multiple defects found by covscan in iprutils-2.4.19

[ngothan]

There are multiple defects in iprutils-2.4.19 found by covscan. It could be some of them are false positives.
Thanks!

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:8285: var_decl: Declaring variable "phy_loc" without initializer.
iprutils-rel-2-4-19/iprconfig.c:8356: uninit_use_in_call: Using uninitialized value "*phy_loc" when calling "get_dev_for_slot_64bit".
# 8354|
# 8355| if (ioa->sis64)
# 8356|-> dev = get_dev_for_slot_64bit(ses, elem_status->slot_id, phy_loc);
# 8357| else
# 8358| dev = get_dev_for_slot(ses, elem_status->slot_id, is_vses, phy_loc);

Error: OVERRUN (CWE-119):
iprutils-rel-2-4-19/iprlib.c:9359: overrun-local: Overrunning array of 6 bytes at byte offset 7 by dereferencing pointer "(u64 *)get_time.timestamp".
# 9357|
# 9358| *origin = !!get_time.timestamp_origin;
# 9359|-> *timestamp = be64toh(*((u64*) get_time.timestamp)) >> 16;
# 9360| return 0;
# 9361| }

Error: BUFFER_SIZE (CWE-170):
iprutils-rel-2-4-19/iprlib.c:6258: buffer_size_warning: Calling "strncpy" with a maximum size argument of 8 bytes on destination array "array->prot_level_str" of size 8 bytes might leave the destination string unterminated.
# 6256| prot_level_str = get_prot_level_str(ioa->supported_arrays,
# 6257| array->raid_level);
# 6258|-> strncpy(array->prot_level_str, prot_level_str, 8);
# 6259| }
# 6260|

Error: USE_AFTER_FREE (CWE-416):
iprutils-rel-2-4-19/iprconfig.c:12606: closed_arg: "close(int)" closes "log_fd".
iprutils-rel-2-4-19/iprconfig.c:12620: double_close: Calling "close(int)" closes handle "log_fd" which has already been closed.
#12618| }
#12619|
#12620|-> close(log_fd);
#12621| rc = invoke_editor(tmp_log);
#12622| free(tmp_log);

Error: CPPCHECK_WARNING (CWE-404):
iprutils-rel-2-4-19/iprlib.c:7041: error[resourceLeak]: Resource leak: fd
# 7039| if (temp_fd == NULL) {
# 7040| syslog(LOG_ERR, "Could not open %s. %m\n", temp_fname);
# 7041|-> return;
# 7042| }
# 7043|

Error: STRING_SIZE (CWE-120):
iprutils-rel-2-4-19/iprconfig.c:19489: string_size_argv: "argv" contains strings with unknown size.
iprutils-rel-2-4-19/iprconfig.c:19517: string_size: Passing string "argv[i]" of unknown size to "strcpy", which expects a string of a particular size. [Note: The source code implementation of the function has been overridden by#19515| next_editor = 0;
#19516| } else if (next_dir) {
#19517|-> strcpy(parm_dir, argv[i]);
#19518| next_dir = 0;
#19519| } else if (next_cmd) {

Error: USE_AFTER_FREE (CWE-416):
iprutils-rel-2-4-19/iprconfig.c:12528: closed_arg: "close(int)" closes "log_fd".
iprutils-rel-2-4-19/iprconfig.c:12538: double_close: Calling "close(int)" closes handle "log_fd" which has already been closed.
#12536| }
#12537|
#12538|-> close(log_fd);
#12539| rc = invoke_editor(tmp_log);
#12540| free(tmp_log);

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:2486: var_decl: Declaring variable "scsi_id" without initializer.
iprutils-rel-2-4-19/iprconfig.c:2611: uninit_use_in_call: Using uninitialized value "scsi_id" when calling "sprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
# 2609| body = add_line_to_body(body, _("SCSI Channel"), buffer);
# 2610|
# 2611|-> sprintf(buffer, "%d", scsi_id);
# 2612| body = add_line_to_body(body, _("SCSI Id"), buffer);
# 2613|

Error: USE_AFTER_FREE (CWE-672):
iprutils-rel-2-4-19/iprconfig.c:12528: closed_arg: "close(int)" closes "log_fd".
iprutils-rel-2-4-19/iprconfig.c:12533: pass_closed_arg: Passing closed handle "log_fd" as an argument to "write".
#12531|
#12532| while (gzgets(logsource_fp, line, sizeof(line)))
#12533|-> write(log_fd, line, strlen(line));
#12534| gzclose(logsource_fp);
#12535| dirent++;

Error: COMPILER_WARNING:
iprutils-rel-2-4-19/iprdump.c: scope_hint: In function ‘dump_ioa’
iprutils-rel-2-4-19/iprdump.c:229:31: warning[-Wformat-overflow=]: ‘%s’ directive writing up to 99 bytes into a region of size between 1 and 100
# 229 | sprintf(dump_path, "%s%s", usr_dir, dump_file);
# |                ^~ ~~~~~~~~~
/usr/include/bits/stdio2.h:30:10: note: ‘__sprintf_chk’ output between 1 and 199 bytes into a destination of size 100
# 30 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 31 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 32 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 227| return;
# 228|
# 229|-> sprintf(dump_path, "%s%s", usr_dir, dump_file);
# 230| f_dump = creat(dump_path, S_IRUSR);
# 231| if (f_dump < 0) {

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:18225: var_decl: Declaring variable "attr" without initializer.
iprutils-rel-2-4-19/iprconfig.c:18266: uninit_use_in_call: Using uninitialized value "attr.vset_write_cache" when calling "ipr_set_ioa_attr".
#18264| attr.disable_rebuild_verify = disable_rebuild_verify;
#18265|
#18266|-> rc = ipr_set_ioa_attr(ioa, &attr, 1);
#18267| if (rc) {
#18268| scsi_err(ioa->dev, "Unable to %s array rebuild verification.",

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:2486: var_decl: Declaring variable "scsi_lun" without initializer.
iprutils-rel-2-4-19/iprconfig.c:2614: uninit_use_in_call: Using uninitialized value "scsi_lun" when calling "sprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
# 2612| body = add_line_to_body(body, _("SCSI Id"), buffer);
# 2613|
# 2614|-> sprintf(buffer, "%d", scsi_lun);
# 2615| body = add_line_to_body(body, _("SCSI Lun"), buffer);
# 2616|

Error: OVERRUN (CWE-119):
iprutils-rel-2-4-19/iprdump.c:350: cond_at_most: Checking "len < 100UL" implies that "len" may be up to 99 on the true branch.
iprutils-rel-2-4-19/iprdump.c:352: overrun-local: Overrunning array "usr_dir" of 100 bytes at byte offset 101 using index "len + 2" (which evaluates to 101).
# 350| if (len < sizeof(usr_dir) && usr_dir[len] != '/') {
# 351| usr_dir[len + 1] = '/';
# 352|-> usr_dir[len + 2] = '\0';
# 353| }
# 354| } else {

