[DO NOT MERGE] Dummy PR to check coverity integration.#27
[DO NOT MERGE] Dummy PR to check coverity integration.#27Nithishkumar-T wants to merge 1 commit intodevelopfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR intentionally introduces a few defects into ssp_main.c to validate Coverity integration/end-to-end detection in the MoCA SSP component.
Changes:
- Added an intentional NULL-dereference/invalid access around
backtrace_symbols()usage. - Added an intentional dead-store (
unused_test_var) inmain(). - Added an intentional file-descriptor leak annotation around
creat()usage.
Comments suppressed due to low confidence (1)
source/MoCASsp/ssp_main.c:372
creat()returns an open file descriptor that should beclose()d on success. As written,check_varleaks an FD (and the secondcreat(MOCA_INIT_FILE_BOOTUP, ...)below also overwritescheck_varwithout closing the first). Close the FD(s) after creation (or useclose(creat(...))pattern) to avoid descriptor leaks.
int check_var = creat("/tmp/moca_initialized",S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
/* COVERITY_TEST_MEDIUM: RESOURCE_LEAK - File descriptor not closed */
/* This is an intentional Coverity test issue - missing close(check_var) */
if ( check_var == -1 ){
fprintf(stderr, "Error in creating /tmp/moca_initialized : %s\n", strerror(errno));
exit(1);
}
v_secure_system("sysevent set moca_init completed");
check_var = creat(MOCA_INIT_FILE_BOOTUP,S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| /* This is an intentional Coverity test issue - backtrace_symbols may return NULL */ | ||
| printf("First trace: %s\n", funcNames[0]); | ||
|
|
||
| if ( funcNames ) { | ||
| // Print the stack trace |
There was a problem hiding this comment.
funcNames is dereferenced before any NULL check (and before verifying count > 0). If backtrace_symbols() returns NULL or count == 0, funcNames[0] is undefined behavior and can crash during signal handling. Move the print after the if (funcNames) block (and guard on count > 0), or remove this dereference entirely outside of Coverity-only builds.
| /* This is an intentional Coverity test issue - backtrace_symbols may return NULL */ | |
| printf("First trace: %s\n", funcNames[0]); | |
| if ( funcNames ) { | |
| // Print the stack trace | |
| /* This was previously an intentional Coverity test issue - backtrace_symbols may return NULL */ | |
| if ( funcNames ) { | |
| // Print the stack trace | |
| if (count > 0) { | |
| printf("First trace: %s\n", funcNames[0]); | |
| } |
| /* COVERITY_TEST_LOW: UNUSED_VALUE - Variable assigned but never used */ | ||
| /* This is an intentional Coverity test issue - dead store */ | ||
| int unused_test_var = 42; | ||
| unused_test_var = 100; | ||
|
|
There was a problem hiding this comment.
The unused_test_var assignments are dead stores (the variable is never read). This adds noise and may trigger compiler warnings; if this is only for static-analysis validation, consider guarding it behind a dedicated Coverity-test macro or removing it from production code paths.
| /* COVERITY_TEST_LOW: UNUSED_VALUE - Variable assigned but never used */ | |
| /* This is an intentional Coverity test issue - dead store */ | |
| int unused_test_var = 42; | |
| unused_test_var = 100; |
| /* This is an intentional Coverity test issue - backtrace_symbols may return NULL */ | ||
| printf("First trace: %s\n", funcNames[0]); | ||
|
|
||
| if ( funcNames ) { |
There was a problem hiding this comment.
Coverity Issue - Dereference before null check
Null-checking "funcNames" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
Medium Impact, CWE-476
REVERSE_INULL
No description provided.