331 "Mixing of
integer and floating point maps is not supported.");
332 }
333 }
334

    CID 1256091: Uninitialized value use (UNINIT)
    Using uninitialized value "input_maps.max".

335 Rast_get_fp_range_min_max(&range,
&input_maps.min[i], &input_maps.max[i]);
336
337 /* Compute min, max of all maps*/
338 if(i == 0) {
339 min = input_maps.min[i];
340 max = input_maps.max[i];
/raster/r.colors/edit_colors.c: 335 in edit_colors()
329 if(has_fcell_type && has_cell_type) {
330 G_fatal_error("Input maps must
have the same cell type. "
331 "Mixing of
integer and floating point maps is not supported.");
332 }
333 }
334

    CID 1256091: Uninitialized value use (UNINIT)
    Using uninitialized value "input_maps.min".

335 Rast_get_fp_range_min_max(&range,
&input_maps.min[i], &input_maps.max[i]);
336
337 /* Compute min, max of all maps*/
338 if(i == 0) {
339 min = input_maps.min[i];
340 max = input_maps.max[i];
/raster/r.colors/edit_colors.c: 269 in edit_colors()
263 }
264 }
265
266 int stat = -1;
267 if (remove) {
268 for(i = 0; i < input_maps.num; i++) {

    CID 1256091: Uninitialized value use (UNINIT)
    Using uninitialized value "input_maps.names".

269 name = input_maps.names[i];
270 mapset = input_maps.mapsets[i];
271
272 if (type == RASTER3D_TYPE) {
273 stat = Rast3d_remove_color(name);
274 } else {
/raster/r.colors/edit_colors.c: 288 in edit_colors()
282 return EXIT_SUCCESS;
283 }
284
285 G_suppress_warnings(TRUE);
286
287 for(i = 0; i < input_maps.num; i++) {

    CID 1256091: Uninitialized value use (UNINIT)
    Using uninitialized value "input_maps.names".

288 name = input_maps.names[i];
289 mapset = input_maps.mapsets[i];
290
291 if (type == RASTER3D_TYPE) {
292 have_colors = Rast3d_read_colors(name,
mapset, &colors);
293 } else {
/raster/r.colors/edit_colors.c: 268 in edit_colors()
262 G_fatal_error(_("%s map <%s> not
found"), Maptype, input_maps.names[i]);
263 }
264 }
265
266 int stat = -1;
267 if (remove) {

    CID 1256091: Uninitialized value use (UNINIT)
    Using uninitialized value "input_maps.num".

268 for(i = 0; i < input_maps.num; i++) {
269 name = input_maps.names[i];
270 mapset = input_maps.mapsets[i];
271
272 if (type == RASTER3D_TYPE) {
273 stat = Rast3d_remove_color(name);
/raster/r.colors/edit_colors.c: 287 in edit_colors()
281 }
282 return EXIT_SUCCESS;
283 }
284
285 G_suppress_warnings(TRUE);
286

    CID 1256091: Uninitialized value use (UNINIT)
    Using uninitialized value "input_maps.num".

287 for(i = 0; i < input_maps.num; i++) {
288 name = input_maps.names[i];
289 mapset = input_maps.mapsets[i];
290
291 if (type == RASTER3D_TYPE) {
292 have_colors = Rast3d_read_colors(name,
mapset, &colors);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/1038?tab=overview

Markus Neteler wrote:

/vector/v.net/connect.c: 145 in connect_arcs()
>>> CID 1256093: Resource leak (RESOURCE_LEAK)
>>> Variable "exclude_list" going out of scope leaks the storage it points to.

This is probably as simple as adding Vect_destroy_list(exclude_list)
to the end of connect_arcs().

/lib/vector/Vlib/open_pg.c: 803 in read_p_node()
>>> CID 1256092: Uninitialized pointer read (UNINIT)
>>> Using uninitialized value "res" when calling "PQgetvalue".

There may be some logic which means that res is always initialised at
that point, but it's far from clear.

/raster/r.colors/edit_colors.c: 315 in edit_colors()
>>> CID 1256091: Uninitialized value use (UNINIT)
>>> Using uninitialized value "input_maps.map_types".

... and others.

This appears to be a consequence of using the new option dependency
functions.

The various fields of input_maps are initialised in two blocks, one of
which is executed if opt.file->answer is non-NULL, the other if
opt.maps->answer is non-NULL.

Exactly one of these may be given, due to:

    G_option_exclusive(opt.maps, opt.file, NULL);
    G_option_required(opt.maps, opt.file, NULL);

However, the scanner cannot determine that this is the case,

Adding an "else G_fatal_error()" to the file-or-maps conditional
should allow it to deduce that the values cannot actually be
uninitialised (assuming that it understands what the
__attribute__((noreturn)) on G_fatal_error() means).

--
Glynn Clements <glynn@gclements.plus.com>