![[RTEMS Logo]](/images/logo.png){kind=logo}
Opened on 11/07/18 at 17:09:53
Last modified on 11/10/18 at 13:26:50
#3597 new defect
Variable tmp_dirent not initialized CID 1440356
| Reported by: | zehata | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Indefinite |
| Component: | fs | Version: | 6 |
| Severity: | normal | Keywords: | coverity |
| Cc: | Blocked By: | ||
| Blocking: |
Description (last modified by Joel Sherrill)
From rtems root directory, cd cpukit/libfs/src/dosfs/msdos_dir.c
tmp.dirent was used 18 times but isn't initialized anywhere in the file.
In line 325, memcpy was used, with the second parameter, a constant, being tmp_dirent, however, before this, it was not initialized at all, leading to the usage of an uninitialized variable (in memcpy)
64 msdos_dir_read(rtems_libio_t *iop, void *buffer, size_t count)
65 {
...
73 struct dirent tmp_dirent;
...
154 if ((*MSDOS_DIR_ATTR(entry) & MSDOS_ATTR_LFN_MASK) == MSDOS_ATTR_LFN)
155 {
...
324 if ( cmpltd >= 0 ) {
Uninitialized scalar variable (UNINIT)
uninit_use_in_call: Using uninitialized value tmp_dirent. Field tmp_dirent.d_type is uninitialized when calling memcpy.
325 memcpy(buffer + cmpltd, &tmp_dirent, sizeof(struct dirent));
326
327 iop->offset = iop->offset + sizeof(struct dirent);
328 cmpltd += (sizeof(struct dirent));
329 count -= (sizeof(struct dirent));
330
331 /* inode number extracted, close fat-file */
332 rc = fat_file_close(&fs_info->fat, tmp_fat_fd);
333 if (rc != RC_OK)
334 {
335 msdos_fs_unlock(fs_info);
336 return rc;
337 }
338 }
339 }
...
349 }
Change History (3)
comment:1 Changed on 11/07/18 at 17:16:12 by zehata
| Milestone: | → Indefinite |
|---|---|
| Version: | → 6 |
comment:2 Changed on 11/07/18 at 19:03:05 by zehata
| Summary: | Variable tmp_dirent not initialized → Variable tmp_dirent not initialized CID 1440356 |
|---|
comment:3 Changed on 11/10/18 at 13:26:50 by Joel Sherrill
| Description: | modified (diff) |
|---|
Note: See
TracTickets for help on using
tickets.
Replying to zehata: