security testing (SAST)
resolutionSet.c -- 1 issue reported in the file
issue: capabilityArray not initialized or partially initialized when
reaching the statement.
impact: False-positive
fix: suppress 'uninit_use_in_call'
VMTools_WrapArray converts the capabilityArray to a GArray.
The 'wrapped' array is allocated space for capabilityCount elements and
only the first capabilityCount elements are COPIED from capabilityArray
to the allocated GArray. As such, the uninitialized elements of the
capabilityArray are never used to generate the returned GArray. While
technically true (uninitialized) there is no reason to zero the array
indexes from capabilityCount through to the end of the array as these
elements are unused.
/*********************************************************
- * Copyright (C) 2008-2018 VMware, Inc. All rights reserved.
+ * Copyright (c) 2008-2024 Broadcom. All rights reserved.
+ * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
ASSERT(capabilityCount <= RESOLUTION_SET_CAPABILITIES_MAX);
+ /*
+ * VMTools_WrapArray copies the first capabilityCount elements from
+ * capabilityArray to the returned GArray. The uninitialized elements are not
+ * used.
+ */
+ /* coverity[uninit_use_in_call] */
return VMTools_WrapArray(capabilityArray,
sizeof *capabilityArray,
capabilityCount);
projects / thirdparty / open-vm-tools.git / commitdiff
