Closed
Bug 1373151
Opened 7 years ago
Closed 7 years ago
Coverity found a few issues: (NOT ONLY FOR TB!)
Categories
(Core :: General, defect)
Core
General
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: ishikawa, Unassigned)
References
(Blocks 1 open bug)
Details
I subscribe to Coverity scan report of C-C TB source tree.
Many warnings reported are actually in M-C portion of the code and
I trust that many eyeballs are looking at such issues.
Usually, I do not bother to report even if the error(s) reported seem to be rather grave trusting the wide and shallow eyeball scans.
But today's report warrants my posting this. If these are already handled in other places, sorry about the noise. But I think this noise warrants this just in case this has not been addressed in the last 7 days or so.
Note the CIDs in particular.
CID 1412643: API usage errors (BUFFER_SIZE)
CID 1412644: Integer handling issues (BAD_SHIFT)
CID 1412645: Memory - illegal accesses (BUFFER_SIZE) CID 1412646: Memory - illegal accesses (BUFFER_SIZE_WARNING)
maybe instead of strncpy, memcpy can be used for larity?
CID 1412647: Memory - illegal accesses (BUFFER_SIZE_WARNING)
CID 1412648: Memory - corruptions (BUFFER_SIZE)
CID 1412649: (BUFFER_SIZE)
---
Please find the latest report on new defect(s) introduced to Thunderbird found with Coverity Scan.
90 new defect(s) introduced to Thunderbird found with Coverity Scan.
124 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 90 defect(s)
** CID 1412044: Control flow issues (DEADCODE)
/mozilla/security/nss/lib/freebl/rijndael.c: 1121 in aes_InitContext()
________________________________________________________________________________________________________
*** CID 1412044: Control flow issues (DEADCODE)
/mozilla/security/nss/lib/freebl/rijndael.c: 1121 in aes_InitContext()
1115 return SECFailure;
1116 }
1117 }
1118 #endif
1119 /* Generate expanded key */
1120 if (encrypt) {
CID 1412044: Control flow issues (DEADCODE)
Execution cannot reach the expression "cx->mode == 4" inside this statement: "if (use_hw_aes && (cx->mode...".
1121 if (use_hw_aes && (cx->mode == NSS_AES_GCM || cx->mode == NSS_AES ||
1122 cx->mode == NSS_AES_CTR)) {
1123 PORT_Assert(keysize == 16 || keysize == 24 || keysize == 32);
1124 /* Prepare hardware key for normal AES parameters. */
1125 native_key_expansion(cx, key, Nk);
1126 } else {
** CID 1412641: Memory - corruptions (ARRAY_VS_SINGLETON)
/mozilla/layout/generic/nsTextFrame.cpp: 8527 in nsTextFrame::AddInlineMinISizeForFlow(gfxContext *, nsIFrame::InlineMinISizeData *, nsTextFrame::TextRunType)()
________________________________________________________________________________________________________
*** CID 1412641: Memory - corruptions (ARRAY_VS_SINGLETON)
/mozilla/layout/generic/nsTextFrame.cpp: 8527 in nsTextFrame::AddInlineMinISizeForFlow(gfxContext *, nsIFrame::InlineMinISizeData *, nsTextFrame::TextRunType)()
8521 aData->mTrailingWhitespace = 0;
8522 }
8523 }
8524
8525 if (preformattedTab) {
8526 PropertyProvider::Spacing spacing;
CID 1412641: Memory - corruptions (ARRAY_VS_SINGLETON)
Taking address with "&spacing" yields a singleton pointer.
8527 provider.GetSpacing(Range(i, i + 1), &spacing);
8528 aData->mCurrentLine += nscoord(spacing.mBefore);
8529 if (tabWidth < 0) {
8530 tabWidth = ComputeTabWidthAppUnits(this, textRun);
8531 }
8532 gfxFloat afterTab =
** CID 1412642: Memory - corruptions (ARRAY_VS_SINGLETON)
/mozilla/layout/generic/nsTextFrame.cpp: 8690 in nsTextFrame::AddInlinePrefISizeForFlow(gfxContext *, nsIFrame::InlinePrefISizeData *, nsTextFrame::TextRunType)()
________________________________________________________________________________________________________
*** CID 1412642: Memory - corruptions (ARRAY_VS_SINGLETON)
/mozilla/layout/generic/nsTextFrame.cpp: 8690 in nsTextFrame::AddInlinePrefISizeForFlow(gfxContext *, nsIFrame::InlinePrefISizeData *, nsTextFrame::TextRunType)()
8684 aData->mTrailingWhitespace = 0;
8685 }
8686 }
8687
8688 if (preformattedTab) {
8689 PropertyProvider::Spacing spacing;
CID 1412642: Memory - corruptions (ARRAY_VS_SINGLETON)
Taking address with "&spacing" yields a singleton pointer.
