Closed Bug 1373151 Opened 3 years ago Closed 3 years ago

Coverity found a few issues: (NOT ONLY FOR TB!)

Categories

(Core :: General, defect)

defect
Not set

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: ishikawa, Unassigned)

References

(Blocks 1 open bug)

Details

I subscribe to Coverity scan report of C-C TB source tree.
Many warnings reported are actually in M-C portion of the code and
I trust that many eyeballs are looking at such issues.

Usually, I do not bother to report even if the error(s) reported seem to be rather grave trusting the wide and shallow eyeball scans.

But today's report warrants my posting this. If these are already handled in other places, sorry about the noise. But I think this noise warrants this just in case  this has not been addressed in the last 7 days or so.

Note the CIDs in particular.
 
   CID 1412643:  API usage errors  (BUFFER_SIZE)

   CID 1412644:  Integer handling issues  (BAD_SHIFT)

   CID 1412645:  Memory - illegal accesses  (BUFFER_SIZE) CID 1412646:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
    maybe instead of strncpy, memcpy can be used for larity?

 CID 1412647:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
 CID 1412648:  Memory - corruptions  (BUFFER_SIZE)
 CID 1412649:    (BUFFER_SIZE)

---


Please find the latest report on new defect(s) introduced to Thunderbird found with Coverity Scan.

90 new defect(s) introduced to Thunderbird found with Coverity Scan.
124 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 90 defect(s)


** CID 1412044:  Control flow issues  (DEADCODE)
/mozilla/security/nss/lib/freebl/rijndael.c: 1121 in aes_InitContext()


________________________________________________________________________________________________________
*** CID 1412044:  Control flow issues  (DEADCODE)
/mozilla/security/nss/lib/freebl/rijndael.c: 1121 in aes_InitContext()
1115                     return SECFailure;
1116                 }
1117             }
1118     #endif
1119             /* Generate expanded key */
1120             if (encrypt) {

                CID 1412044:  Control flow issues  (DEADCODE)
                Execution cannot reach the expression "cx->mode == 4" inside this statement: "if (use_hw_aes && (cx->mode...".

1121                 if (use_hw_aes && (cx->mode == NSS_AES_GCM || cx->mode == NSS_AES ||
1122                                    cx->mode == NSS_AES_CTR)) {
1123                     PORT_Assert(keysize == 16 || keysize == 24 || keysize == 32);
1124                     /* Prepare hardware key for normal AES parameters. */
1125                     native_key_expansion(cx, key, Nk);
1126                 } else {

** CID 1412641:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/mozilla/layout/generic/nsTextFrame.cpp: 8527 in nsTextFrame::AddInlineMinISizeForFlow(gfxContext *, nsIFrame::InlineMinISizeData *, nsTextFrame::TextRunType)()


________________________________________________________________________________________________________
*** CID 1412641:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/mozilla/layout/generic/nsTextFrame.cpp: 8527 in nsTextFrame::AddInlineMinISizeForFlow(gfxContext *, nsIFrame::InlineMinISizeData *, nsTextFrame::TextRunType)()
8521             aData->mTrailingWhitespace = 0;
8522           }
8523         }
8524     
8525         if (preformattedTab) {
8526           PropertyProvider::Spacing spacing;

                CID 1412641:  Memory - corruptions  (ARRAY_VS_SINGLETON)
                Taking address with "&spacing" yields a singleton pointer.

8527           provider.GetSpacing(Range(i, i + 1), &spacing);
8528           aData->mCurrentLine += nscoord(spacing.mBefore);
8529           if (tabWidth < 0) {
8530             tabWidth = ComputeTabWidthAppUnits(this, textRun);
8531           }
8532           gfxFloat afterTab =

** CID 1412642:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/mozilla/layout/generic/nsTextFrame.cpp: 8690 in nsTextFrame::AddInlinePrefISizeForFlow(gfxContext *, nsIFrame::InlinePrefISizeData *, nsTextFrame::TextRunType)()


________________________________________________________________________________________________________
*** CID 1412642:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/mozilla/layout/generic/nsTextFrame.cpp: 8690 in nsTextFrame::AddInlinePrefISizeForFlow(gfxContext *, nsIFrame::InlinePrefISizeData *, nsTextFrame::TextRunType)()
8684             aData->mTrailingWhitespace = 0;
8685           }
8686         }
8687     
8688         if (preformattedTab) {
8689           PropertyProvider::Spacing spacing;

                CID 1412642:  Memory - corruptions  (ARRAY_VS_SINGLETON)
                Taking address with "&spacing" yields a singleton pointer.

