search

tbeu / matio

MATLAB MAT File I/O Library
https://matio.sourceforge.io
BSD 2-Clause "Simplified" License
334 stars 97 forks source link

Static Analysis Report #81

Closed gy741 closed 6 years ago

gy741 commented 6 years ago

Hello,

Happy New Year.

I do not know if this information will help you.

I checked the source code using PVS-Studio.

I received the following report.

There may be a false here.

The documentation for all analyzer warnings is available here: www.viva64.com/en/w

Thanks.

/home/karas/check/matio/src/inflate.c   61  warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   78  warn    V507 Pointer to local array 'uncomp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   82  warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   97  warn    V507 Pointer to local array 'uncomp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   66  warn    V507 Pointer to local array 'uncomp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   129 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   141 warn    V507 Pointer to local array 'uncomp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   146 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   157 warn    V507 Pointer to local array 'uncomp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   133 warn    V507 Pointer to local array 'uncomp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   253 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   265 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   304 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   316 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   358 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   370 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   397 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   409 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   447 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   459 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   498 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   510 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   549 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   563 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   604 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   616 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   664 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   684 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   725 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   737 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   776 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   788 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   835 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/inflate.c   847 warn    V507 Pointer to local array 'comp_buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/matvar_cell.c   106 warn    V522 There might be dereferencing of a potential null pointer 'cells'. Check lines: 106, 103.
/home/karas/check/matio/src/matvar_cell.c   152 warn    V522 There might be dereferencing of a potential null pointer 'cells'. Check lines: 152, 149.
/home/karas/check/matio/src/mat.c   846 warn    V522 There might be dereferencing of a potential null pointer 'matvar->dims'. Check lines: 846, 844.
/home/karas/check/matio/src/mat.c   909 warn    V522 There might be dereferencing of a potential null pointer 'matvar->internal->fieldnames'. Check lines: 909, 907.
/home/karas/check/matio/src/mat.c   1229    warn    V522 There might be dereferencing of a potential null pointer 'out->internal->fieldnames'. Check lines: 1229, 1225.
/home/karas/check/matio/src/mat.c   1665    warn    V522 There might be dereferencing of a potential null pointer 'subs'. Check lines: 1665, 1659.
/home/karas/check/matio/src/mat.c   1705    warn    V522 There might be dereferencing of a potential null pointer 'subs'. Check lines: 1705, 1698.
/home/karas/check/matio/src/mat.c   1921    err V767 Suspicious access to element of 'dims' array by a constant index inside a loop.
/home/karas/check/matio/src/mat.c   1927    err V767 Suspicious access to element of 'dims' array by a constant index inside a loop.
/home/karas/check/matio/src/mat.c   1937    err V767 Suspicious access to element of 'dims' array by a constant index inside a loop.
/home/karas/check/matio/src/mat.c   1942    err V767 Suspicious access to element of 'dims' array by a constant index inside a loop.
/home/karas/check/matio/src/matvar_struct.c 66  warn    V522 There might be dereferencing of a potential null pointer 'matvar->dims'. Check lines: 66, 64.
/home/karas/check/matio/src/matvar_struct.c 98  warn    V522 There might be dereferencing of a potential null pointer 'field_vars'. Check lines: 98, 95.
/home/karas/check/matio/src/matvar_struct.c 459 warn    V522 There might be dereferencing of a potential null pointer 'fields'. Check lines: 459, 451.
/home/karas/check/matio/tools/matdump.c 354 warn    V522 There might be dereferencing of a potential null pointer 'start'. Check lines: 354, 350.
/home/karas/check/matio/tools/matdump.c 355 warn    V522 There might be dereferencing of a potential null pointer 'stride'. Check lines: 355, 351.
/home/karas/check/matio/tools/matdump.c 356 warn    V522 There might be dereferencing of a potential null pointer 'edge'. Check lines: 356, 352.
/home/karas/check/matio/tools/matdump.c 369 warn    V522 There might be dereferencing of a potential null pointer 'z'. Check lines: 369, 367.
/home/karas/check/matio/tools/matdump.c 485 warn    V522 There might be dereferencing of a potential null pointer 'start'. Check lines: 485, 481.
