On 11/03/2017 02:10, Joel Sherrill wrote:
And to pile on... Coverity thinks there is an out of bounds write
in xz_dec_lzma2.c:
https://scan5.coverity.com/reports.htm#v29808/p10069/fileInstanceId=108959059&defectInstanceId=30877313&mergedDefectId=711586
779 * All probabilities are initialized to the same value. This hack
780 * makes the code smaller by avoiding a separate loop for each
781 * probability array.
782 *
783 * This could be optimized so that only that part of literal
784 * probabilities that are actually required. In the common case
785 * we would write 12 KiB less.
786 */
1. alias: Assigning: probs = s->lzma.is_match[0]. probs now points
to element 0 of s->lzma.is_match (which consists of 192 2-byte elements).
787 probs = s->lzma.is_match[0];
2. Condition i < 14134U /* 1846 + (1 << 4) * 768 */, taking true branch.
4. Condition i < 14134U /* 1846 + (1 << 4) * 768 */, taking true branch.
5. cond_at_most: Checking i < 14134U implies that i may be up to
14133 on the true branch.
788 for (i = 0; i < PROBS_TOTAL; ++i)
3. Jumping back to the beginning of the loop.
CID 711586 (#1 of 1): Out-of-bounds write (OVERRUN)
6. overrun-local: Overrunning array of 192 2-byte elements at element
index 14133 (byte offset 28266) by dereferencing pointer probs + i.
789 probs[i] = RC_BIT_MODEL_TOTAL / 2;
790
I am ok looking into warnings however I suggest you approach upstream
with any issues related to the code. I do not know the code.
Chris
_______________________________________________
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel