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:7561: var_decl: Declaring variable "res_addr" without initializer.
iprutils-rel-2-4-19/iprconfig.c:7589: uninit_use_in_call: Using uninitialized value "res_addr.host" when calling "num_device_opens".
# 7587| if (!ipr_can_remove_device(dev))
# 7588| return INVALID_OPTION_STATUS; /* FIXME */
# 7589|-> } else if (num_device_opens(res_addr.host, res_addr.bus,
# 7590| res_addr.target, res_addr.lun))
# 7591| return INVALID_OPTION_STATUS; /* FIXME */

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:12568: var_decl: Declaring variable "line" without initializer.
iprutils-rel-2-4-19/iprconfig.c:12605: uninit_use_in_call: Using uninitialized value "*line" as argument to "%s" when calling "syslog". [Note: The source code implementation of the function has been overridden by a builtin model.]
#12603| logsource_fp = gzopen(logfile, "r");
#12604| if (logsource_fp == NULL) {
#12605|-> syslog(LOG_ERR, "Could not open %s: %m\n", line);
#12606| close(log_fd);
#12607| continue; /* proceed to next log file */

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:3316: var_decl: Declaring variable "vset" without initializer.
iprutils-rel-2-4-19/iprconfig.c:3367: uninit_use: Using uninitialized value "vset".
# 3365| rc = ipr_stop_array_protection(ioa);
# 3366| if (rc != 0) {
# 3367|-> if (vset->scsi_dev_data) {
# 3368| ra = &vset->res_addr[0];
# 3369| ipr_scan(vset->ioa, ra->bus, ra->target, ra->lun);

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:13423: var_decl: Declaring variable "product_id" without initializer.
iprutils-rel-2-4-19/iprconfig.c:13654: uninit_use_in_call: Using uninitialized value "*product_id" as argument to "%-19s" when calling "sprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
#13652| }
#13653| if (hw_loc) {
#13654|-> len += sprintf(body + len, "%-19s ",
#13655| product_id);
#13656| }

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:7561: var_decl: Declaring variable "res_addr" without initializer.
iprutils-rel-2-4-19/iprconfig.c:7589: uninit_use_in_call: Using uninitialized value "res_addr.lun" when calling "num_device_opens".
# 7587| if (!ipr_can_remove_device(dev))
# 7588| return INVALID_OPTION_STATUS; /* FIXME */
# 7589|-> } else if (num_device_opens(res_addr.host, res_addr.bus,
# 7590| res_addr.target, res_addr.lun))
# 7591| return INVALID_OPTION_STATUS; /* FIXME */

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:11450: var_decl: Declaring variable "ioa_attr" without initializer.
iprutils-rel-2-4-19/iprconfig.c:11621: uninit_use_in_call: Using uninitialized value "ioa_attr.vset_write_cache" when calling "ipr_set_ioa_attr".
#11619|
#11620| processing();
#11621|-> rc = ipr_set_ioa_attr(dev->ioa, &ioa_attr, 1);
#11622| check_current_config(false);
#11623|

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:12490: var_decl: Declaring variable "line" without initializer.
iprutils-rel-2-4-19/iprconfig.c:12527: uninit_use_in_call: Using uninitialized value "*line" as argument to "%s" when calling "syslog". [Note: The source code implementation of the function has been overridden by a builtin model.]
#12525| logsource_fp = gzopen(logfile, "r");
#12526| if (logsource_fp == NULL) {
#12527|-> syslog(LOG_ERR, "Could not open %s: %m\n", line);
#12528| close(log_fd);
#12529| continue; /* proceed to next log file */

Error: USE_AFTER_FREE (CWE-672):
iprutils-rel-2-4-19/iprconfig.c:12422: closed_arg: "close(int)" closes "log_fd".
iprutils-rel-2-4-19/iprconfig.c:12455: pass_closed_arg: Passing closed handle "log_fd" as an argument to "write".
#12453| }
#12454|
#12455|-> write(log_fd, line, strlen(line));
#12456| }
#12457| gzclose(logsource_fp);

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:12920: var_decl: Declaring variable "sense_data" without initializer.
iprutils-rel-2-4-19/iprconfig.c:12999: uninit_use: Using uninitialized value "sense_data.add_sense_code_qual".
#12997| status = ipr_mode_sense(dev, 0x0a, &mode_pages);
#12998|
#12999|-> if (status == CHECK_CONDITION &&
#13000| sense_data.add_sense_code == 0x31 &&
#13001| sense_data.add_sense_code_qual == 0x00) {

Error: STRING_OVERFLOW (CWE-120):
iprutils-rel-2-4-19/iprlib.c:2066: string_overflow: You might overrun the 1024-character destination string "ioa->physical_location" by writing 4096 characters from "pci_slot[i].physical_name".
# 2064|
 strcmp(pci_slot[i].slot_name, ioa->pci_address))
# 2065| continue;
# 2066|-> strcpy(ioa->physical_location,
# 2067| pci_slot[i].physical_name);
# 2068| break;

Error: COMPILER_WARNING:
iprutils-rel-2-4-19/iprconfig.c: scope_hint: In function ‘configure_raid_parameters’
iprutils-rel-2-4-19/iprconfig.h:14:19: warning[-Wformat-overflow=]: ‘ - recommend’ directive writing 12 bytes into a region of size between 9 and 24
# 14 | #define _(string) (string)
# |              ^~~~~~~~
/usr/include/bits/stdio2.h:30:10: note: ‘__sprintf_chk’ output between 13 and 28 bytes into a destination of size 24
# 30 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
# | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 31 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 32 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 12| **/
# 13|
# 14|-> #define _(string) (string)
# 15| #define __(string) (string)
# 16| #define EXIT_FLAG0x8000/* stops at given screen on exit call */

Error: STRING_SIZE (CWE-120):
iprutils-rel-2-4-19/iprconfig.c:19489: string_size_argv: "argv" contains strings with unknown size.
iprutils-rel-2-4-19/iprconfig.c:19520: string_size: Passing string "argv[i]" of unknown size to "strcpy", which expects a string of a particular size. [Note: The source code implementation of the function has been overridden by a builtin model.]
#19518| next_dir = 0;
#19519| } else if (next_cmd) {
#19520|-> strcpy(cmd, argv[i]);
#19521| non_intenactive = 1;
#19522| next_cmd = 0;

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:12377: var_decl: Declaring variable "line" without initializer.
iprutils-rel-2-4-19/iprconfig.c:12421: uninit_use_in_call: Using uninitialized value "*line" as argument to "%s" when calling "syslog". [Note: The source code implementation of the function has been overridden by a builtin model.]
#12419| logsource_fp = gzopen(logfile, "r");
#12420| if (logsource_fp == NULL) {
#12421|-> syslog(LOG_ERR, "Could not open %s: %m\n", line);
#12422| close(log_fd);
#12423| continue; /* proceed to next log file */

