Skip to content

Coverity SARIF Test. DO NOT MERGE #335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
scthunderbolt wants to merge 1 commit into
base: master
Choose a base branch
from
+3 −3
Open

Coverity SARIF Test. DO NOT MERGE #335

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Source/deviceinfo/device_info/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@
*bufLength = length;

} else {
printf("ERROR: bufLength %d is too small for %d chars\n", *bufLength, totalLength);
printf("ERROR: bufLength %d is too small for %d chars\n", totalLength);

Check warning

Code scanning / CodeQL

Too few arguments to formatting function Medium

Format for printf expects 2 arguments but given 1

Copilot Autofix

AI 5 days ago

In general, to fix “too few arguments to formatting function” issues, you either (1) adjust the format string so it matches the number and types of the actual arguments, or (2) add the missing arguments so they match the format string. Here, the error message clearly intends to mention two values: the provided buffer length and the required number of characters. We already have totalLength (the required length), and we also have the caller-provided *bufLength. So the best fix is to pass both of these as arguments to printf, matching the two %d placeholders.

Concretely, in Source/deviceinfo/device_info/main.c, inside toHexString, update line 47 from:

printf("ERROR: bufLength %d is too small for %d chars\n", totalLength);

to:

printf("ERROR: bufLength %d is too small for %d chars\n", *bufLength, totalLength);

This preserves the behavior (now properly informing the caller what buffer length was provided and what was required) and removes the undefined behavior. No new headers, methods, or other definitions are needed.

Suggested changeset 1
Source/deviceinfo/device_info/main.c

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/Source/deviceinfo/device_info/main.c b/Source/deviceinfo/device_info/main.c
--- a/Source/deviceinfo/device_info/main.c
+++ b/Source/deviceinfo/device_info/main.c
@@ -44,7 +44,7 @@
         *bufLength = length;
 
     } else {
-        printf("ERROR: bufLength %d is too small for %d chars\n", totalLength);
+        printf("ERROR: bufLength %d is too small for %d chars\n", *bufLength, totalLength);
         *bufLength = 0;
     }
 }
EOF
@@ -44,7 +44,7 @@
*bufLength = length;

} else {
printf("ERROR: bufLength %d is too small for %d chars\n", totalLength);
printf("ERROR: bufLength %d is too small for %d chars\n", *bufLength, totalLength);
*bufLength = 0;
}
}
Copilot is powered by AI and may make mistakes. Always verify output.

Check warning

Code scanning / Coverity

Printf arg count mismatch Warning

PW.TOO_FEW_PRINTF_ARGS: the format string requires additional arguments

Check warning

Code scanning / Coverity

Missing argument to printf format specifier Warning

PRINTF_ARGS: No argument for format specifier "%d".
*bufLength = 0;
Comment on lines +47 to 48
Copy link

Copilot AI Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This printf call has a format/argument mismatch: the format string expects two integers (%d ... %d), but only one argument (totalLength) is provided. This is undefined behavior. Pass both *bufLength and totalLength (and consider using the proper uint32_t format) or adjust the format string accordingly.

Copilot uses AI. Check for mistakes.
}
}
Expand Down
2 changes: 1 addition & 1 deletion Source/displayinfo/DisplayInfo.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -561,7 +561,7 @@

if(edid.IsValid()) {
::memset(edid_info, 0, sizeof(*edid_info));
memcpy(edid_info->manufacturer_id, edid.Manufacturer().c_str(), sizeof(edid_info->manufacturer_id));
memcpy(edid_info->manufacturer_id, edid.Manufacturer().c_str(), 10*sizeof(edid_info->manufacturer_id));

Check failure

Code scanning / Coverity

Out-of-bounds access Error

OVERRUN: Overrunning array "edid_info->manufacturer_id" of 3 bytes by passing it to a function which accesses it at byte offset 29 using argument "30UL".

Check failure

Code scanning / Coverity

Destination buffer too small Error

BUFFER_SIZE: You might overrun the 3 byte destination string "edid_info->manufacturer_id" by writing the maximum 30 bytes from "string(edid.Manufacturer()).c_str()".
edid_info->product_code = edid.ProductCode();
Comment on lines +564 to 565
Copy link

Copilot AI Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

manufacturer_id is defined as char manufacturer_id[3] (see Source/displayinfo/include/displayinfo.h). Copying 10 * sizeof(edid_info->manufacturer_id) bytes will overflow the destination buffer (30 bytes into a 3-byte array), causing memory corruption. Copy at most sizeof(edid_info->manufacturer_id) bytes (or the source length, whichever is smaller), and keep the current behavior of not requiring NUL-termination since callers print it with a bounded length.

Copilot uses AI. Check for mistakes.
edid_info->serial_number = edid.Serial();
edid_info->manufacture_week = edid.Week();
Expand Down
2 changes: 1 addition & 1 deletion Source/displayinfo/display_info/main.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@
*bufLength = length;

} else {
printf("ERROR: bufLength %d is too small for %d chars\n", *bufLength, totalLength);
printf("ERROR: bufLength %d is %s too small for %d chars\n", *bufLength, totalLength);

Check warning

Code scanning / CodeQL

Too few arguments to formatting function Medium

Format for printf expects 3 arguments but given 2

Copilot Autofix

AI 5 days ago

In general, to fix “too few arguments to formatting function” errors, you must make the format string and the argument list consistent: every conversion specifier (e.g., %d, %s, %u) must correspond to one argument of the correct type, and there must not be fewer arguments than specifiers. You can either remove unused specifiers from the format string or add the missing arguments; you should also ensure each specifier’s type matches the argument’s type.

For this specific case in Source/displayinfo/display_info/main.c, line 128 uses three specifiers (%d, %s, %d) but provides only two integer arguments (*bufLength and totalLength). There is no string argument matching %s, and totalLength is incorrectly printed with %s. The simplest, non‑functional‑changing fix is to adjust the format string to use two integer specifiers and remove the stray %s, since the message is intended to state that bufLength is too small for totalLength characters. The corrected line should read:

printf("ERROR: bufLength %d is too small for %d chars\n", *bufLength, totalLength);

No new methods, imports, or definitions are needed; we only change the format string in the existing printf call in toHexString.

Suggested changeset 1
Source/displayinfo/display_info/main.c

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/Source/displayinfo/display_info/main.c b/Source/displayinfo/display_info/main.c
--- a/Source/displayinfo/display_info/main.c
+++ b/Source/displayinfo/display_info/main.c
@@ -125,7 +125,7 @@
         *bufLength = length;
 
     } else {
-        printf("ERROR: bufLength %d is %s too small for %d chars\n", *bufLength, totalLength);
+        printf("ERROR: bufLength %d is too small for %d chars\n", *bufLength, totalLength);
         *bufLength = 0;
     }
 }
EOF
@@ -125,7 +125,7 @@
*bufLength = length;

} else {
printf("ERROR: bufLength %d is %s too small for %d chars\n", *bufLength, totalLength);
printf("ERROR: bufLength %d is too small for %d chars\n", *bufLength, totalLength);
*bufLength = 0;
}
}
Copilot is powered by AI and may make mistakes. Always verify output.
Copy link

Copilot AI Mar 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The printf format string and argument list no longer match: it includes a %s and two %d specifiers, but only two arguments are passed (and the second argument is totalLength, not a string). This is undefined behavior and can crash or print garbage. Update the format string and/or provide the correct arguments (e.g., restore the previous message using *bufLength and totalLength, and use the correct integer format for uint32_t).

Suggested change
printf("ERROR: bufLength %d is %s too small for %d chars\n", *bufLength, totalLength);
printf("ERROR: bufLength %" PRIu32 " is too small for %" PRIu32 " chars\n",
*bufLength, totalLength);

Copilot uses AI. Check for mistakes.

Check warning

Code scanning / Coverity

Invalid type in argument to printf format specifier Warning

PRINTF_ARGS: Argument "totalLength" to format specifier "%s" was expected to have type "char *" but has type "unsigned int".

Check warning

Code scanning / Coverity

Printf arg count mismatch Warning

PW.TOO_FEW_PRINTF_ARGS: the format string requires additional arguments

Check warning

Code scanning / Coverity

Missing argument to printf format specifier Warning

PRINTF_ARGS: No argument for format specifier "%d".
*bufLength = 0;
}
}
Expand Down
Loading