Coverity Reports Out of Bounds Read in drvmgr_print.c

[Joel Sherrill]

​https://scan5.coverity.com/reports.htm#v29808/p10069/fileInstanceId=109359850&defectInstanceId=30967449&mergedDefectId=1399730

354 printf(" DRIVER ID: 0x%llx\n", drv->drv_id);

1. Condition drv->name, taking true branch.

355 printf(" NAME: %s\n", drv->name ? drv->name : "NO_NAME");
356 printf(" BUS TYPE: %d\n", drv->bus_type);
357 printf(" OPERATIONS:\n");

2. alias: Assigning: ppfunc = &drv->ops->init[0]. ppfunc now points to element 0 of drv->ops->init (which consists of 4 4-byte elements).
3. Condition i < 6U /* sizeof (struct drvmgr_drv_ops) / sizeof (void (*)(void)) */, taking true branch.
4. Condition i < 6U /* sizeof (struct drvmgr_drv_ops) / sizeof (void (*)(void)) */, taking true branch.
5. cond_at_most: Checking i < 6U implies that i may be up to 5 on the true branch.

358 for (i = 0, ppfunc = (fun_ptr *)&drv->ops->init[0];
359 i < DRVMGR_OPS_NUM(struct drvmgr_drv_ops); i++)

4. Jumping back to the beginning of the loop.

CID 1399730 (#1 of 1): Out-of-bounds read (OVERRUN)

7. overrun-local: Overrunning array of 4 4-byte elements at element index 5 (byte offset 20) by dereferencing pointer ppfunc + i.

360 printf(" %s %p\n", drv_ops_names[i], ppfunc[i]);
361 printf(" NO. DEVICES: %d\n", drv->dev_cnt);
362

[Daniel Hellstrom <daniel@…>]

In 3663be53/rtems:

drvmgr: clean up info_drv print

Fixes #2930

[Sebastian Huber]

Milestone renamed