8690 provider.GetSpacing(Range(i, i + 1), &spacing);
8691 aData->mCurrentLine += nscoord(spacing.mBefore);
8692 if (tabWidth < 0) {
8693 tabWidth = ComputeTabWidthAppUnits(this, textRun);
8694 }
8695 gfxFloat afterTab =
** CID 1412643: API usage errors (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aec/aec_core.cc: 1806 in webrtc::FormOutputFrame(unsigned long, unsigned long, unsigned long *, float (*)[128], float *const *)()
________________________________________________________________________________________________________
*** CID 1412643: API usage errors (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aec/aec_core.cc: 1806 in webrtc::FormOutputFrame(unsigned long, unsigned long, unsigned long *, float (*)[128], float *const *)()
1800 FRAME_LEN * sizeof(float));
1801 }
1802 (*output_buffer_size) -= FRAME_LEN;
1803 if (*output_buffer_size > 0) {
1804 RTC_DCHECK_GE(2 * PART_LEN - FRAME_LEN, (*output_buffer_size));
1805 for (size_t i = 0; i < num_bands; ++i) {
CID 1412643: API usage errors (BUFFER_SIZE)
The source buffer "&output_buffer[i][80]" potentially overlaps with the destination buffer "&output_buffer[i][0]", which results in undefined behavior for "memcpy".
1806 memcpy(&output_buffer[i][0], &output_buffer[i][FRAME_LEN],
1807 (*output_buffer_size) * sizeof(float));
1808 }
1809 }
1810 }
1811
** CID 1412644: Integer handling issues (BAD_SHIFT)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aecm/aecm_core.cc: 930 in WebRtcAecm_UpdateChannel(AecmCore *, const unsigned short *, short, const unsigned short *, short, int *)()
________________________________________________________________________________________________________
*** CID 1412644: Integer handling issues (BAD_SHIFT)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aecm/aecm_core.cc: 930 in WebRtcAecm_UpdateChannel(AecmCore *, const unsigned short *, short, const unsigned short *, short, int *)()
924 far_spectrum[i]);
925 shiftChFar = 0;
926 } else
927 {
928 // We need to shift down before multiplication
929 shiftChFar = 32 - zerosCh - zerosFar;
CID 1412644: Integer handling issues (BAD_SHIFT)
In expression "aecm->channelAdapt32[i] >> shiftChFar", right shifting by more than 31 bits has undefined behavior. The shift amount, "shiftChFar", is 32.
930 tmpU32no1 = (aecm->channelAdapt32[i] >> shiftChFar) *
931 far_spectrum[i];
932 }
933 // Determine Q-domain of numerator
934 zerosNum = WebRtcSpl_NormU32(tmpU32no1);
935 if (dfa[i])
** CID 1412645: Memory - illegal accesses (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/rtp_rtcp/source/rtp_rtcp_impl_unittest.cc: 180 in webrtc::RtpRtcpImplTest::RtpRtcpImplTest()()
________________________________________________________________________________________________________
*** CID 1412645: Memory - illegal accesses (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/rtp_rtcp/source/rtp_rtcp_impl_unittest.cc: 180 in webrtc::RtpRtcpImplTest::RtpRtcpImplTest()()
174 sender_.SetRemoteSsrc(kReceiverSsrc);
175 sender_.impl_->SetSequenceNumber(kSequenceNumber);
176 sender_.impl_->SetStorePacketsStatus(true, 100);
177
178 memset(&codec_, 0, sizeof(VideoCodec));
179 codec_.plType = 100;
CID 1412645: Memory - illegal accesses (BUFFER_SIZE)
Calling strncpy with a source string whose length (3 chars) is greater than or equal to the size argument (3) will fail to null-terminate "this->codec_.plName".
