osmo-cbc is being monitored by Coverity as part of the osmocom project [2].
The as1nc generated code changes to osmo-cbc triggered a new scan from coverity with the following new defects reported below. I paste the email report as I received it to my email.
Hi,
Please find the latest report on new defect(s) introduced to Osmocom found with Coverity Scan.
3 new defect(s) introduced to Osmocom found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 356785: Integer handling issues (BAD_SHIFT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/aper_support.c: 345 in aper_put_constrained_whole_number()
________________________________________________________________________________________________________
*** CID 356785: Integer handling issues (BAD_SHIFT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/aper_support.c: 345 in aper_put_constrained_whole_number()
339
340 /* X.691 2002 10.5.7.4 - The indefinite length case. */
341 /* since we limit input to be 'long' we don't handle all numbers */
342 /* and so length determinant is stored as X.691 2002 10.9.3.3 */
343 /* number of bytes to store the range */
344 for (range_len = 3; ; range_len++) {
>>> CID 356785: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << 8 * range_len", left shifting by more than 31 bits has undefined behavior. The shift amount, "8 * range_len", is 32.
345 int bits = 1 << (8 * range_len);
346 if (range - 1 < bits)
347 break;
348 }
349 /* number of bytes to store the value */
350 for (value_len = 1; ; value_len++) {
** CID 356784: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/INTEGER.c: 421 in asn_INTEGER2int64()
________________________________________________________________________________________________________
*** CID 356784: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/INTEGER.c: 421 in asn_INTEGER2int64()
415 return asn_imax2INTEGER(st, value);
416 }
417
418 int asn_INTEGER2int64(const INTEGER_t *st, int64_t *value) {
419 intmax_t v;
420 if(asn_INTEGER2imax(st, &v) == 0) {
>>> CID 356784: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "v < -9223372036854775808L /* -9223372036854775807L - 1 */" is always false regardless of the values of its operands. This occurs as the logical first operand of "||".
421 if(v < INT64_MIN || v > INT64_MAX) {
422 errno = ERANGE;
423 return -1;
424 }
425 *value = v;
426 return 0;
** CID 356783: Integer handling issues (BAD_SHIFT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/aper_support.c: 272 in aper_put_nsnnwn()
________________________________________________________________________________________________________
*** CID 356783: Integer handling issues (BAD_SHIFT)
/source-Osmocom/osmo-cbc/src/sbcap/gen/aper_support.c: 272 in aper_put_nsnnwn()
266 len = 1;
267 } else if (number < 65536) {
268 len = 2;
269 } else { /* number > 64K */
270 int i;
271 for (i = 3; ; i++) {
>>> CID 356783: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << 8 * i", left shifting by more than 31 bits has undefined behavior. The shift amount, "8 * i", is 32.
272 int bits = 1 << (8 * i);
273 if (number < bits)
274 break;
275 }
276 len = i;
277 }
I recently updated the generated asn1 code in osmo-cbc [1] using current branch mouse07410/vlm_master (https://github.com/mouse07410/asn1c/commit/12b8e555b971c745ea715cb247f39120fa15f7f0).
osmo-cbc is being monitored by Coverity as part of the osmocom project [2].
The as1nc generated code changes to osmo-cbc triggered a new scan from coverity with the following new defects reported below. I paste the email report as I received it to my email.
[1] https://gitea.osmocom.org/cellular-infrastructure/osmo-cbc/commit/538bc4c69943cd031a4dc2c74ad6f30d5e5cd0b6 [2] https://scan.coverity.com/projects/osmocom