[OTR-dev] Coverity scan of Fedora libotr package
Michal Luscon
mluscon at redhat.com
Tue May 24 09:54:27 EDT 2011
I have been analysed the coverity scan <http://scan.coverity.com/> of
Fedora libotr-3.2.0-6 package and they have been found following problems:
/src/auth.c:385, 416, 523 - Constant expression result:
"privkey->pubkey_type >> 16" is 0 regardless of the values of its operands
/src/serial.h:67 - Suspicious implicit sign extension: "bufp[0]" with
type "unsigned char" (8 bits, unsigned) is promoted in "(bufp[0] << 24)
| (bufp[1] << 16) | (bufp[2] << 8) | bufp[3]" to type "int" (32 bits,
signed), then sign-extended to type "unsigned long" (64 bits,
unsigned). If "(bufp[0] << 24) | (bufp[1] << 16) | (bufp[2] << 8) |
bufp[3]" is greater than 0x7FFFFFFF, the upper bits of the result will
all be 1.
/toolkit/otr_readforge.c:112 - Allocating insufficient memory for the
terminating null of the string.
/src/proto.c:783 - Potential resource leak of variable newfrag in else
statement.
/src/context.c:322, /src/privkey.c:622 - Suspicious while condition.
Please check mentioned issues and if you are interested on whole
coverity scan report, it is possible to send it to you.
Michal Luscon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20110524/b9519e60/attachment.html>
More information about the OTR-dev
mailing list