8690           provider.GetSpacing(Range(i, i + 1), &spacing);
8691           aData->mCurrentLine += nscoord(spacing.mBefore);
8692           if (tabWidth < 0) {
8693             tabWidth = ComputeTabWidthAppUnits(this, textRun);
8694           }
8695           gfxFloat afterTab =

** CID 1412643:  API usage errors  (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aec/aec_core.cc: 1806 in webrtc::FormOutputFrame(unsigned long, unsigned long, unsigned long *, float (*)[128], float *const *)()


________________________________________________________________________________________________________
*** CID 1412643:  API usage errors  (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aec/aec_core.cc: 1806 in webrtc::FormOutputFrame(unsigned long, unsigned long, unsigned long *, float (*)[128], float *const *)()
1800                FRAME_LEN * sizeof(float));
1801       }
1802       (*output_buffer_size) -= FRAME_LEN;
1803       if (*output_buffer_size > 0) {
1804         RTC_DCHECK_GE(2 * PART_LEN - FRAME_LEN, (*output_buffer_size));
1805         for (size_t i = 0; i < num_bands; ++i) {

                CID 1412643:  API usage errors  (BUFFER_SIZE)
                The source buffer "&output_buffer[i][80]" potentially overlaps with the destination buffer "&output_buffer[i][0]", which results in undefined behavior for "memcpy".

1806           memcpy(&output_buffer[i][0], &output_buffer[i][FRAME_LEN],
1807                  (*output_buffer_size) * sizeof(float));
1808         }
1809       }
1810     }
1811     

** CID 1412644:  Integer handling issues  (BAD_SHIFT)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aecm/aecm_core.cc: 930 in WebRtcAecm_UpdateChannel(AecmCore *, const unsigned short *, short, const unsigned short *, short, int *)()


________________________________________________________________________________________________________
*** CID 1412644:  Integer handling issues  (BAD_SHIFT)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aecm/aecm_core.cc: 930 in WebRtcAecm_UpdateChannel(AecmCore *, const unsigned short *, short, const unsigned short *, short, int *)()
924                             far_spectrum[i]);
925                     shiftChFar = 0;
926                 } else
927                 {
928                     // We need to shift down before multiplication
929                     shiftChFar = 32 - zerosCh - zerosFar;

                CID 1412644:  Integer handling issues  (BAD_SHIFT)
                In expression "aecm->channelAdapt32[i] >> shiftChFar", right shifting by more than 31 bits has undefined behavior.  The shift amount, "shiftChFar", is 32.

930                     tmpU32no1 = (aecm->channelAdapt32[i] >> shiftChFar) *
931                         far_spectrum[i];
932                 }
933                 // Determine Q-domain of numerator
934                 zerosNum = WebRtcSpl_NormU32(tmpU32no1);
935                 if (dfa[i])

** CID 1412645:  Memory - illegal accesses  (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/rtp_rtcp/source/rtp_rtcp_impl_unittest.cc: 180 in webrtc::RtpRtcpImplTest::RtpRtcpImplTest()()


________________________________________________________________________________________________________
*** CID 1412645:  Memory - illegal accesses  (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/rtp_rtcp/source/rtp_rtcp_impl_unittest.cc: 180 in webrtc::RtpRtcpImplTest::RtpRtcpImplTest()()
174         sender_.SetRemoteSsrc(kReceiverSsrc);
175         sender_.impl_->SetSequenceNumber(kSequenceNumber);
176         sender_.impl_->SetStorePacketsStatus(true, 100);
177     
178         memset(&codec_, 0, sizeof(VideoCodec));
179         codec_.plType = 100;

                CID 1412645:  Memory - illegal accesses  (BUFFER_SIZE)
                Calling strncpy with a source string whose length (3 chars) is greater than or equal to the size argument (3) will fail to null-terminate "this->codec_.plName".