Error: USE_AFTER_FREE (CWE-416):
iprutils-rel-2-4-19/iprconfig.c:12422: closed_arg: "close(int)" closes "log_fd".
iprutils-rel-2-4-19/iprconfig.c:12461: double_close: Calling "close(int)" closes handle "log_fd" which has already been closed.
#12459| }
#12460|
#12461|-> close(log_fd);
#12462| rc = invoke_editor(tmp_log);
#12463| free(tmp_log);

Error: STRING_OVERFLOW (CWE-120):
iprutils-rel-2-4-19/iprlib.c:2155: string_overflow: You might overrun the 16-character destination string "ipr_ioa->host_name" by writing 256 characters from "host_dent->d_name".
# 2153| continue;
# 2154|
# 2155|-> strcpy(ipr_ioa->host_name, host_dent->d_name);
# 2156| get_pci_attrs(ipr_ioa, devpath);
# 2157|

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:7561: var_decl: Declaring variable "res_addr" without initializer.
iprutils-rel-2-4-19/iprconfig.c:7589: uninit_use_in_call: Using uninitialized value "res_addr.target" when calling "num_device_opens".
# 7587| if (!ipr_can_remove_device(dev))
# 7588| return INVALID_OPTION_STATUS; /* FIXME */
# 7589|-> } else if (num_device_opens(res_addr.host, res_addr.bus,
# 7590| res_addr.target, res_addr.lun))
# 7591| return INVALID_OPTION_STATUS; /* FIXME */

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:7489: var_decl: Declaring variable "rc" without initializer.
iprutils-rel-2-4-19/iprconfig.c:7532: uninit_use: Using uninitialized value "rc".
# 7530| }/*for_each_elem_status*/
# 7531|
# 7532|-> return rc;
# 7533|
# 7534| }

Error: COMPILER_WARNING:
iprutils-rel-2-4-19/iprdump.c: scope_hint: In function ‘dump_ioa’
iprutils-rel-2-4-19/iprdump.c:165:43: warning[-Wformat-overflow=]: ‘%s’ directive writing up to 255 bytes into a region of size between 1 and 100
# 165 | sprintf(fname, "%s%s", usr_dir, dirent[i]->d_name);
# |              ^~
/usr/include/bits/stdio2.h:30:10: note: ‘__sprintf_chk’ output between 1 and 355 bytes into a destination of size 100
# 30 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
# |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 31 | __glibc_objsize (__s), __fmt,
# | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# 32 | __va_arg_pack ());
# | ~~~~~~~~~~~~~~~~~
# 163| if (rc > 0) {
# 164| for (i = 0 ; i < (rc - MAX_DUMP_FILES); i++) {
# 165|-> sprintf(fname, "%s%s", usr_dir, dirent[i]->d_name);
# 166| if (remove(fname)) {
# 167| syslog(LOG_ERR, "Delete of %s%s failed. %m\n",
Error: UNINIT (CWE-457):

iprutils-rel-2-4-19/iprlib.c:2104: var_decl: Declaring variable "fw_type" without initializer.
iprutils-rel-2-4-19/iprlib.c:2181: uninit_use: Using uninitialized value "fw_type".
# 2179| continue;
# 2180| }
# 2181|-> if (fw_type == IPR_SIS64) {
# 2182| sprintf(devpath, "/sys/bus/scsi/devices/%d:%d:0:0",
# 2183| ipr_ioa->host_num, IPR_IOAFP_VIRTUAL_BUS);

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:2486: var_decl: Declaring variable "scsi_channel" without initializer.
iprutils-rel-2-4-19/iprconfig.c:2608: uninit_use_in_call: Using uninitialized value "scsi_channel" when calling "sprintf". [Note: The source code implementation of the function has been overridden by a builtin model.]
# 2606| body = add_line_to_body(body, _("SCSI Host Number"), buffer);
# 2607|
# 2608|-> sprintf(buffer, "%d", scsi_channel);
# 2609| body = add_line_to_body(body, _("SCSI Channel"), buffer);
# 2610|

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:2636: var_decl: Declaring variable "esm_vpd_inq" without initializer.
iprutils-rel-2-4-19/iprconfig.c:2677: uninit_use_in_call: Using uninitialized element of array "esm_vpd_inq.frb_label" when calling "ipr_strncpy_0".
# 2675| if (ret == 0 ) {
# 2676| ipr_strncpy_0((char *)&dev->serial_number, (char *)&esm_vpd_inq.esm_serial_num[0], sizeof(esm_vpd_inq.esm_serial_num));
# 2677|-> ipr_strncpy_0(buffer, (char *)esm_vpd_inq.frb_label,
# 2678| sizeof(esm_vpd_inq.frb_label));
# 2679| strncat(dev->physical_location, "-", strlen("-"));

Error: STRING_OVERFLOW (CWE-120):
iprutils-rel-2-4-19/iprlib.c:2135: string_overflow: You might overrun the 16-character destination string "ipr_ioa->pci_address" by writing 256 characters from "dent->d_name".
# 2133|
# 2134| /* PCI address */
# 2135|-> strcpy(ipr_ioa->pci_address, dent->d_name);
# 2136| ipr_ioa->host_num = -1;
# 2137| sprintf(devpath, "/sys/bus/pci/drivers/ipr/%s",

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:18321: var_decl: Declaring variable "attr" without initializer.
iprutils-rel-2-4-19/iprconfig.c:18367: uninit_use_in_call: Using uninitialized value "attr.vset_write_cache" when calling "ipr_set_ioa_attr".
#18365| attr.rebuild_rate = rebuild_rate;
#18366|
#18367|-> rc = ipr_set_ioa_attr(ioa, &attr, 1);
#18368| if (rc) {
#18369| scsi_err(ioa->dev, "Unable to set rebuild rate value %d",

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:8285: var_decl: Declaring variable "phy_loc" without initializer.
iprutils-rel-2-4-19/iprconfig.c:8366: uninit_use_in_call: Using uninitialized value "*phy_loc" when calling "alloc_empty_slot_64bit".
# 8364| else if (!dev) {
# 8365| if (ioa->sis64)
# 8366|-> dev = alloc_empty_slot_64bit(ses, elem_status->slot_id, is_vses, phy_loc);
# 8367| else
# 8368| dev = alloc_empty_slot(ses, elem_status->slot_id, is_vses, phy_loc);

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:3718: var_decl: Declaring variable "stripe_sz_list" without initializer.
iprutils-rel-2-4-19/iprconfig.c:3998: uninit_use: Using uninitialized value "stripe_sz_list[*retptr]".
# 3996| rc = display_menu(raid_item, start_row, index, &retptr);
# 3997| if (rc == RC_SUCCESS)
# 3998|-> stripe_sz = stripe_sz_list[*retptr];
# 3999| } else if (cur_field_index == 3) {
# 4000| start_row = 10;

