Hi,
Please find the latest report on new defect(s) introduced to TokTok/c-toxcore found with Coverity Scan.
3 new defect(s) introduced to TokTok/c-toxcore found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1515712: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1515712: Uninitialized variables (UNINIT)
/toxcore/network.c: 1691 in net_connect()
1685 if (connect(sock.sock, (struct sockaddr *)&addr, addrsize) == -1) {
1686 const int error = net_error();
1687
1688 // Non-blocking socket: "Operation in progress" means it's connecting.
1689 if (!should_ignore_connect_error(error)) {
1690 char *net_strerror = net_new_strerror(error);
>>> CID 1515712: Uninitialized variables (UNINIT)
>>> Using uninitialized value "*ip_str.buf" as argument to "%s" when calling "logger_write".
1691 LOGGER_ERROR(log, "failed to connect to %s:%d: %d (%s)",
1692 ip_str.buf, ip_port->port, error, net_strerror);
1693 net_kill_strerror(net_strerror);
1694 return false;
1695 }
1696 }
** CID 1515711: Resource leaks (RESOURCE_LEAK)
/toxcore/DHT.c: 544 in dht_create_packet()
________________________________________________________________________________________________________
*** CID 1515711: Resource leaks (RESOURCE_LEAK)
/toxcore/DHT.c: 544 in dht_create_packet()
538 if (encrypted_length == -1) {
539 free(encrypted);
540 return -1;
541 }
542
543 if (length < 1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + encrypted_length) {
>>> CID 1515711: Resource leaks (RESOURCE_LEAK)
>>> Variable "encrypted" going out of scope leaks the storage it points to.
544 return -1;
545 }
546
547 packet[0] = type;
548 memcpy(packet + 1, public_key, CRYPTO_PUBLIC_KEY_SIZE);
549 memcpy(packet + 1 + CRYPTO_PUBLIC_KEY_SIZE, nonce, CRYPTO_NONCE_SIZE);
** CID 1515710: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1515710: Memory - corruptions (OVERRUN)
/toxcore/DHT.c: 1037 in set_announce_node()
1031 unsigned int index = bit_by_bit_cmp(public_key, dht->self_public_key);
1032
1033 if (index >= LCLIENT_LENGTH) {
1034 index = LCLIENT_LENGTH - 1;
1035 }
1036
>>> CID 1515710: Memory - corruptions (OVERRUN)
>>> Overrunning buffer pointed to by "dht->close_clientlist + index * 8U" of 1024 232-byte elements by passing it to a function which accesses it at element index 2039 (byte offset 473279) using argument "1024U".
1037 set_announce_node_in_list(dht->close_clientlist + index * LCLIENT_NODES, LCLIENT_LIST, public_key);
1038
1039 for (int32_t i = 0; i < dht->num_friends; ++i) {
1040 set_announce_node_in_list(dht->friends_list[i].client_list, MAX_FRIEND_CLIENTS, public_key);
1041 }
1042 }