180         strncpy(codec_.plName, "VP8", 3);
181         codec_.width = 320;
182         codec_.height = 180;
183         EXPECT_EQ(0, sender_.impl_->RegisterSendPayload(codec_));
184     
185         // Receive module.

** CID 1412646:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/mozilla/media/webrtc/trunk/webrtc/video/video_receive_stream.cc: 156 in webrtc::<unnamed>::CreateDecoderVideoCodec(const webrtc::VideoReceiveStream::Decoder &)()


________________________________________________________________________________________________________
*** CID 1412646:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/mozilla/media/webrtc/trunk/webrtc/video/video_receive_stream.cc: 156 in webrtc::<unnamed>::CreateDecoderVideoCodec(const webrtc::VideoReceiveStream::Decoder &)()
150     namespace {
151     VideoCodec CreateDecoderVideoCodec(const VideoReceiveStream::Decoder& decoder) {
152       VideoCodec codec;
153       memset(&codec, 0, sizeof(codec));
154     
155       codec.plType = decoder.payload_type;

                CID 1412646:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
                Calling strncpy with a maximum size argument of 32 bytes on destination array "codec.plName" of size 32 bytes might leave the destination string unterminated.

156       strncpy(codec.plName, decoder.payload_name.c_str(), sizeof(codec.plName));
157       if (decoder.payload_name == "VP8") {
158         codec.codecType = kVideoCodecVP8;
159       } else if (decoder.payload_name == "VP9") {
160         codec.codecType = kVideoCodecVP9;
161       } else if (decoder.payload_name == "H264") {

** CID 1412647:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/video_codec_initializer.cc: 203 in webrtc::VideoCodecInitializer::VideoEncoderConfigToVideoCodec(const webrtc::VideoEncoderConfig &, const std::vector<webrtc::VideoStream, std::allocator<webrtc::VideoStream>> &, const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, int, bool)()


________________________________________________________________________________________________________
*** CID 1412647:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/video_codec_initializer.cc: 203 in webrtc::VideoCodecInitializer::VideoEncoderConfigToVideoCodec(const webrtc::VideoEncoderConfig &, const std::vector<webrtc::VideoStream, std::allocator<webrtc::VideoStream>> &, const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, int, bool)()
197         sim_stream->minBitrate = streams[i].min_bitrate_bps / 1000;
198         sim_stream->targetBitrate = streams[i].target_bitrate_bps / 1000;
199         sim_stream->maxBitrate = streams[i].max_bitrate_bps / 1000;
200         sim_stream->qpMax = streams[i].max_qp;
201         // We know .rid is terminated
202         RTC_DCHECK(strlen(streams[i].rid) < sizeof(sim_stream->rid));

                CID 1412647:  Memory - illegal accesses  (BUFFER_SIZE_WARNING)
                Calling strncpy with a maximum size argument of 32 bytes on destination array "sim_stream->rid" of size 32 bytes might leave the destination string unterminated.

203         strncpy(sim_stream->rid, streams[i].rid, sizeof(sim_stream->rid));
204         sim_stream->numberOfTemporalLayers = static_cast<unsigned char>(
205             streams[i].temporal_layer_thresholds_bps.size() + 1);
206     
207         video_codec.width =
208             std::max(video_codec.width, static_cast<uint16_t>(streams[i].width));

** CID 1412648:  Memory - corruptions  (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aec/aec_core.cc: 1291 in webrtc::EchoSuppression(const webrtc::OouraFft &, webrtc::AecCore *, float *, float *, float *, float (*)[64])()


________________________________________________________________________________________________________
*** CID 1412648:  Memory - corruptions  (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/modules/audio_processing/aec/aec_core.cc: 1291 in webrtc::EchoSuppression(const webrtc::OouraFft &, webrtc::AecCore *, float *, float *, float *, float (*)[64])()
1285         }
1286       }
1287     
1288       // Copy the current block to the old position.
1289       memcpy(aec->eBuf, aec->eBuf + PART_LEN, sizeof(float) * PART_LEN);
1290     

                CID 1412648:  Memory - corruptions  (BUFFER_SIZE)
                You might overrun the 8 byte destination string "aec->xfwBuf[65]" by writing the maximum 16120 bytes from "aec->xfwBuf".