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:14012: var_decl: Declaring variable "blksz" without initializer.
iprutils-rel-2-4-19/iprconfig.c:14047: uninit_use_in_call: Using uninitialized value "blksz" when calling "add_format_device".
#14045| }
#14046|
#14047|-> add_format_device(dev, blksz);
#14048| dev_init_tail->do_init = 1;
#14049| }

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:17050: var_decl: Declaring variable "cap" without initializer.
iprutils-rel-2-4-19/iprconfig.c:17080: uninit_use: Using uninitialized value "cap".
#17078| }
#17079|
#17080|-> if (!cap) {
#17081| fprintf(stderr, "RAID level %s is unsupported.\n", args[1]);
#17082| return -EINVAL;

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:17782: var_decl: Declaring variable "phy_loc" without initializer.
iprutils-rel-2-4-19/iprconfig.c:17835: uninit_use_in_call: Using uninitialized value "*phy_loc" when calling "get_dev_for_slot_64bit".
#17833|
#17834| if (ioa->sis64)
#17835|-> dev = get_dev_for_slot_64bit(ses, elem_status->slot_id, phy_loc);
#17836| else
#17837| dev = get_dev_for_slot(ses, elem_status->slot_id, is_vses, phy_loc);

Error: BUFFER_SIZE (CWE-170):
iprutils-rel-2-4-19/iprlib.c:6266: buffer_size_warning: Calling "strncpy" with a maximum size argument of 8 bytes on destination array "dev->prot_level_str" of size# 6264| strncpy(vset->prot_level_str, prot_level_str, 8);
# 6265| for_each_dev_in_vset(vset, dev)
# 6266|-> strncpy(dev->prot_level_str, prot_level_str, 8);
# 6267| }
# 6268| }

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprlib.c:9779: var_decl: Declaring variable "attr" without initializer.
iprutils-rel-2-4-19/iprlib.c:9784: uninit_use_in_call: Using uninitialized value "attr" when calling "memcmp".
# 9782| if (ipr_set_dasd_timeouts(dev, 0))
# 9783| return;
# 9784|-> if (polling_mode && (!dev->should_init && !memcmp(&attr, &dev->attr, sizeof(attr))))
# 9785|
 return;
# 9786| if (polling_mode && !dev_init_allowed(dev))

Error: USE_AFTER_FREE (CWE-672):
iprutils-rel-2-4-19/iprconfig.c:12606: closed_arg: "close(int)" closes "log_fd".
iprutils-rel-2-4-19/iprconfig.c:12614: pass_closed_arg: Passing closed handle "log_fd" as an argument to "write".
#12612| if (strstr(line, "iprconfig") == NULL)
#12613| continue;
#12614|-> write(log_fd, line, strlen(line));
#12615| }
#12616| gzclose(logsource_fp);

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:8285: var_decl: Declaring variable "phy_loc" without initializer.
iprutils-rel-2-4-19/iprconfig.c:8340: uninit_use_in_call: Using uninitialized value "*phy_loc" when calling "alloc_empty_slot_64bit".
# 8338| if (elem_status->status == IPR_DRIVE_ELEM_STATUS_EMPTY) {
# 8339| if (ioa->sis64) {
# 8340|-> dev = alloc_empty_slot_64bit(ses, elem_status->slot_id, is_vses, phy_loc);
# 8341| if (!search_empty_dev64(dev, devs, num_devs)){
# 8342| devs = realloc(devs, (sizeof(struct ipr_dev *) * (num_devs + 1)));
8 bytes might leave the destination string unterminated.

Error: RESOURCE_LEAK (CWE-772):
iprutils-rel-2-4-19/iprlib.c:9175: alloc_fn: Storage is returned from allocation function "opendir".
iprutils-rel-2-4-19/iprlib.c:9175: var_assign: Assigning: "dir" = storage returned from "opendir(hotplug_dir)".
iprutils-rel-2-4-19/iprlib.c:9179: overwrite_var: Overwriting "dir" in "dir = opendir(hotplug_dir)" leaks the storage that "dir" points to.
# 9177| mkdir(hotplug_dir, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
# 9178|
# 9179|-> dir = opendir(hotplug_dir);
# 9180| if (!dir) {
# 9181| syslog(LOG_ERR, "Failed to open %s. %m\n", hotplug_dir);

Error: STRING_SIZE (CWE-120):
iprutils-rel-2-4-19/iprdump.c:336: string_size_argv: "argv" contains strings with unknown size.
iprutils-rel-2-4-19/iprdump.c:348: string_size: Passing string "argv[++i]" of unknown size to "strcpy", which expects a string of a particular size. [Note: The source# 346| continue;
# 347| if (strcmp(argv[i], "-d") == 0) {
# 348|-> strcpy(usr_dir,argv[++i]);
# 349| len = strlen(usr_dir);
# 350| if (len < sizeof(usr_dir) && usr_dir[len] != '/') {

Error: OVERRUN (CWE-119):
iprutils-rel-2-4-19/iprdump.c:350: cond_at_most: Checking "len < 100UL" implies that "len" may be up to 99 on the true branch.
iprutils-rel-2-4-19/iprdump.c:351: overrun-local: Overrunning array "usr_dir" of 100 bytes at byte offset 100 using index "len + 1" (which evaluates to 100).
# 349| len = strlen(usr_dir);
# 350| if (len < sizeof(usr_dir) && usr_dir[len] != '/') {
# 351|-> usr_dir[len + 1] = '/';
# 352| usr_dir[len + 2] = '\0';
# 353| }

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:12920: var_decl: Declaring variable "sense_data" without initializer.
iprutils-rel-2-4-19/iprconfig.c:12999: uninit_use: Using uninitialized value "sense_data.add_sense_code".
#12997| status = ipr_mode_sense(dev, 0x0a, &mode_pages);
#12998|
#12999|-> if (status == CHECK_CONDITION &&
#13000|
 sense_data.add_sense_code == 0x31 &&
#13001| sense_data.add_sense_code_qual == 0x00) {

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:4758: var_decl: Declaring variable "cap" without initializer.
iprutils-rel-2-4-19/iprconfig.c:4770: uninit_use: Using uninitialized value "cap".
# 4768| }
# 4769|
# 4770|-> if (!cap) {
# 4771| fprintf(stderr, "RAID level %s is unsupported.\n", raid_level);
# 4772| return -EINVAL;

