From: Kruti Date: Tue, 21 May 2024 05:58:12 +0000 (-0700) Subject: [Coverity]: UNINIT in resolutionSet finding from static application X-Git-Tag: stable-12.5.0~77 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9649775dafd0c2666f86357c1f72fb10e0d18c4;p=thirdparty%2Fopen-vm-tools.git [Coverity]: UNINIT in resolutionSet finding from static application security testing (SAST) resolutionSet.c -- 1 issue reported in the file issue: capabilityArray not initialized or partially initialized when reaching the statement. impact: False-positive fix: suppress 'uninit_use_in_call' VMTools_WrapArray converts the capabilityArray to a GArray. The 'wrapped' array is allocated space for capabilityCount elements and only the first capabilityCount elements are COPIED from capabilityArray to the allocated GArray. As such, the uninitialized elements of the capabilityArray are never used to generate the returned GArray. While technically true (uninitialized) there is no reason to zero the array indexes from capabilityCount through to the end of the array as these elements are unused. --- diff --git a/open-vm-tools/services/plugins/resolutionSet/resolutionSet.c b/open-vm-tools/services/plugins/resolutionSet/resolutionSet.c index 4cc9bd164..d4f7293d7 100644 --- a/open-vm-tools/services/plugins/resolutionSet/resolutionSet.c +++ b/open-vm-tools/services/plugins/resolutionSet/resolutionSet.c @@ -1,5 +1,6 @@ /********************************************************* - * Copyright (C) 2008-2018 VMware, Inc. All rights reserved. + * Copyright (c) 2008-2024 Broadcom. All rights reserved. + * The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as published @@ -510,6 +511,12 @@ ResolutionSetCapabilities(gpointer src, ASSERT(capabilityCount <= RESOLUTION_SET_CAPABILITIES_MAX); + /* + * VMTools_WrapArray copies the first capabilityCount elements from + * capabilityArray to the returned GArray. The uninitialized elements are not + * used. + */ + /* coverity[uninit_use_in_call] */ return VMTools_WrapArray(capabilityArray, sizeof *capabilityArray, capabilityCount);