180 strncpy(codec_.plName, "VP8", 3);
181 codec_.width = 320;
182 codec_.height = 180;
183 EXPECT_EQ(0, sender_.impl_->RegisterSendPayload(codec_));
184
185 // Receive module.
** CID 1412646: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/mozilla/media/webrtc/trunk/webrtc/video/video_receive_stream.cc: 156 in webrtc::<unnamed>::CreateDecoderVideoCodec(const webrtc::VideoReceiveStream::Decoder &)()
________________________________________________________________________________________________________
*** CID 1412646: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/mozilla/media/webrtc/trunk/webrtc/video/video_receive_stream.cc: 156 in webrtc::<unnamed>::CreateDecoderVideoCodec(const webrtc::VideoReceiveStream::Decoder &)()
150 namespace {
151 VideoCodec CreateDecoderVideoCodec(const VideoReceiveStream::Decoder& decoder) {
152 VideoCodec codec;
153 memset(&codec, 0, sizeof(codec));
154
155 codec.plType = decoder.payload_type;
CID 1412646: Memory - illegal accesses (BUFFER_SIZE_WARNING)
Calling strncpy with a maximum size argument of 32 bytes on destination array "codec.plName" of size 32 bytes might leave the destination string unterminated.
156 strncpy(codec.plName, decoder.payload_name.c_str(), sizeof(codec.plName));
157 if (decoder.payload_name == "VP8") {
158 codec.codecType = kVideoCodecVP8;
159 } else if (decoder.payload_name == "VP9") {
160 codec.codecType = kVideoCodecVP9;
161 } else if (decoder.payload_name == "H264") {
** CID 1412647: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/video_codec_initializer.cc: 203 in webrtc::VideoCodecInitializer::VideoEncoderConfigToVideoCodec(const webrtc::VideoEncoderConfig &, const std::vector<webrtc::VideoStream, std::allocator<webrtc::VideoStream>> &, const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, int, bool)()
________________________________________________________________________________________________________
*** CID 1412647: Memory - illegal accesses (BUFFER_SIZE_WARNING)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/video_codec_initializer.cc: 203 in webrtc::VideoCodecInitializer::VideoEncoderConfigToVideoCodec(const webrtc::VideoEncoderConfig &, const std::vector<webrtc::VideoStream, std::allocator<webrtc::VideoStream>> &, const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, int, bool)()
197 sim_stream->minBitrate = streams[i].min_bitrate_bps / 1000;
198 sim_stream->targetBitrate = streams[i].target_bitrate_bps / 1000;
199 sim_stream->maxBitrate = streams[i].max_bitrate_bps / 1000;
200 sim_stream->qpMax = streams[i].max_qp;
201 // We know .rid is terminated
202 RTC_DCHECK(strlen(streams[i].rid) < sizeof(sim_stream->rid));
CID 1412647: Memory - illegal accesses (BUFFER_SIZE_WARNING)
Calling strncpy with a maximum size argument of 32 bytes on destination array "sim_stream->rid" of size 32 bytes might leave the destination string unterminated.
203 strncpy(sim_stream->rid, streams[i].rid, sizeof(sim_stream->rid));
204 sim_stream->numberOfTemporalLayers = static_cast<unsigned char>(
205 streams[i].temporal_layer_thresholds_bps.size() + 1);
206
207 video_codec.width =
208 std::max(video_codec.width, static_cast<uint16_t>(streams[i].width));
** CID 1412648: Memory - corruptions (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aec/aec_core.cc: 1291 in webrtc::EchoSuppression(const webrtc::OouraFft &, webrtc::AecCore *, float *, float *, float *, float (*)[64])()
________________________________________________________________________________________________________
*** CID 1412648: Memory - corruptions (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aec/aec_core.cc: 1291 in webrtc::EchoSuppression(const webrtc::OouraFft &, webrtc::AecCore *, float *, float *, float *, float (*)[64])()
1285 }
1286 }
1287
1288 // Copy the current block to the old position.