1291       memmove(aec->xfwBuf + PART_LEN1, aec->xfwBuf,
1292               sizeof(aec->xfwBuf) - sizeof(complex_t) * PART_LEN1);
1293     }
1294     
1295     static void ProcessNearendBlock(
1296         AecCore* aec,

** CID 1412649:    (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/voice_engine/voe_codec_unittest.cc: 31 in webrtc::voe::<unnamed>::VoECodecInst_TestCompareCodecInstances_Test::TestBody()()
/mozilla/media/webrtc/trunk/webrtc/voice_engine/voe_codec_unittest.cc: 49 in webrtc::voe::<unnamed>::VoECodecInst_TestCompareCodecInstances_Test::TestBody()()


________________________________________________________________________________________________________
*** CID 1412649:    (BUFFER_SIZE)
/mozilla/media/webrtc/trunk/webrtc/voice_engine/voe_codec_unittest.cc: 31 in webrtc::voe::<unnamed>::VoECodecInst_TestCompareCodecInstances_Test::TestBody()()
25     TEST(VoECodecInst, TestCompareCodecInstances) {
26       CodecInst codec1, codec2;
27       memset(&codec1, 0, sizeof(CodecInst));
28       memset(&codec2, 0, sizeof(CodecInst));
29     
30       codec1.pltype = 101;

                CID 1412649:    (BUFFER_SIZE)
                Calling strncpy with a source string whose length (4 chars) is greater than or equal to the size argument (4) will fail to null-terminate "codec1.plname".

31       strncpy(codec1.plname, "isac", 4);
32       codec1.plfreq = 8000;
33       codec1.pacsize = 110;
34       codec1.channels = 1;
35       codec1.rate = 8000;
36       memcpy(&codec2, &codec1, sizeof(CodecInst));
/mozilla/media/webrtc/trunk/webrtc/voice_engine/voe_codec_unittest.cc: 49 in webrtc::voe::<unnamed>::VoECodecInst_TestCompareCodecInstances_Test::TestBody()()
43       EXPECT_FALSE(codec1 == codec2);
44       EXPECT_TRUE(codec1 != codec2);
45     
46       // Reset to codec2 to codec1 state.
47       memcpy(&codec2, &codec1, sizeof(CodecInst));
48       // payload name should be case insensitive.

                CID 1412649:    (BUFFER_SIZE)
                Calling strncpy with a source string whose length (4 chars) is greater than or equal to the size argument (4) will fail to null-terminate "codec2.plname".

49       strncpy(codec2.plname, "ISAC", 4);
50       EXPECT_TRUE(codec1 == codec2);
51     
52       // Test modifying the |plfreq|
53       codec2.plfreq = 16000;
54       EXPECT_FALSE(codec1 == codec2);

** CID 1412650:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/timing.cc: 24 in webrtc::VCMTiming::VCMTiming(webrtc::Clock *, webrtc::VCMTiming*)()


________________________________________________________________________________________________________
*** CID 1412650:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/timing.cc: 24 in webrtc::VCMTiming::VCMTiming(webrtc::Clock *, webrtc::VCMTiming*)()
18     #include "webrtc/system_wrappers/include/metrics.h"
19     #include "webrtc/system_wrappers/include/timestamp_extrapolator.h"
20     
21     namespace webrtc {
22     
23     VCMTiming::VCMTiming(Clock* clock, VCMTiming* master_timing)

                CID 1412650:  Resource leaks  (CTOR_DTOR_LEAK)
                The constructor allocates field "crit_sect_" of "webrtc::VCMTiming" but the destructor and whatever functions it calls do not free it.

24         : crit_sect_(CriticalSectionWrapper::CreateCriticalSection()),
25           clock_(clock),
26           master_(false),
27           ts_extrapolator_(),
28           codec_timer_(new VCMCodecTimer()),
29           render_delay_ms_(kDefaultRenderDelayMs),

** CID 1412651:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/timing.cc: 42 in webrtc::VCMTiming::VCMTiming(webrtc::Clock *, webrtc::VCMTiming*)()


________________________________________________________________________________________________________
*** CID 1412651:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/timing.cc: 42 in webrtc::VCMTiming::VCMTiming(webrtc::Clock *, webrtc::VCMTiming*)()
36           num_decoded_frames_(0),
37           num_delayed_decoded_frames_(0),
38           first_decoded_frame_ms_(-1),
39           sum_missed_render_deadline_ms_(0) {
40       if (master_timing == NULL) {
41         master_ = true;

                CID 1412651:  Resource leaks  (CTOR_DTOR_LEAK)
                The constructor allocates field "ts_extrapolator_" of "webrtc::VCMTiming" but the destructor and whatever functions it calls do not free it.

