And to pile on... Coverity thinks there is an out of bounds write in xz_dec_lzma2.c:
https://scan5.coverity.com/reports.htm#v29808/p10069/fileInstanceId=108959059&defectInstanceId=30877313&mergedDefectId=711586 779 * All probabilities are initialized to the same value. This hack 780 * makes the code smaller by avoiding a separate loop for each 781 * probability array. 782 * 783 * This could be optimized so that only that part of literal 784 * probabilities that are actually required. In the common case 785 * we would write 12 KiB less. 786 */ 1. alias: Assigning: probs = s->lzma.is_match[0]. probs now points to element 0 of s->lzma.is_match (which consists of 192 2-byte elements). 787 probs = s->lzma.is_match[0]; 2. Condition i < 14134U /* 1846 + (1 << 4) * 768 */, taking true branch. 4. Condition i < 14134U /* 1846 + (1 << 4) * 768 */, taking true branch. 5. cond_at_most: Checking i < 14134U implies that i may be up to 14133 on the true branch. 788 for (i = 0; i < PROBS_TOTAL; ++i) 3. Jumping back to the beginning of the loop. CID 711586 (#1 of 1): Out-of-bounds write (OVERRUN) 6. overrun-local: Overrunning array of 192 2-byte elements at element index 14133 (byte offset 28266) by dereferencing pointer probs + i. 789 probs[i] = RC_BIT_MODEL_TOTAL / 2; 790 On Fri, Mar 10, 2017 at 3:41 AM, Sebastian Huber < sebastian.hu...@embedded-brains.de> wrote: > Just for reference: > > https://devel.rtems.org/ticket/2909 > > -- > Sebastian Huber, embedded brains GmbH > > Address : Dornierstr. 4, D-82178 Puchheim, Germany > Phone : +49 89 189 47 41-16 > Fax : +49 89 189 47 41-09 > E-Mail : sebastian.hu...@embedded-brains.de > PGP : Public key available on request. > > Diese Nachricht ist keine geschäftliche Mitteilung im Sinne des EHUG. > >
_______________________________________________ devel mailing list devel@rtems.org http://lists.rtems.org/mailman/listinfo/devel