1289 memcpy(aec->eBuf, aec->eBuf + PART_LEN, sizeof(float) * PART_LEN);
1290
CID 1412648: Memory - corruptions (BUFFER_SIZE)
You might overrun the 8 byte destination string "aec->xfwBuf[65]" by writing the maximum 16120 bytes from "aec->xfwBuf".
1291 memmove(aec->xfwBuf + PART_LEN1, aec->xfwBuf,
1292 sizeof(aec->xfwBuf) - sizeof(complex_t) * PART_LEN1);
1293 }
1294
1295 static void ProcessNearendBlock(
1296 AecCore* aec,
** CID 1412649: (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/voice_engine/voe_codec_unittest.cc: 31 in webrtc::voe::<unnamed>::VoECodecInst_TestCompareCodecInstances_Test::TestBody()()
/mozilla/media/webrtc/trunk/webrtc/voice_engine/voe_codec_unittest.cc: 49 in webrtc::voe::<unnamed>::VoECodecInst_TestCompareCodecInstances_Test::TestBody()()
________________________________________________________________________________________________________
*** CID 1412649: (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/voice_engine/voe_codec_unittest.cc: 31 in webrtc::voe::<unnamed>::VoECodecInst_TestCompareCodecInstances_Test::TestBody()()
25 TEST(VoECodecInst, TestCompareCodecInstances) {
26 CodecInst codec1, codec2;
27 memset(&codec1, 0, sizeof(CodecInst));
28 memset(&codec2, 0, sizeof(CodecInst));
29
30 codec1.pltype = 101;
CID 1412649: (BUFFER_SIZE)
Calling strncpy with a source string whose length (4 chars) is greater than or equal to the size argument (4) will fail to null-terminate "codec1.plname".
31 strncpy(codec1.plname, "isac", 4);
32 codec1.plfreq = 8000;
33 codec1.pacsize = 110;
34 codec1.channels = 1;
35 codec1.rate = 8000;
36 memcpy(&codec2, &codec1, sizeof(CodecInst));
/mozilla/media/webrtc/trunk/webrtc/voice_engine/voe_codec_unittest.cc: 49 in webrtc::voe::<unnamed>::VoECodecInst_TestCompareCodecInstances_Test::TestBody()()
43 EXPECT_FALSE(codec1 == codec2);
44 EXPECT_TRUE(codec1 != codec2);
45
46 // Reset to codec2 to codec1 state.
47 memcpy(&codec2, &codec1, sizeof(CodecInst));
48 // payload name should be case insensitive.
CID 1412649: (BUFFER_SIZE)
Calling strncpy with a source string whose length (4 chars) is greater than or equal to the size argument (4) will fail to null-terminate "codec2.plname".
49 strncpy(codec2.plname, "ISAC", 4);
50 EXPECT_TRUE(codec1 == codec2);
51
52 // Test modifying the |plfreq|
53 codec2.plfreq = 16000;
54 EXPECT_FALSE(codec1 == codec2);
** CID 1412650: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/timing.cc: 24 in webrtc::VCMTiming::VCMTiming(webrtc::Clock *, webrtc::VCMTiming*)()
________________________________________________________________________________________________________
*** CID 1412650: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/timing.cc: 24 in webrtc::VCMTiming::VCMTiming(webrtc::Clock *, webrtc::VCMTiming*)()
18 #include "webrtc/system_wrappers/include/metrics.h"
19 #include "webrtc/system_wrappers/include/timestamp_extrapolator.h"
20
21 namespace webrtc {
22
23 VCMTiming::VCMTiming(Clock* clock, VCMTiming* master_timing)
CID 1412650: Resource leaks (CTOR_DTOR_LEAK)
The constructor allocates field "crit_sect_" of "webrtc::VCMTiming" but the destructor and whatever functions it calls do not free it.