42         ts_extrapolator_ = new TimestampExtrapolator(clock_->TimeInMilliseconds());
43       } else {
44         ts_extrapolator_ = master_timing->ts_extrapolator_;
45       }
46     }
47     

** CID 1412652:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_capture/video_capture_impl.cc: 84 in webrtc::videocapturemodule::VideoCaptureImpl::VideoCaptureImpl()()


________________________________________________________________________________________________________
*** CID 1412652:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_capture/video_capture_impl.cc: 84 in webrtc::videocapturemodule::VideoCaptureImpl::VideoCaptureImpl()()
78       }
79       return -1;
80     }
81     
82     VideoCaptureImpl::VideoCaptureImpl()
83         : _deviceUniqueId(NULL),

                CID 1412652:  Resource leaks  (CTOR_DTOR_LEAK)
                The constructor allocates field "_apiCs" of "webrtc::videocapturemodule::VideoCaptureImpl" but the destructor and whatever functions it calls do not free it.

84           _apiCs(*CriticalSectionWrapper::CreateCriticalSection()),
85           _captureDelay(0),
86           _requestedCapability(),
87           _lastProcessTimeNanos(rtc::TimeNanos()),
88           _lastFrameRateCallbackTimeNanos(rtc::TimeNanos()),
89           _dataCallBack(NULL),

** CID 1412653:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_capture/linux/video_capture_linux.cc: 51 in webrtc::videocapturemodule::VideoCaptureModuleV4L2::VideoCaptureModuleV4L2()()


________________________________________________________________________________________________________
*** CID 1412653:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_capture/linux/video_capture_linux.cc: 51 in webrtc::videocapturemodule::VideoCaptureModuleV4L2::VideoCaptureModuleV4L2()()
45     
46         return implementation;
47     }
48     
49     VideoCaptureModuleV4L2::VideoCaptureModuleV4L2()
50         : VideoCaptureImpl(),

                CID 1412653:  Resource leaks  (CTOR_DTOR_LEAK)
                The constructor allocates field "_captureCritSect" of "webrtc::videocapturemodule::VideoCaptureModuleV4L2" but the destructor and whatever functions it calls do not free it.

51           _captureCritSect(CriticalSectionWrapper::CreateCriticalSection()),
52           _deviceId(-1),
53           _deviceFd(-1),
54           _buffersAllocatedByDevice(-1),
55           _currentWidth(-1),
56           _currentHeight(-1),

** CID 1412654:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/jitter_buffer.cc: 257 in webrtc::VCMJitterBuffer::VCMJitterBuffer(webrtc::Clock *, std::unique_ptr<webrtc::EventWrapper, std::default_delete<webrtc::EventWrapper>>, webrtc::NackSender *, webrtc::KeyFrameRequestSender *)()


________________________________________________________________________________________________________
*** CID 1412654:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/jitter_buffer.cc: 257 in webrtc::VCMJitterBuffer::VCMJitterBuffer(webrtc::Clock *, std::unique_ptr<webrtc::EventWrapper, std::default_delete<webrtc::EventWrapper>>, webrtc::NackSender *, webrtc::KeyFrameRequestSender *)()
251     VCMJitterBuffer::VCMJitterBuffer(Clock* clock,
252                                      std::unique_ptr<EventWrapper> event,
253                                      NackSender* nack_sender,
254                                      KeyFrameRequestSender* keyframe_request_sender)
255         : clock_(clock),
256           running_(false),

                CID 1412654:  Resource leaks  (CTOR_DTOR_LEAK)
                The constructor allocates field "crit_sect_" of "webrtc::VCMJitterBuffer" but the destructor and whatever functions it calls do not free it.