Error: BUFFER_SIZE (CWE-170):
iprutils-rel-2-4-19/iprlib.c:6264: buffer_size_warning: Calling "strncpy" with a maximum size argument of 8 bytes on destination array "vset->prot_level_str" of size 8 bytes might leave the destination string unterminated.
# 6262| prot_level_str = get_prot_level_str(ioa->supported_arrays,
# 6263|
 vset->raid_level);
# 6264|-> strncpy(vset->prot_level_str, prot_level_str, 8);
# 6265| for_each_dev_in_vset(vset, dev)
# 6266| strncpy(dev->prot_level_str, prot_level_str, 8);

Error: STRING_SIZE (CWE-120):
iprutils-rel-2-4-19/iprconfig.c:19489: string_size_argv: "argv" contains strings with unknown size.
iprutils-rel-2-4-19/iprconfig.c:19514: string_size: Passing string "argv[i]" of unknown size to "strcpy", which expects a string of a particular size. [Note: The source code implementation of the function has been overridden by a builtin model.]
#19512| continue;
#19513| else if (next_editor){
#19514|-> strcpy(parm_editor, argv[i]);
#19515| next_editor = 0;
#19516| } else if (next_dir) {

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:2636: var_decl: Declaring variable "esm_vpd_inq" without initializer.
iprutils-rel-2-4-19/iprconfig.c:2676: uninit_use_in_call: Using uninitialized value "*((char *)&esm_vpd_inq.esm_serial_num[0])" when calling "ipr_strncpy_0".
# 2674|
# 2675| if (ret == 0 ) {
# 2676|-> ipr_strncpy_0((char *)&dev->serial_number, (char *)&esm_vpd_inq.esm_serial_num[0], sizeof(esm_vpd_inq.esm_serial_num));
# 2677| ipr_strncpy_0(buffer, (char *)esm_vpd_inq.frb_label,
# 2678| sizeof(esm_vpd_inq.frb_label));

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprlib.c:5750: var_decl: Declaring variable "attr" without initializer.
iprutils-rel-2-4-19/iprlib.c:5771: uninit_use_in_call: Using uninitialized value "attr.vset_write_cache" when calling "ipr_set_ioa_attr".
# 5769|
# 5770| attr.active_active = mode;
# 5771|-> return ipr_set_ioa_attr(ioa, &attr, 1);
# 5772| }
# 5773|

Error: UNINIT (CWE-457):
iprutils-rel-2-4-19/iprconfig.c:7561: var_decl: Declaring variable "res_addr" without initializer.
iprutils-rel-2-4-19/iprconfig.c:7589: uninit_use_in_call: Using uninitialized value "res_addr.bus" when calling "num_device_opens".
# 7587| if (!ipr_can_remove_device(dev))
# 7588| return INVALID_OPTION_STATUS; /* FIXME */
# 7589|-> } else if (num_device_opens(res_addr.host, res_addr.bus,
# 7590| res_addr.target, res_addr.lun))
# 7591| return INVALID_OPTION_STATUS; /* FIXME */

Error: OVERRUN (CWE-119):
iprutils-rel-2-4-19/iprlib.c:5862: overrun-buffer-arg: Overrunning array "scsi_dev_data->res_path" of 24 bytes by passing it to a function which accesses it at byte offset 24 using argument "24".
# 5860| len = sysfs_read_attr(devpath, "resource_path", buff, 256);
# 5861| if (len > 0)
# 5862|-> ipr_strncpy_0n(scsi_dev_data->res_path,
# 5863|     buff, IPR_MAX_RES_PATH_LEN);
# 5864|

[ngothan]

I made a proposed patch that should resolve the covscan issues and attached it here for review.
Thanks!

diff -up iprutils-rel-2-4-19/iprconfig.c.me iprutils-rel-2-4-19/iprconfig.c
--- iprutils-rel-2-4-19/iprconfig.c.me	2024-06-17 12:10:54.493119641 +0200
+++ iprutils-rel-2-4-19/iprconfig.c	2024-06-18 11:20:17.885495296 +0200
@@ -2483,7 +2483,7 @@ static char *disk_details(char *body, st
 	char vendor_id[IPR_VENDOR_ID_LEN+1];
 	char serial_num[IPR_SERIAL_NUM_LEN+1];
 	char buffer[100];
-	int len, scsi_channel, scsi_id, scsi_lun;
+	int len = 0, scsi_channel = 0, scsi_id = 0, scsi_lun = 0;
 
 	device_record = (struct ipr_dev_record *)dev->dev_rcd;
 
@@ -2633,7 +2633,7 @@ int get_ses_phy_loc(struct ipr_dev *dev)
 	int rc, i, ret = 1;
 	struct ses_inquiry_page0  ses_page0_inq;
 	struct ses_serial_num_vpd ses_vpd_inq;
-	struct esm_serial_num_vpd esm_vpd_inq;
+	struct esm_serial_num_vpd esm_vpd_inq = {0};
 	char buffer[100];
 
 	memset(&ses_vpd_inq, 0, sizeof(ses_vpd_inq));
@@ -2649,18 +2649,18 @@ int get_ses_phy_loc(struct ipr_dev *dev)
 
 	if (ret == 0 ) {
 		dev->physical_location[0] = '\0';
-		strncat(dev->physical_location, "U", strlen("U"));
+		strcat(dev->physical_location, "U");
 		ipr_strncpy_0(buffer, (char *)ses_vpd_inq.feature_code,
 				sizeof(ses_vpd_inq.feature_code));
-		strncat(dev->physical_location, buffer, strlen(buffer));
+		strncat(dev->physical_location, buffer, sizeof(dev->physical_location) - strlen(dev->physical_location) -1);
 		ipr_strncpy_0(buffer, (char *)ses_vpd_inq.count,
 				sizeof(ses_vpd_inq.count));
-		strncat(dev->physical_location, ".", strlen("."));
-		strncat(dev->physical_location, buffer, strlen(buffer));
+		strcat(dev->physical_location, ".");
+		strncat(dev->physical_location, buffer, sizeof(dev->physical_location) - strlen(dev->physical_location) -1);
 		ipr_strncpy_0(buffer, (char *)ses_vpd_inq.ses_serial_num,
 				sizeof(ses_vpd_inq.ses_serial_num));
-		strncat(dev->physical_location, ".", strlen("."));
-		strncat(dev->physical_location, buffer, strlen(buffer));
+		strcat(dev->physical_location, ".");
+		strncat(dev->physical_location, buffer, sizeof(dev->physical_location) - strlen(dev->physical_location) -1);
 