24 : crit_sect_(CriticalSectionWrapper::CreateCriticalSection()),
25 clock_(clock),
26 master_(false),
27 ts_extrapolator_(),
28 codec_timer_(new VCMCodecTimer()),
29 render_delay_ms_(kDefaultRenderDelayMs),
** CID 1412651: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/timing.cc: 42 in webrtc::VCMTiming::VCMTiming(webrtc::Clock *, webrtc::VCMTiming*)()
________________________________________________________________________________________________________
*** CID 1412651: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/timing.cc: 42 in webrtc::VCMTiming::VCMTiming(webrtc::Clock *, webrtc::VCMTiming*)()
36 num_decoded_frames_(0),
37 num_delayed_decoded_frames_(0),
38 first_decoded_frame_ms_(-1),
39 sum_missed_render_deadline_ms_(0) {
40 if (master_timing == NULL) {
41 master_ = true;
CID 1412651: Resource leaks (CTOR_DTOR_LEAK)
The constructor allocates field "ts_extrapolator_" of "webrtc::VCMTiming" but the destructor and whatever functions it calls do not free it.
42 ts_extrapolator_ = new TimestampExtrapolator(clock_->TimeInMilliseconds());
43 } else {
44 ts_extrapolator_ = master_timing->ts_extrapolator_;
45 }
46 }
47
** CID 1412652: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_capture/video_capture_impl.cc: 84 in webrtc::videocapturemodule::VideoCaptureImpl::VideoCaptureImpl()()
________________________________________________________________________________________________________
*** CID 1412652: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_capture/video_capture_impl.cc: 84 in webrtc::videocapturemodule::VideoCaptureImpl::VideoCaptureImpl()()
78 }
79 return -1;
80 }
81
82 VideoCaptureImpl::VideoCaptureImpl()
83 : _deviceUniqueId(NULL),
CID 1412652: Resource leaks (CTOR_DTOR_LEAK)
The constructor allocates field "_apiCs" of "webrtc::videocapturemodule::VideoCaptureImpl" but the destructor and whatever functions it calls do not free it.
84 _apiCs(*CriticalSectionWrapper::CreateCriticalSection()),
85 _captureDelay(0),
86 _requestedCapability(),
87 _lastProcessTimeNanos(rtc::TimeNanos()),
88 _lastFrameRateCallbackTimeNanos(rtc::TimeNanos()),
89 _dataCallBack(NULL),
** CID 1412653: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_capture/linux/video_capture_linux.cc: 51 in webrtc::videocapturemodule::VideoCaptureModuleV4L2::VideoCaptureModuleV4L2()()
________________________________________________________________________________________________________
*** CID 1412653: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_capture/linux/video_capture_linux.cc: 51 in webrtc::videocapturemodule::VideoCaptureModuleV4L2::VideoCaptureModuleV4L2()()
45
46 return implementation;
47 }
48
49 VideoCaptureModuleV4L2::VideoCaptureModuleV4L2()
50 : VideoCaptureImpl(),
CID 1412653: Resource leaks (CTOR_DTOR_LEAK)
The constructor allocates field "_captureCritSect" of "webrtc::videocapturemodule::VideoCaptureModuleV4L2" but the destructor and whatever functions it calls do not free it.
51 _captureCritSect(CriticalSectionWrapper::CreateCriticalSection()),
52 _deviceId(-1),
53 _deviceFd(-1),
54 _buffersAllocatedByDevice(-1),
55 _currentWidth(-1),
56 _currentHeight(-1),
** CID 1412654: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/jitter_buffer.cc: 257 in webrtc::VCMJitterBuffer::VCMJitterBuffer(webrtc::Clock *, std::unique_ptr<webrtc::EventWrapper, std::default_delete<webrtc::EventWrapper>>, webrtc::NackSender *, webrtc::KeyFrameRequestSender *)()
________________________________________________________________________________________________________
*** CID 1412654: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/jitter_buffer.cc: 257 in webrtc::VCMJitterBuffer::VCMJitterBuffer(webrtc::Clock *, std::unique_ptr<webrtc::EventWrapper, std::default_delete<webrtc::EventWrapper>>, webrtc::NackSender *, webrtc::KeyFrameRequestSender *)()
251 VCMJitterBuffer::VCMJitterBuffer(Clock* clock,
252 std::unique_ptr<EventWrapper> event,
253 NackSender* nack_sender,
254 KeyFrameRequestSender* keyframe_request_sender)
255 : clock_(clock),
256 running_(false),
CID 1412654: Resource leaks (CTOR_DTOR_LEAK)
The constructor allocates field "crit_sect_" of "webrtc::VCMJitterBuffer" but the destructor and whatever functions it calls do not free it.