257           crit_sect_(CriticalSectionWrapper::CreateCriticalSection()),
258           frame_event_(std::move(event)),
259           max_number_of_frames_(kStartNumberOfFrames),
260           free_frames_(),
261           decodable_frames_(),
262           incomplete_frames_(),

** CID 1412655:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/media_file/media_file_impl.cc: 32 in webrtc::MediaFileImpl::MediaFileImpl(int)()


________________________________________________________________________________________________________
*** CID 1412655:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/media_file/media_file_impl.cc: 32 in webrtc::MediaFileImpl::MediaFileImpl(int)()
26     {
27         delete static_cast<MediaFileImpl*>(module);
28     }
29     
30     MediaFileImpl::MediaFileImpl(const int32_t id)
31         : _id(id),

                CID 1412655:  Resource leaks  (CTOR_DTOR_LEAK)
                The constructor allocates field "_crit" of "webrtc::MediaFileImpl" but the destructor and whatever functions it calls do not free it.

32           _crit(CriticalSectionWrapper::CreateCriticalSection()),
33           _callbackCrit(CriticalSectionWrapper::CreateCriticalSection()),
34           _ptrFileUtilityObj(NULL),
35           codec_info_(),
36           _ptrInStream(NULL),
37           _ptrOutStream(NULL),

** CID 1412656:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/simulcast_encoder_adapter_unittest.cc: 220 in webrtc::testing::TestSimulcastEncoderAdapterFakeHelper::TestSimulcastEncoderAdapterFakeHelper()()


________________________________________________________________________________________________________
*** CID 1412656:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/video_coding/codecs/vp8/simulcast_encoder_adapter_unittest.cc: 220 in webrtc::testing::TestSimulcastEncoderAdapterFakeHelper::TestSimulcastEncoderAdapterFakeHelper()()
214       std::vector<const char*> encoder_names_;
215     };
216     
217     class TestSimulcastEncoderAdapterFakeHelper {
218      public:
219       TestSimulcastEncoderAdapterFakeHelper()

                CID 1412656:  Resource leaks  (CTOR_DTOR_LEAK)
                The constructor allocates field "factory_" of "webrtc::testing::TestSimulcastEncoderAdapterFakeHelper" but there is no destructor.

220           : factory_(new MockVideoEncoderFactory()) {}
221     
222       // Can only be called once as the SimulcastEncoderAdapter will take the
223       // ownership of |factory_|.
224       VP8Encoder* CreateMockEncoderAdapter() {
225         return new SimulcastEncoderAdapter(factory_);

** CID 1412657:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/system_wrappers/source/trace_posix.cc: 23 in webrtc::TracePosix::TracePosix()()


________________________________________________________________________________________________________
*** CID 1412657:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/system_wrappers/source/trace_posix.cc: 23 in webrtc::TracePosix::TracePosix()()
17     #include <sys/time.h>
18     #include <time.h>
19     
20     namespace webrtc {
21     
22     TracePosix::TracePosix()

                CID 1412657:  Resource leaks  (CTOR_DTOR_LEAK)
                The constructor allocates field "crit_sect_" of "webrtc::TracePosix" but the destructor and whatever functions it calls do not free it.

23         : crit_sect_(*CriticalSectionWrapper::CreateCriticalSection()) {
24       struct timeval system_time_high_res;
25       gettimeofday(&system_time_high_res, 0);
26       prev_api_tick_count_ = prev_tick_count_ = system_time_high_res.tv_sec;
27     }
28     

** CID 1412658:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/media_file/media_file_impl.cc: 33 in webrtc::MediaFileImpl::MediaFileImpl(int)()


________________________________________________________________________________________________________
*** CID 1412658:  Resource leaks  (CTOR_DTOR_LEAK)
/mozilla/media/webrtc/trunk/webrtc/modules/media_file/media_file_impl.cc: 33 in webrtc::MediaFileImpl::MediaFileImpl(int)()
27         delete static_cast<MediaFileImpl*>(module);
28     }
29     
30     MediaFileImpl::MediaFileImpl(const int32_t id)
31         : _id(id),
32           _crit(CriticalSectionWrapper::CreateCriticalSection()),

                CID 1412658:  Resource leaks  (CTOR_DTOR_LEAK)
                The constructor allocates field "_callbackCrit" of "webrtc::MediaFileImpl" but the destructor and whatever functions it calls do not free it.