 	}
 
@@ -2676,8 +2676,8 @@ int get_ses_phy_loc(struct ipr_dev *dev)
 			ipr_strncpy_0((char *)&dev->serial_number, (char *)&esm_vpd_inq.esm_serial_num[0], sizeof(esm_vpd_inq.esm_serial_num));
 			ipr_strncpy_0(buffer, (char *)esm_vpd_inq.frb_label,
 					sizeof(esm_vpd_inq.frb_label));
-			strncat(dev->physical_location, "-", strlen("-"));
-			strncat(dev->physical_location, buffer, strlen(buffer));
+			strcat(dev->physical_location, "-");
+			strncat(dev->physical_location, buffer, sizeof(dev->physical_location) - strlen(dev->physical_location) -1);
 			return 0;
 		}
 	}
@@ -3313,7 +3313,7 @@ static int raid_stop_complete()
  **/
 int do_confirm_raid_stop(i_container *i_con)
 {
-	struct ipr_dev *vset;
+	struct ipr_dev *vset = NULL;
 	struct array_cmd_data *cur_raid_cmd;
 	struct ipr_ioa *ioa;
 	int rc;
@@ -3715,7 +3715,7 @@ int configure_raid_parameters(i_containe
 	int ch, start_row;
 	int cur_field_index;
 	int selected_count = 0, ssd_num = 0, hdd_num = 0;
-	int stripe_sz, stripe_sz_mask, stripe_sz_list[16];
+	int stripe_sz, stripe_sz_mask, stripe_sz_list[16] = {0};
 	struct prot_level *prot_level_list;
 	int *userptr = NULL;
 	int *retptr;
@@ -3979,7 +3979,7 @@ int configure_raid_parameters(i_containe
 							sprintf(stripe_menu_str[index].line,"%d k",stripe_sz_mask);
 
 						if (stripe_sz_mask == ntohs(cap_entry->recommended_stripe_size)) {
-							sprintf(buffer,_("%s - recommend"),stripe_menu_str[index].line);
+							snprintf(buffer, sizeof(buffer), _("%s - recommend"),stripe_menu_str[index].line);
 							raid_item[index] = new_item(buffer, "");
 						} else {
 							raid_item[index] = new_item(stripe_menu_str[index].line, "");
@@ -7486,7 +7486,7 @@ int remove_or_add_back_device_64bit(stru
 	int res_path_len, dev_slot;
 	struct ipr_dev *sec_dev, *tmp_dev;
 	char new_sysfs_res_path[IPR_MAX_RES_PATH_LEN];
-	int rc;
+	int rc = 0;
 
 	res_path_len  = strlen(dev->res_path_name);
 	dev_slot = strtoul(dev->res_path_name + (res_path_len - 2), NULL, 16);
@@ -7558,7 +7558,7 @@ int process_conc_maint(i_container *i_co
 	int toggle=0;
 	s_node *n_screen;
 	struct screen_output *s_out;
-	struct ipr_res_addr res_addr;
+	struct ipr_res_addr res_addr = {0};
 	struct ipr_res_path res_path[2];
 	int max_y, max_x;
 
@@ -7905,7 +7905,7 @@ static struct ipr_dev *alloc_empty_slot(
 	dev->ses[0] = ses;
 	dev->ioa = ioa;
 	dev->physical_location[0] = '\0';
-	strncat(dev->physical_location, phy_loc, strlen(phy_loc));
+   strncat(dev->physical_location, phy_loc, sizeof(dev->physical_location) - strlen(dev->physical_location) -1);
 	get_res_addrs(dev);
 	return dev;
 }
@@ -7948,7 +7948,7 @@ static struct ipr_dev *alloc_empty_slot_
 	dev->ses[0] = ses;
 	dev->ioa = ioa;
 	dev->physical_location[0] = '\0';
-	strncat(dev->physical_location, phy_loc, strlen(phy_loc));
+	strncat(dev->physical_location, phy_loc, sizeof(dev->physical_location) - strlen(dev->physical_location) -1);
 	get_res_path(dev);
 	return dev;
 }
@@ -8020,7 +8020,7 @@ static struct ipr_dev *get_dev_for_slot(
 			}
 			dev->physical_location[0] = '\0';
 			if (strlen(phy_loc))
-				strncat(dev->physical_location, phy_loc, strlen(phy_loc));
+				strncat(dev->physical_location, phy_loc, sizeof(dev->physical_location) - strlen(dev->physical_location) -1);
 			return dev;
 		}
 	}
@@ -8068,7 +8068,7 @@ static struct ipr_dev *get_dev_for_slot_
 				}
 			dev->physical_location[0] = '\0';
 			if (strlen(phy_loc))
-				strncat(dev->physical_location, phy_loc, strlen(phy_loc));
+				strncat(dev->physical_location, phy_loc, sizeof(dev->physical_location) - strlen(dev->physical_location) -1);
 			return dev;
 
 			}
@@ -8282,7 +8282,7 @@ static int get_conc_devs(struct ipr_dev
 	int ses_bus, scsi_id_found, is_spi, is_vses;
 	struct ipr_ses_config_pg ses_cfg;
 	struct drive_elem_desc_pg drive_data;
-	char phy_loc[PHYSICAL_LOCATION_LENGTH + 1];
+	char phy_loc[PHYSICAL_LOCATION_LENGTH + 1] = {0};
 	int times, index;
 
 	for_each_primary_ioa(ioa) {
@@ -11447,7 +11447,7 @@ int change_ioa_config(i_container * i_co
 	 * number of options showed at screen. It should be more generic...
 	*/
 	struct ioa_config_attr *config_attr = NULL;
-	struct ipr_ioa_attr ioa_attr;
+	struct ipr_ioa_attr ioa_attr = {0};
 	int header_lines = 0, index = 0;
 	char *body = NULL;
 	struct screen_output *s_out;
@@ -12418,8 +12418,7 @@ int ibm_storage_log(i_container *i_con)
 			 (*dirent)->d_name);
 		logsource_fp = gzopen(logfile, "r");
 		if (logsource_fp == NULL) {
-			syslog(LOG_ERR, "Could not open %s: %m\n", line);
-			close(log_fd);
+			syslog(LOG_ERR, "Could not open %s: %m\n", logfile);
 			continue; /* proceed to next log file */
 		}
 
@@ -12524,8 +12523,7 @@ int kernel_log(i_container *i_con)
 			 (*dirent)->d_name);
 		logsource_fp = gzopen(logfile, "r");
 		if (logsource_fp == NULL) {
-			syslog(LOG_ERR, "Could not open %s: %m\n", line);
-			close(log_fd);
+			syslog(LOG_ERR, "Could not open %s: %m\n", logfile);
 			continue; /* proceed to next log file */
 		}
 
@@ -12602,8 +12600,7 @@ int iprconfig_log(i_container *i_con)
 			 (*dirent)->d_name);
 		logsource_fp = gzopen(logfile, "r");
 		if (logsource_fp == NULL) {
-			syslog(LOG_ERR, "Could not open %s: %m\n", line);
-			close(log_fd);
+			syslog(LOG_ERR, "Could not open %s: %m\n", logfile);
 			continue; /* proceed to next log file */
 		}
 