/home/karas/check/matio/tools/matdump.c 486 warn    V522 There might be dereferencing of a potential null pointer 'stride'. Check lines: 486, 482.
/home/karas/check/matio/tools/matdump.c 487 warn    V522 There might be dereferencing of a potential null pointer 'edge'. Check lines: 487, 483.
/home/karas/check/matio/tools/matdump.c 659 err V767 Suspicious access to element of 'dims' array by a constant index inside a loop.
/home/karas/check/matio/tools/matdump.c 671 err V767 Suspicious access to element of 'dims' array by a constant index inside a loop.
/home/karas/check/matio/test/test_snprintf.c    54  err V536 Be advised that the utilized constant value is represented by an octal form. Oct: 0203, Dec: 131.
/home/karas/check/matio/test/test_mat.c 3477    warn    V614 Potentially uninitialized variable 'data_type' used. Consider checking the third actual argument of the 'Mat_VarCreate' function.
/home/karas/check/matio/test/test_mat.c 3644    warn    V614 Potentially uninitialized variable 'data_type' used. Consider checking the third actual argument of the 'Mat_VarCreate' function.
/home/karas/check/matio/test/test_mat.c 2569    warn    V666 Consider inspecting second argument of the function 'Mat_VarCreateStruct'. It is possible that the value does not correspond with the length of a string which was passed with the first argument.
/home/karas/check/matio/src/mat5.c  392 warn    V575 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 392, 390.
/home/karas/check/matio/src/mat5.c  403 warn    V575 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 403, 391.
/home/karas/check/matio/src/mat5.c  546 warn    V507 Pointer to local array 'buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  559 warn    V507 Pointer to local array 'buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  569 warn    V507 Pointer to local array 'buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  566 warn    V507 Pointer to local array 'pad' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  590 warn    V507 Pointer to local array 'buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  608 warn    V507 Pointer to local array 'buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  620 warn    V507 Pointer to local array 'buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  617 warn    V507 Pointer to local array 'pad' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  636 warn    V507 Pointer to local array 'buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  1195    warn    V507 Pointer to local array 'buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  1208    warn    V507 Pointer to local array 'buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  1218    warn    V507 Pointer to local array 'buf' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  1215    warn    V507 Pointer to local array 'pad' is stored outside the scope of this array. Such a pointer will become invalid.
/home/karas/check/matio/src/mat5.c  1332    warn    V522 There might be dereferencing of a potential null pointer 'cells[i]->dims'. Check lines: 1332, 1329.
/home/karas/check/matio/src/mat5.c  1358    warn    V522 There might be dereferencing of a potential null pointer 'cells[i]->name'. Check lines: 1358, 1355.
/home/karas/check/matio/src/mat5.c  1594    warn    V522 There might be dereferencing of a potential null pointer 'matvar->internal->fieldnames'. Check lines: 1594, 1592.
/home/karas/check/matio/src/mat5.c  1596    warn    V769 The 'ptr' pointer in the 'ptr + i * fieldname_size' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 1596, 1588.
/home/karas/check/matio/src/mat5.c  1687    warn    V522 There might be dereferencing of a potential null pointer 'fields[i]->dims'. Check lines: 1687, 1683.
/home/karas/check/matio/src/mat5.c  2208    warn    V575 The potential null pointer is passed into 'fwrite' function. Inspect the first argument. Check lines: 2208, 2204.
/home/karas/check/matio/src/mat5.c  2580    warn    V575 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 2580, 2568.
/home/karas/check/matio/src/mat5.c  2955    err V512 A call of the 'memset' function will lead to underflow of the buffer 'uncomp_buf'.
/home/karas/check/matio/src/mat5.c  3208    warn    V522 There might be dereferencing of a potential null pointer 'matvar->dims'. Check lines: 3208, 3207.
/home/karas/check/matio/src/mat5.c  5153    err V512 A call of the 'memset' function will lead to underflow of the buffer 'uncomp_buf'.
/home/karas/check/matio/src/mat5.c  5392    warn    V575 The potential null pointer is passed into 'fwrite' function. Inspect the first argument. Check lines: 5392, 5388.
/home/karas/check/matio/src/mat5.c  5624    warn    V575 The potential null pointer is passed into 'inflateInit_' function. Inspect the first argument. Check lines: 5624, 5623.
/home/karas/check/matio/src/mat5.c  5680    warn    V522 There might be dereferencing of a potential null pointer 'matvar->dims'. Check lines: 5680, 5677.
/home/karas/check/matio/src/mat5.c  5712    warn    V575 The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 5712, 5711.
tbeu commented 6 years ago

Thanks, but no need tell. I run PVS-Studio on my own regularly and try to reduce the messages further. I also reported a false positive to the PVS-Studio developers.

See also https://github.com/tbeu/matio/search?q=PVS&type=Commits&utf8=%E2%9C%93.

gy741 commented 6 years ago

@tbeu

oops , sorry.

by any chance, Did you fix all the bugs found by Fuzzer?

Thanks.

tbeu commented 6 years ago

Did you fix all the bugs found by Fuzzer?

Sorry, not yet. I started to analyze the hundreds of crafted files I got and quickly realized that this may take a huge effort.

gy741 commented 6 years ago

It's okay. :) Please let me know when you have completed the patch.