#3597 new defect

Variable tmp_dirent not initialized CID 1440356

Reported by: zehata Owned by:
Priority: normal Milestone: Indefinite
Component: fs Version: 6
Severity: normal Keywords: coverity
Cc: Blocked By:
Blocking:

Description (last modified by Joel Sherrill)

From rtems root directory, cd cpukit/libfs/src/dosfs/msdos_dir.c
tmp.dirent was used 18 times but isn't initialized anywhere in the file.
In line 325, memcpy was used, with the second parameter, a constant, being tmp_dirent, however, before this, it was not initialized at all, leading to the usage of an uninitialized variable (in memcpy)

64 msdos_dir_read(rtems_libio_t *iop, void *buffer, size_t count)
65 {

...

73 struct dirent tmp_dirent;

...

154 if ((*MSDOS_DIR_ATTR(entry) & MSDOS_ATTR_LFN_MASK) == MSDOS_ATTR_LFN)
155 {

...

324 if ( cmpltd >= 0 ) {

Uninitialized scalar variable (UNINIT)
uninit_use_in_call: Using uninitialized value tmp_dirent. Field tmp_dirent.d_type is uninitialized when calling memcpy.

325 memcpy(buffer + cmpltd, &tmp_dirent, sizeof(struct dirent));
326
327 iop->offset = iop->offset + sizeof(struct dirent);
328 cmpltd += (sizeof(struct dirent));
329 count -= (sizeof(struct dirent));
330
331 /* inode number extracted, close fat-file */
332 rc = fat_file_close(&fs_info->fat, tmp_fat_fd);
333 if (rc != RC_OK)
334 {
335 msdos_fs_unlock(fs_info);
336 return rc;
337 }
338 }
339 }

...

349 }

Change History (3)

comment:1 in reply to:  description Changed on Nov 7, 2018 at 5:16:12 PM by zehata

Milestone: Indefinite
Version: 6

Per Coverity scan CID 1440356, the file at cpukit/libfs/src/dosfs/msdos_dir.c uses uninitialized variable tmp_dirent multiple times in the file.

Last edited on Nov 7, 2018 at 5:19:04 PM by zehata (previous) (diff)

comment:2 Changed on Nov 7, 2018 at 7:03:05 PM by zehata

Summary: Variable tmp_dirent not initializedVariable tmp_dirent not initialized CID 1440356

comment:3 Changed on Nov 10, 2018 at 1:26:50 PM by Joel Sherrill

Description: modified (diff)
Note: See TracTickets for help on using tickets.