@@ -12855,7 +12852,7 @@ int ibm_boot_log(i_container *i_con)
 	snprintf(logfile, sizeof(logfile), "%s/boot.msg", log_root_dir);
 	logsource_fp = fopen(logfile, "r");
 	if (!logsource_fp) {
-		syslog(LOG_ERR, "Could not open %s: %m\n", line);
+		syslog(LOG_ERR, "Could not open %s: %m\n", logfile);
 		free(tmp_log);
 		close(log_fd);
 		return RC_75_Failed_Read_Err_Log;
@@ -12917,7 +12914,7 @@ static void get_status(struct ipr_dev *d
 	int blk_size = 0;
 	struct ipr_mode_pages mode_pages;
 	struct ipr_block_desc *block_desc;
-	struct sense_data_t sense_data;
+	struct sense_data_t sense_data = {0};
 	struct ipr_cmd_status cmd_status;
 	struct ipr_cmd_status_record *status_record;
 	int percent_cmplt = 0;
@@ -13261,7 +13258,7 @@ static char *print_phy64(struct ipr_fabr
 	ipr_format_res_path_wo_hyphen(cfg->res_path, buffer, IPR_MAX_RES_PATH_LEN);
 	ff_len = res_path_len - strlen(buffer);
 	for ( i = 0; i < ff_len;  i++)
-		strncat(buffer, "F", strlen("F"));
+		strcat(buffer, "F");
 
 	len += sprintf(body + len, "%s", buffer);
 
@@ -13419,8 +13416,8 @@ char *__print_device(struct ipr_dev *dev
 	char res_path_name[IPR_MAX_RES_PATH_LEN];
 	int tab_stop = 0;
 	int loc_len = 0;
-	char vendor_id[IPR_VENDOR_ID_LEN + 1];
-	char product_id[IPR_PROD_ID_LEN + 1];
+	char vendor_id[IPR_VENDOR_ID_LEN + 1] = {0};
+	char product_id[IPR_PROD_ID_LEN + 1] = {0};
 	struct ipr_ioa *ioa = dev->ioa, *ioa_phy_loc;
 	bool is4k = false, isri = false;
 
@@ -14009,7 +14006,7 @@ static void curses_init()
  **/
 static int format_devices(char **args, int num_args, int fmt_flag)
 {
-	int i, rc, blksz;
+	int i, rc, blksz = 0;
 	struct ipr_dev *dev;
 
 	for (i = 0; i < num_args; i++) {
@@ -17779,7 +17776,7 @@ static int get_drive_phy_loc(struct ipr_
 	struct ipr_ses_config_pg ses_cfg;
 	int ses_bus, scsi_id_found, is_spi, is_vses;
 	struct drive_elem_desc_pg drive_data;
-	char phy_loc[PHYSICAL_LOCATION_LENGTH + 1];
+	char phy_loc[PHYSICAL_LOCATION_LENGTH + 1] = {0};
 	int times, index;
 
 	is_spi = ioa_is_spi(ioa);
@@ -18222,7 +18219,7 @@ static int set_ioa_caching(char **args,
 static int set_array_rebuild_verify(char **args, int num_args)
 {
 	int rc;
-	struct ipr_ioa_attr attr;
+	struct ipr_ioa_attr attr = {0};
 	struct ipr_ioa *ioa;
 	struct ipr_dev *dev;
 	int disable_rebuild_verify;
@@ -18318,7 +18315,7 @@ static int set_array_rebuild_rate(char**
 	int err_rebuild_rate = 0;
 	int rebuild_rate = 0;
 	int rc;
-	struct ipr_ioa_attr attr;
+	struct ipr_ioa_attr attr = {0};
 	struct ipr_ioa *ioa;
 	struct ipr_dev *dev;
 
@@ -18382,7 +18379,7 @@ static int set_array_rebuild_rate(char**
  **/
 static int query_array_rebuild_rate(char**args, int num_args)
 {
-	struct ipr_ioa_attr attr;
+	struct ipr_ioa_attr attr = {0};
 	struct ipr_ioa *ioa;
 	struct ipr_dev *dev;
 	int rebuild_rate = 0;
diff -up iprutils-rel-2-4-19/iprconfig.h.me iprutils-rel-2-4-19/iprconfig.h
diff -up iprutils-rel-2-4-19/iprdump.c.me iprutils-rel-2-4-19/iprdump.c
--- iprutils-rel-2-4-19/iprdump.c.me	2024-06-17 17:12:49.846400485 +0200
+++ iprutils-rel-2-4-19/iprdump.c	2024-06-18 00:41:47.907738323 +0200
@@ -23,6 +23,7 @@
 #define MAX_DUMP_FILES 4
 #define TOOL_NAME "iprdump"
 #define DUMP_PREFIX TOOL_NAME"."
+#define MAX_PATH_LENGTH 1024
 
 char *tool_name = TOOL_NAME;
 
@@ -156,7 +157,7 @@ static int dump_sort(const struct dirent
 static void cleanup_old_dumps()
 {
 	struct dirent **dirent;
-	char fname[100];
+	char fname[MAX_PATH_LENGTH];
 	int rc, i;
 
 	rc = scandir(usr_dir, &dirent, select_dump_file, dump_sort);
@@ -226,7 +227,7 @@ static void write_dump(struct ipr_ioa *i
 	if (get_dump_fname(dump_file))
 		return;
 
-	sprintf(dump_path, "%s%s", usr_dir, dump_file);
+	snprintf(dump_path, sizeof(dump_path), "%s%s", usr_dir, dump_file);
 	f_dump = creat(dump_path, S_IRUSR);
 	if (f_dump < 0) {
 		syslog(LOG_ERR, "Cannot open %s. %m\n", dump_path);
@@ -347,7 +348,7 @@ int main(int argc, char *argv[])
 		if (strcmp(argv[i], "-d") == 0) {
 			strcpy(usr_dir,argv[++i]);
 			len = strlen(usr_dir);
-			if (len < sizeof(usr_dir) && usr_dir[len] != '/') {
+			if (len < sizeof(usr_dir) - 2 && usr_dir[len] != '/') {
 				usr_dir[len + 1] = '/';
 				usr_dir[len + 2] = '\0';
 			}
diff -up iprutils-rel-2-4-19/iprlib.c.me iprutils-rel-2-4-19/iprlib.c
--- iprutils-rel-2-4-19/iprlib.c.me	2024-06-17 12:22:56.983740856 +0200
+++ iprutils-rel-2-4-19/iprlib.c	2024-06-18 10:09:20.716132953 +0200
@@ -2063,8 +2063,9 @@ static void ipr_get_pci_slots()
 				if (strcmp(pci_slot[i].pci_device, ioa->pci_address) &&
 				    strcmp(pci_slot[i].slot_name, ioa->pci_address))
 					continue;
-				strcpy(ioa->physical_location,
-				       pci_slot[i].physical_name);
+				strncpy(ioa->physical_location,
+				       pci_slot[i].physical_name, sizeof(ioa->physical_location) - 1);
+				ioa->physical_location[sizeof(ioa->physical_location) - 1] = '\0';
 				break;
 			}
 		}
@@ -2101,7 +2102,7 @@ void load_system_p_oper_mode()
  **/
 static int __tool_init(int save_state)
 {
-	int temp, fw_type;
+	int temp, fw_type = 0;
 	struct ipr_ioa *ipr_ioa;
 	DIR *dirfd, *host_dirfd;
 	struct dirent *dent, *host_dent;
@@ -2132,13 +2133,15 @@ static int __tool_init(int save_state)
 		memset(ipr_ioa,0,sizeof(struct ipr_ioa));
 
