diff -up diffutils-3.10/lib/nstrftime.c.orig diffutils-3.10/lib/nstrftime.c --- diffutils-3.10/lib/nstrftime.c.orig 2023-05-20 11:05:07.000000000 +0200 +++ diffutils-3.10/lib/nstrftime.c 2024-07-30 16:36:42.914438967 +0200 @@ -882,6 +882,7 @@ __strftime_internal (STREAM_OR_CHAR_T *s *u = '\0'; len = strftime (ubuf, sizeof ubuf, ufmt, tp); if (len != 0) + /* coverity[verrun-buffer-arg: FALSE] */ cpy (len - 1, ubuf + 1); } break; @@ -1044,10 +1045,13 @@ __strftime_internal (STREAM_OR_CHAR_T *s i += padding; width -= padding; } + /* coverity[bad_memset : FALSE] */ + /* coverity[overrun-buffer-arg : FALSE] */ width_add1 (0, sign_char); width--; } + /* coverity[bad_memset : FALSE] */ cpy (numlen, bufp); } break; @@ -1126,7 +1130,9 @@ __strftime_internal (STREAM_OR_CHAR_T *s buf[j - 1] = n % 10 + L_('0'), n /= 10; if (!pad) pad = L_('0'); + /* coverity[bad_memset : FALSE] */ width_cpy (0, ndigs, buf); + /* coverity[bad_memset : FALSE] */ width_add (width - ndigs, 0, (void) 0); } break; @@ -1495,6 +1501,7 @@ __strftime_internal (STREAM_OR_CHAR_T *s since this is most likely the right thing to do if a multibyte string has been misparsed. */ bad_format: + /* coverity[bad_memset : FALSE] */ cpy (f - percent + 1, percent); break; } diff -up diffutils-3.10/lib/regcomp.c.orig diffutils-3.10/lib/regcomp.c --- diffutils-3.10/lib/regcomp.c.orig 2024-07-30 16:42:46.745614022 +0200 +++ diffutils-3.10/lib/regcomp.c 2024-07-30 16:45:16.815548192 +0200 @@ -1175,6 +1175,8 @@ analyze (regex_t *preg) dfa->inveclosures = re_malloc (re_node_set, dfa->nodes_len); if (__glibc_unlikely (dfa->inveclosures == NULL)) return REG_ESPACE; + /* The 'postorder' function initializes that memory */ + /* coverity[alloc_fn: FALSE] */ ret = calc_inveclosure (dfa); } diff -up diffutils-3.10/lib/sigsegv.c.orig diffutils-3.10/lib/sigsegv.c --- diffutils-3.10/lib/sigsegv.c.orig 2023-05-20 11:05:07.000000000 +0200 +++ diffutils-3.10/lib/sigsegv.c 2024-07-30 16:36:42.914438967 +0200 @@ -1459,6 +1459,7 @@ stackoverflow_deinstall_handler (void) { stack_t ss; ss.ss_flags = SS_DISABLE; + /* coverity[uninit_use_in_call : FALSE] */ if (sigaltstack (&ss, (stack_t *) 0) < 0) perror ("gnulib sigsegv (stackoverflow_deinstall_handler)"); } diff -up diffutils-3.10/lib/stackvma.c.orig diffutils-3.10/lib/stackvma.c --- diffutils-3.10/lib/stackvma.c.orig 2023-01-30 01:17:41.000000000 +0100 +++ diffutils-3.10/lib/stackvma.c 2024-07-30 16:38:45.404872853 +0200 @@ -176,7 +176,7 @@ rof_open (struct rofile *rof, const char /* Attempt to read the contents in a single system call. */ if (size > MIN_LEFTOVER) { - int n = read (fd, rof->buffer, size); + size_t n = read (fd, rof->buffer, size); if (n < 0 && errno == EINTR) goto retry; # if defined __DragonFly__ @@ -186,7 +186,7 @@ rof_open (struct rofile *rof, const char if (n <= 0) /* Empty file. */ goto fail1; - if (n + MIN_LEFTOVER <= size) + if (MIN_LEFTOVER <= size -n) { /* The buffer was sufficiently large. */ rof->filled = n; @@ -195,21 +195,23 @@ rof_open (struct rofile *rof, const char large enough. We need the equivalent of full_read(). */ for (;;) { + /* rof->filled cannot exceed size (due to the buffer size check), the subtraction is unlikely to overflow. */ + /* coverity[overflow_sink : FALSE] */ n = read (fd, rof->buffer + rof->filled, size - rof->filled); if (n < 0 && errno == EINTR) goto retry; if (n < 0) /* Some error. */ goto fail1; - if (n + MIN_LEFTOVER > size - rof->filled) - /* Allocate a larger buffer. */ - break; if (n == 0) { /* Reached the end of file. */ close (fd); return 0; } + if (size - rof->filled - n < MIN_LEFTOVER) + /* Allocate a larger buffer. */ + break; rof->filled += n; } # else diff -up diffutils-3.10/lib/time_rz.c.orig diffutils-3.10/lib/time_rz.c --- diffutils-3.10/lib/time_rz.c.orig 2023-01-02 02:20:08.000000000 +0100 +++ diffutils-3.10/lib/time_rz.c 2024-07-30 16:36:42.914438967 +0200 @@ -303,10 +303,12 @@ mktime_z (timezone_t tz, struct tm *tm) time_t t = mktime (&tm_1); bool ok = 0 <= tm_1.tm_yday; #if HAVE_STRUCT_TM_TM_ZONE || HAVE_TZNAME + /* coverity[uninit_use_in_call : FALSE] */ ok = ok && save_abbr (tz, &tm_1); #endif if (revert_tz (old_tz) && ok) { + /* coverity[uninit_use : FALSE] */ *tm = tm_1; return t; } diff -up diffutils-3.10/src/analyze.c.orig diffutils-3.10/src/analyze.c --- diffutils-3.10/src/analyze.c.orig 2023-05-20 11:17:26.000000000 +0200 +++ diffutils-3.10/src/analyze.c 2024-07-30 16:36:42.915438987 +0200 @@ -689,6 +689,7 @@ diff_2_files (struct comparison *cmp) for (f = 0; f < 2; f++) { free (cmp->file[f].equivs); + /* coverity[offset_free : FALSE] */ free (cmp->file[f].linbuf + cmp->file[f].linbuf_base); } diff -up diffutils-3.10/src/diff3.c.orig diffutils-3.10/src/diff3.c --- diffutils-3.10/src/diff3.c.orig 2023-05-20 11:17:26.000000000 +0200 +++ diffutils-3.10/src/diff3.c 2024-07-30 16:36:42.915438987 +0200 @@ -798,6 +798,8 @@ using_to_diff3_block (struct diff_block D_LINEARRAY (result, FILEC) + result_offset, D_LENARRAY (result, FILEC) + result_offset, D_NUMLINES (ptr, FC))) + /* There is a potential resource leak here, but it is not important */ + /* coverity[leaked_storage : FALSE] */ return 0; } @@ -827,6 +829,8 @@ using_to_diff3_block (struct diff_block D_LINEARRAY (result, FILE0 + d) + result_offset, D_LENARRAY (result, FILE0 + d) + result_offset, D_NUMLINES (ptr, FO))) + /* There is a potential resource leak here, but it is not important */ + /* coverity[leaked_storage : FALSE] */ return 0; /* Catch the lines between here and the next diff */ diff -up diffutils-3.10/src/diff.c.orig diffutils-3.10/src/diff.c --- diffutils-3.10/src/diff.c.orig 2024-07-30 16:35:17.766783183 +0200 +++ diffutils-3.10/src/diff.c 2024-07-30 16:36:42.915438987 +0200 @@ -429,6 +429,7 @@ main (int argc, char **argv) sizeof C_ifdef_group_formats - 7 /* 7*"@" */, &alloc)) xalloc_die (); + /* coverity[alloc_strlen : FALSE] */ char *b = xmalloc (alloc); char *base = b; int changes = 0; diff -up diffutils-3.10/src/ifdef.c.orig diffutils-3.10/src/ifdef.c --- diffutils-3.10/src/ifdef.c.orig 2023-02-19 19:04:39.000000000 +0100 +++ diffutils-3.10/src/ifdef.c 2024-07-30 16:36:42.915438987 +0200 @@ -361,6 +361,7 @@ do_printf_spec (FILE *out, char const *s format spec "%3lx". Here the spec prefix is "%3". */ size_t spec_prefix_len = f - spec - 2; size_t pI_len = sizeof pI - 1; + /* coverity[bad_alloc_arithmetic : FALSE] */ char *format = xmalloca (spec_prefix_len + pI_len + 2); char *p = mempcpy (format, spec, spec_prefix_len); p = stpcpy (p, pI);