257 crit_sect_(CriticalSectionWrapper::CreateCriticalSection()),
258 frame_event_(std::move(event)),
259 max_number_of_frames_(kStartNumberOfFrames),
260 free_frames_(),
261 decodable_frames_(),
262 incomplete_frames_(),
** CID 1412655: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/media_file/media_file_impl.cc: 32 in webrtc::MediaFileImpl::MediaFileImpl(int)()
________________________________________________________________________________________________________
*** CID 1412655: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/media_file/media_file_impl.cc: 32 in webrtc::MediaFileImpl::MediaFileImpl(int)()
26 {
27 delete static_cast<MediaFileImpl*>(module);
28 }
29
30 MediaFileImpl::MediaFileImpl(const int32_t id)
31 : _id(id),
CID 1412655: Resource leaks (CTOR_DTOR_LEAK)
The constructor allocates field "_crit" of "webrtc::MediaFileImpl" but the destructor and whatever functions it calls do not free it.
32 _crit(CriticalSectionWrapper::CreateCriticalSection()),
33 _callbackCrit(CriticalSectionWrapper::CreateCriticalSection()),
34 _ptrFileUtilityObj(NULL),
35 codec_info_(),
36 _ptrInStream(NULL),
37 _ptrOutStream(NULL),
** CID 1412656: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/simulcast_encoder_adapter_unittest.cc: 220 in webrtc::testing::TestSimulcastEncoderAdapterFakeHelper::TestSimulcastEncoderAdapterFakeHelper()()
________________________________________________________________________________________________________
*** CID 1412656: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/simulcast_encoder_adapter_unittest.cc: 220 in webrtc::testing::TestSimulcastEncoderAdapterFakeHelper::TestSimulcastEncoderAdapterFakeHelper()()
214 std::vector<const char*> encoder_names_;
215 };
216
217 class TestSimulcastEncoderAdapterFakeHelper {
218 public:
219 TestSimulcastEncoderAdapterFakeHelper()
CID 1412656: Resource leaks (CTOR_DTOR_LEAK)
The constructor allocates field "factory_" of "webrtc::testing::TestSimulcastEncoderAdapterFakeHelper" but there is no destructor.
220 : factory_(new MockVideoEncoderFactory()) {}
221
222 // Can only be called once as the SimulcastEncoderAdapter will take the
223 // ownership of |factory_|.
224 VP8Encoder* CreateMockEncoderAdapter() {
225 return new SimulcastEncoderAdapter(factory_);
** CID 1412657: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/system_wrappers/source/trace_posix.cc: 23 in webrtc::TracePosix::TracePosix()()
________________________________________________________________________________________________________
*** CID 1412657: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/system_wrappers/source/trace_posix.cc: 23 in webrtc::TracePosix::TracePosix()()
17 #include <sys/time.h>
18 #include <time.h>
19
20 namespace webrtc {
21
22 TracePosix::TracePosix()
CID 1412657: Resource leaks (CTOR_DTOR_LEAK)
The constructor allocates field "crit_sect_" of "webrtc::TracePosix" but the destructor and whatever functions it calls do not free it.
23 : crit_sect_(*CriticalSectionWrapper::CreateCriticalSection()) {
24 struct timeval system_time_high_res;
25 gettimeofday(&system_time_high_res, 0);
26 prev_api_tick_count_ = prev_tick_count_ = system_time_high_res.tv_sec;
27 }
28
** CID 1412658: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/media_file/media_file_impl.cc: 33 in webrtc::MediaFileImpl::MediaFileImpl(int)()
________________________________________________________________________________________________________
*** CID 1412658: Resource leaks (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/media_file/media_file_impl.cc: 33 in webrtc::MediaFileImpl::MediaFileImpl(int)()
27 delete static_cast<MediaFileImpl*>(module);
28 }
29
30 MediaFileImpl::MediaFileImpl(const int32_t id)
31 : _id(id),
32 _crit(CriticalSectionWrapper::CreateCriticalSection()),
CID 1412658: Resource leaks (CTOR_DTOR_LEAK)
The constructor allocates field "_callbackCrit" of "webrtc::MediaFileImpl" but the destructor and whatever functions it calls do not free it.