 		/* PCI address */
-		strcpy(ipr_ioa->pci_address, dent->d_name);
+		strncpy(ipr_ioa->pci_address, dent->d_name, sizeof(ipr_ioa->pci_address) - 1);
+		ipr_ioa->pci_address[sizeof(ipr_ioa->pci_address) -1] = '\0';
 		ipr_ioa->host_num = -1;
 		sprintf(devpath, "/sys/bus/pci/drivers/ipr/%s",
 			dent->d_name);
 		host_dirfd = opendir(devpath);
 		if (!host_dirfd) {
 			syslog_dbg("Failed to open scsi_host class.\n");
+			closedir(dirfd);
 			return -EAGAIN;
 		}
 		while ((host_dent = readdir(host_dirfd)) != NULL) {
@@ -2152,7 +2155,8 @@ static int __tool_init(int save_state)
 				   &ipr_ioa->host_num) != 1)
 				continue;
 
-			strcpy(ipr_ioa->host_name, host_dent->d_name);
+			strncpy(ipr_ioa->host_name, host_dent->d_name, sizeof(ipr_ioa->host_name) - 1);
+			ipr_ioa->host_name[sizeof(ipr_ioa->host_name) - 1] = '\0';
 			get_pci_attrs(ipr_ioa, devpath);
 
 			sprintf(scsipath, "%s/%s/scsi_host/%s", devpath,
@@ -2188,6 +2192,7 @@ static int __tool_init(int save_state)
 		len = sysfs_read_attr(devpath, "model", buff, 16);
 		if (len < 0 || (sscanf(buff, "%4X", &temp) != 1)) {
 			syslog_dbg("Cannot read SCSI device model.\n");
+			closedir(dirfd);
 			return -EAGAIN;
 		}
 		ipr_ioa->ccin = temp;
@@ -5747,7 +5752,7 @@ int ipr_set_active_active_mode(struct ip
  **/
 int set_active_active_mode(struct ipr_ioa *ioa, int mode)
 {
-	struct ipr_ioa_attr attr;
+	struct ipr_ioa_attr attr = {0};
 	int rc;
 
 	/* Get the current ioa attributes. */
@@ -5860,7 +5865,7 @@ int get_scsi_dev_data(struct scsi_dev_da
 		len = sysfs_read_attr(devpath, "resource_path", buff, 256);
 		if (len > 0)
 			ipr_strncpy_0n(scsi_dev_data->res_path,
-				       buff, IPR_MAX_RES_PATH_LEN);
+				       buff, IPR_MAX_RES_PATH_LEN-1);
  
 		len = sysfs_read_attr(devpath, "device_id", buff, 256);
 		if (len > 0)
@@ -6255,15 +6260,19 @@ static void get_prot_levels(struct ipr_i
 	for_each_array(ioa, array) {
 		prot_level_str = get_prot_level_str(ioa->supported_arrays,
 						    array->raid_level);
-		strncpy(array->prot_level_str, prot_level_str, 8);
+		strncpy(array->prot_level_str, prot_level_str, sizeof(array->prot_level_str) - 1);
+		array->prot_level_str[sizeof(array->prot_level_str) - 1] = '\0';
 	}
 
 	for_each_vset(ioa, vset) {
 		prot_level_str = get_prot_level_str(ioa->supported_arrays,
 						    vset->raid_level);
-		strncpy(vset->prot_level_str, prot_level_str, 8);
-		for_each_dev_in_vset(vset, dev)
-			strncpy(dev->prot_level_str, prot_level_str, 8);
+		strncpy(vset->prot_level_str, prot_level_str, sizeof(vset->prot_level_str) - 1);
+		vset->prot_level_str[sizeof(vset->prot_level_str) - 1] = '\0';
+		for_each_dev_in_vset(vset, dev) {
+			strncpy(dev->prot_level_str, prot_level_str, sizeof(dev->prot_level_str) - 1);
+			dev->prot_level_str[sizeof(dev->prot_level_str) - 1] = '\0';
+		}
 	}
 }
 
@@ -7038,6 +7047,7 @@ static void ipr_save_attr(struct ipr_ioa
 	temp_fd = fopen(temp_fname, "w");
 	if (temp_fd == NULL) {
 		syslog(LOG_ERR, "Could not open %s. %m\n", temp_fname);
+		fclose(fd);
 		return;
 	}
 
@@ -9175,6 +9185,8 @@ int ipr_update_ioa_fw(struct ipr_ioa *io
 		dir = opendir(hotplug_dir);
 		if (!dir)
 			mkdir(hotplug_dir, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
+		else
+			closedir(dir);
 
 		dir = opendir(hotplug_dir);
 		if (!dir) {
@@ -9356,7 +9368,12 @@ int ipr_ses_get_time(struct ipr_dev *dev
 		return -EIO;
 
 	*origin = !!get_time.timestamp_origin;
-	*timestamp = be64toh(*((u64*) get_time.timestamp)) >> 16;
+	*timestamp = ((u64)get_time.timestamp[0] << 40) |
+					 ((u64)get_time.timestamp[1] << 32) |
+					 ((u64)get_time.timestamp[2] << 24) |
+					 ((u64)get_time.timestamp[3] << 16) |
+					 ((u64)get_time.timestamp[4] << 8)  |
+					 (u64)get_time.timestamp[5];
 	return 0;
 }
 
@@ -9776,7 +9793,7 @@ static void init_gpdd_dev(struct ipr_dev
  */
 static void init_af_dev(struct ipr_dev *dev)
 {
-	struct ipr_disk_attr attr;
+	struct ipr_disk_attr attr = {0};
 	int rc;
 
 	if (ipr_set_dasd_timeouts(dev, 0))

[ngothan]

@wxiong66 , i created a proposed patch for covscan issues, it would be great if you could have a look at it

Thanks!

[wxiong66]

On 2024-07-08 07:42, ngothan wrote: @wxiong66 , i created a proposed patch for covscan issues, it would be great if you could have a look at it Thanks! -- Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned. Message @wxiong66 [2] , i created a proposed patch for covscan issues, it would be great if you could have a look at it Thanks!

Yes. I will take a look! Thanks, Wendy