33           _callbackCrit(CriticalSectionWrapper::CreateCriticalSection()),
34           _ptrFileUtilityObj(NULL),
35           codec_info_(),
36           _ptrInStream(NULL),
37           _ptrOutStream(NULL),
38           _fileFormat((FileFormats)-1),

** CID 1412659:  Security best practices violations  (DC.WEAK_CRYPTO)
/mozilla/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_region_unittest.cc: 22 in webrtc::<unnamed>::RadmonInt(int)()


________________________________________________________________________________________________________
*** CID 1412659:  Security best practices violations  (DC.WEAK_CRYPTO)
/mozilla/media/webrtc/trunk/webrtc/modules/desktop_capture/desktop_region_unittest.cc: 22 in webrtc::<unnamed>::RadmonInt(int)()
16     
17     namespace webrtc {
18     
19     namespace {
20     
21     int RadmonInt(int max) {

                CID 1412659:  Security best practices violations  (DC.WEAK_CRYPTO)
                "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break.

22       return (rand() / 256) % max;
23     }
24     
25     void CompareRegion(const DesktopRegion& region,
26                        const DesktopRect rects[], int rects_size) {
27       DesktopRegion::Iterator it(region);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRatup6zBAYCo6Ce1pvzy9Ee4qJmmCCWyFXH3Z-2BjWgNDpqveTGE00b-2Bxq7Gpp7vXFD4-3D_WSCScGnjaXfWLguY5PmVmVThPPMEXWbu-2Brq6btJ6DAYK5Z78PgiOf7xyP4asRg-2Ftz11NhAca-2FKQzcDp7IOACCkBh3zTfhTT3mXecuboU1TEt4109Ofr8dLTkebTIOQAmcJ9V8YnDrpBFLfel92wM6LzdSBz5q4kjkWGUbtxYgLuMzrg-2BNk3wDumnr-2FUyUH-2FbD-2FkvYSE9GhREN9qu5wXgkVEdcm4yO51heCzvXYtNZok-3D

To manage Coverity Scan email notifications for "ishikawa@yk.rim.or.jp", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4E9B3IyaNM01-2FCNIiiGMkjrV7Z7TdO4tvOhPf3CXmRuI4Pp0Of2houCnEW2fStUw09RkbYbTA3bf67c4q8dE8GU6P5K7HnX3H5UDBTNzLBXY-3D_WSCScGnjaXfWLguY5PmVmVThPPMEXWbu-2Brq6btJ6DAYK5Z78PgiOf7xyP4asRg-2Ftm6wYqmae-2FWCFc6gshQKTgWsxTTL-2BoKFVQ2J-2BSY0So211nTkydDpthrPs76SoDeoTHKKS-2BOMx7G5rpMUvegloC8jTY-2BLIimbqeBTpYl8a-2FHL-2Fve5rs5IAsvfoZceytwZnrwkl1a2LmOxdPsa1ZIxOol3YDLFtveZEJxuoQZkVggg-3D


Like I said, this affects FIREFOX browser.

I am setting security flag just in case.

As a matter of fact, I see these warnings regarding potential memory access errors which are sometimes hard to diagnose whether they are real or false positives. But today's e-mail reports contain many warnings which are disturbing to say the least and for those strncpy(), memcpy() seems to be a better replacement (but handle the field throughout using memcpy() then, not treating it as null-terminated string), and seeing memcpy for possibly overlapping areas, and the potential for buffer overflow, possibly undefined shift behavior, etc. in one message bothered me too much to post this here.

Again, I think some of them can be false positives, but coding style made me suspicious, and maybe putting in a comment or two regarding coverity false-positive (if indeed the case) would be welcome.

TIA

Sorry if I had time, I would look into the issues, but no I don't today :-(
We have people who keep an eye on the Coverity results. Having a giant bug like this isn't useful.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
Group: firefox-core-security → core-security
Component: Untriaged → General
Product: Firefox → Core
(In reply to Andrew McCreight [:mccr8] from comment #1)
> We have people who keep an eye on the Coverity results. Having a giant bug
> like this isn't useful.

Great. Then I hope these will be taken care of. Sorry for the noise.
Group: core-security
You need to log in before you can comment on or make changes to this bug.