This code is built without warnings and ignored by Coverity Scan.
CodeSonar found a wide range of issues including buffer overruns,
buffer underruns, questionable type conversions, leaks, etc. This
set of patches addresses all reported issues.
CodeSonar flagged this as a case where the user could inject a format
string and cause issues. Since we were not printing anything but a
string, just switching to puts() rather than fprintf(stdout,...) was
sufficient to make this code safer.
CodeSonar flagged this as an empty if body. Upon analysis, it turned
out to be an error that we think should never occur but if it did,
there is nothing we could do about it. It would likely just indicate
the thread was deleted before we got here. Adding the _Assert() at least
will flag this if it ever occurs during a debug build and we can discuss
what happened.
CodeSonar flagged this as a case where the user could inject a format
string and cause issues. Since we were not printing anything but a
string, just switching to puts() rather than fprintf(stdout,...) was
sufficient to make this code safer.
snprintf() places a limit on the length of the output from sprintf()
and avoids similar buffer overrun issues.
These were flagged by CodeSonar. The assignments on variable declaration
are overridden a few lines below and the other line later with name_size
is where name_size was not used after this assignment.
This was flagged by CodeSonar. It should be impossible to get an
incorrect baud number back but ensure this in debug mode. The _Assert()
keeps their scanner from evaluating for divide by 0 past this point.
CodeSonar detects a possible NULL deference here. But it should never
occur in tested code. Memory for the API Mutexes is reserved by confdefs.h
and are all preallocated when the class of objects is initialized.
Allocating a single instance should never fail.
Make sure also the size is cache aligned since otherwise we may have
some overlap with the next allocation block. A cache invalidate on this
area would be fatal.
Converting 64-bit nanoseconds values into the common struct timeval or
struct timespec formats requires a 64-bit division to get the seconds
value. Performance analysis of high network loads revealed that this is
too costly on ARM.
Methods to print the data were moved from capture-cli into
a support area and are no longer static so that they can
be shared by test routines, or application code that wants
to use the capture engine without the shell interface.
