New Defects reported by Coverity Scan for sbabic/swupdate

6 views
Skip to first unread message

scan-...@coverity.com

unread,
Jan 15, 2026, 1:04:23 AMJan 15
to swup...@googlegroups.com

Hi,

Please find the latest report on new defect(s) introduced to sbabic/swupdate found with Coverity Scan.

  • New Defects Found: 4
  • 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
  • Defects Shown: Showing 4 of 4 defect(s)

Defect Details

** CID 641264:         (RESOURCE_LEAK)
/core/util.c: 193           in swupdate_remove_directory()
/core/util.c: 199           in swupdate_remove_directory()
/core/util.c: 195           in swupdate_remove_directory()


_____________________________________________________________________________________________
*** CID 641264:           (RESOURCE_LEAK)
/core/util.c: 193             in swupdate_remove_directory()
187     		return -ENOMEM;
188     	}
189     
190     	if (stat(dpath, &path_stat)) {
191     		/* not exist, return ok */
192     		if (errno == ENOENT)
>>>     CID 641264:           (RESOURCE_LEAK)
>>>     Variable "dpath" going out of scope leaks the storage it points to.
193     			return 0;
194     		ERROR("stat for path %s failed: %s", path, strerror(errno));
195     		return -errno;
196     	}
197     	if (!S_ISDIR(path_stat.st_mode)) {
198     		ERROR("Tried to remove %s dir, but it is not a dir", path);
/core/util.c: 199             in swupdate_remove_directory()
193     			return 0;
194     		ERROR("stat for path %s failed: %s", path, strerror(errno));
195     		return -errno;
196     	}
197     	if (!S_ISDIR(path_stat.st_mode)) {
198     		ERROR("Tried to remove %s dir, but it is not a dir", path);
>>>     CID 641264:           (RESOURCE_LEAK)
>>>     Variable "dpath" going out of scope leaks the storage it points to.
199     		return -ENODEV;
200     	}
201     	ret = _is_mount_point(dpath, get_tmpdir());
202     	if (ret < 0)
203     		goto out;
204     
/core/util.c: 195             in swupdate_remove_directory()
189     
190     	if (stat(dpath, &path_stat)) {
191     		/* not exist, return ok */
192     		if (errno == ENOENT)
193     			return 0;
194     		ERROR("stat for path %s failed: %s", path, strerror(errno));
>>>     CID 641264:           (RESOURCE_LEAK)
>>>     Variable "dpath" going out of scope leaks the storage it points to.
195     		return -errno;
196     	}
197     	if (!S_ISDIR(path_stat.st_mode)) {
198     		ERROR("Tried to remove %s dir, but it is not a dir", path);
199     		return -ENODEV;
200     	}

** CID 641263:       Security best practices violations  (TOCTOU)
/core/util.c: 190           in swupdate_remove_directory()


_____________________________________________________________________________________________
*** CID 641263:         Security best practices violations  (TOCTOU)
/core/util.c: 190             in swupdate_remove_directory()
184     	if (asprintf(&dpath, "%s%s", get_tmpdir(), path) ==
185     		ENOMEM_ASPRINTF) {
186     		ERROR("OOM: Directory %s not removed", path);
187     		return -ENOMEM;
188     	}
189     
>>>     CID 641263:         Security best practices violations  (TOCTOU)
>>>     Calling function "stat" to perform check on "dpath".
190     	if (stat(dpath, &path_stat)) {
191     		/* not exist, return ok */
192     		if (errno == ENOENT)
193     			return 0;
194     		ERROR("stat for path %s failed: %s", path, strerror(errno));
195     		return -errno;

** CID 641262:       Error handling issues  (CHECKED_RETURN)
/mongoose/mongoose_interface.c: 661           in upload_handler()


_____________________________________________________________________________________________
*** CID 641262:         Error handling issues  (CHECKED_RETURN)
/mongoose/mongoose_interface.c: 661             in upload_handler()
655     
656     			ipc_end(fus->fd);
657     
658     			mg_http_reply(nc, 200, "%s",
659     								  "Content-Type: text/plain\r\n"
660     								  "Connection: close");
>>>     CID 641262:         Error handling issues  (CHECKED_RETURN)
>>>     Calling "mg_send" without checking return value (as is done elsewhere 28 out of 35 times).
661     			mg_send(nc, "\r\n", 2);
662     			mg_printf(nc, "Ok, %s - %d bytes.\r\n", mp->part.filename, (int) fus->len);
663     			nc->is_draining = 1;
664     
665     			mp->user_data = NULL;
666     			mg_timer_free(&fus->c->mgr->timers, fus->timer);

** CID 641261:       Error handling issues  (CHECKED_RETURN)
/mongoose/mongoose.c: 9429           in mg_sntp_request()


_____________________________________________________________________________________________
*** CID 641261:         Error handling issues  (CHECKED_RETURN)
/mongoose/mongoose.c: 9429             in mg_sntp_request()
9423         uint8_t buf[48] = {0};
9424         uint32_t *t = (uint32_t *) &buf[40];
9425         double frac = ((double) (now % 1000)) / 1000.0 * SNTP_MAX_FRAC;
9426         buf[0] = (0 << 6) | (4 << 3) | 3;
9427         t[0] = mg_htonl((uint32_t) (now / 1000) + SNTP_TIME_OFFSET);
9428         t[1] = mg_htonl((uint32_t) frac);
>>>     CID 641261:         Error handling issues  (CHECKED_RETURN)
>>>     Calling "mg_send" without checking return value (as is done elsewhere 28 out of 35 times).
9429         mg_send(c, buf, sizeof(buf));
9430       }
9431     }
9432     
9433     struct mg_connection *mg_sntp_connect(struct mg_mgr *mgr, const char *url,
9434                                           mg_event_handler_t fn, void *fn_data) {

View Defects in Coverity Scan

Best regards,

The Coverity Scan Admin Team

Reply all
Reply to author
Forward
0 new messages