33 _callbackCrit(CriticalSectionWrapper::CreateCriticalSection()),
34 _ptrFileUtilityObj(NULL),
35 codec_info_(),
36 _ptrInStream(NULL),
37 _ptrOutStream(NULL),
38 _fileFormat((FileFormats)-1),
** CID 1412659: Security best practices violations (DC.WEAK_CRYPTO)
/mozilla/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_region_unittest.cc: 22 in webrtc::<unnamed>::RadmonInt(int)()
________________________________________________________________________________________________________
*** CID 1412659: Security best practices violations (DC.WEAK_CRYPTO)
/mozilla/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_region_unittest.cc: 22 in webrtc::<unnamed>::RadmonInt(int)()
16
17 namespace webrtc {
18
19 namespace {
20
21 int RadmonInt(int max) {
CID 1412659: Security best practices violations (DC.WEAK_CRYPTO)
"rand" should not be used for security related applications, as linear congruential algorithms are too easy to break.
22 return (rand() / 256) % max;
23 }
24
25 void CompareRegion(const DesktopRegion& region,
26 const DesktopRect rects[], int rects_size) {
27 DesktopRegion::Iterator it(region);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRatup6zBAYCo6Ce1pvzy9Ee4qJmmCCWyFXH3Z-2BjWgNDpqveTGE00b-2Bxq7Gpp7vXFD4-3D_WSCScGnjaXfWLguY5PmVmVThPPMEXWbu-2Brq6btJ6DAYK5Z78PgiOf7xyP4asRg-2Ftz11NhAca-2FKQzcDp7IOACCkBh3zTfhTT3mXecuboU1TEt4109Ofr8dLTkebTIOQAmcJ9V8YnDrpBFLfel92wM6LzdSBz5q4kjkWGUbtxYgLuMzrg-2BNk3wDumnr-2FUyUH-2FbD-2FkvYSE9GhREN9qu5wXgkVEdcm4yO51heCzvXYtNZok-3D
To manage Coverity Scan email notifications for "ishikawa@yk.rim.or.jp", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4E9B3IyaNM01-2FCNIiiGMkjrV7Z7TdO4tvOhPf3CXmRuI4Pp0Of2houCnEW2fStUw09RkbYbTA3bf67c4q8dE8GU6P5K7HnX3H5UDBTNzLBXY-3D_WSCScGnjaXfWLguY5PmVmVThPPMEXWbu-2Brq6btJ6DAYK5Z78PgiOf7xyP4asRg-2Ftm6wYqmae-2FWCFc6gshQKTgWsxTTL-2BoKFVQ2J-2BSY0So211nTkydDpthrPs76SoDeoTHKKS-2BOMx7G5rpMUvegloC8jTY-2BLIimbqeBTpYl8a-2FHL-2Fve5rs5IAsvfoZceytwZnrwkl1a2LmOxdPsa1ZIxOol3YDLFtveZEJxuoQZkVggg-3D
Like I said, this affects FIREFOX browser.
I am setting security flag just in case.
As a matter of fact, I see these warnings regarding potential memory access errors which are sometimes hard to diagnose whether they are real or false positives. But today's e-mail reports contain many warnings which are disturbing to say the least and for those strncpy(), memcpy() seems to be a better replacement (but handle the field throughout using memcpy() then, not treating it as null-terminated string), and seeing memcpy for possibly overlapping areas, and the potential for buffer overflow, possibly undefined shift behavior, etc. in one message bothered me too much to post this here.
Again, I think some of them can be false positives, but coding style made me suspicious, and maybe putting in a comment or two regarding coverity false-positive (if indeed the case) would be welcome.
TIA
Sorry if I had time, I would look into the issues, but no I don't today :-(
|
||
Comment 1•7 years ago
|
||
We have people who keep an eye on the Coverity results. Having a giant bug like this isn't useful.
|
|
||
Updated•7 years ago
|
Group: firefox-core-security → core-security
Component: Untriaged → General
Product: Firefox → Core
|
Reporter | |
Comment 2•7 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #1) > We have people who keep an eye on the Coverity results. Having a giant bug > like this isn't useful. Great. Then I hope these will be taken care of. Sorry for the noise.
|
||
Updated•4 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•