Coverity scan of Fedora Guile-2.0.2 package

Coverity scan of Fedora Guile-2.0.2 package

[Michal Luscon]

[-- Attachment #1: Type: text/plain, Size: 376 bytes --]

Hello,

as a part of Red Hat Coverity scan initiative I have been analysed the 
Fedora Guile package. Selected issues you can find in addition of this 
message and I hope that it would be useful for the next improvement of 
Guile quality. If you are interested in getting the whole scan, please 
contact me and I will send it to you.

Greetings,
Michal Luščon



[-- Attachment #2: guile-2.0.2-1.fc16.err --]
[-- Type: text/plain, Size: 35960 bytes --]

Error: CHECKED_RETURN:
/builddir/build/BUILD/guile-2.0.2/libguile/r6rs-ports.c:1151: check_return: Calling function "scm_fill_input" without checking return value (as is done elsewhere 5 out of 6 times).
/builddir/build/BUILD/guile-2.0.2/libguile/inline.h:293: example_checked: "scm_fill_input(port)" has its value checked in "scm_fill_input(port) == -1".
/builddir/build/BUILD/guile-2.0.2/libguile/inline.h:321: example_checked: "scm_fill_input(port)" has its value checked in "scm_fill_input(port) == -1".
/builddir/build/BUILD/guile-2.0.2/libguile/ports.c:1551: example_checked: "scm_fill_input(port)" has its value checked in "scm_fill_input(port) != -1".
/builddir/build/BUILD/guile-2.0.2/libguile/ports.c:1575: example_checked: "scm_fill_input(port)" has its value checked in "scm_fill_input(port) != -1".
/builddir/build/BUILD/guile-2.0.2/libguile/read.c:1619: example_checked: "scm_fill_input(port)" has its value checked in "scm_fill_input(port) == -1".
/builddir/build/BUILD/guile-2.0.2/libguile/r6rs-ports.c:1151: unchecked_value: No check of the return value of "scm_fill_input(bport)".

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:103: result_independent_of_operands: val <= 18446744073709551615UL /* 9223372036854775807UL * 2UL + 1UL */ is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-integer.i.c:77: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) >= 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:103: result_independent_of_operands: val <= 18446744073709551615UL /* 9223372036854775807UL * 2UL + 1UL */ is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/usr/include/gmp-x86_64.h:1672: result_independent_of_operands: __gmp_p[0] <= 18446744073709551615UL /* ~(0UL) */ is always true regardless of the values of its operands. This occurs as the logical second operand of '&&'.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:72: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) < 0 is always false regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: result_independent_of_operands: (scm_t_uintmax)n >= 0UL is always true regardless of the values of its operands. This occurs as the logical second operand of '&&'.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:72: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) < 0 is always false regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:48: result_independent_of_operands: max <= 18446744073709551615UL /* 9223372036854775807UL * 2UL + 1UL */ is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-integer.i.c:77: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) >= 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-integer.i.c:77: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) >= 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:72: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) < 0 is always false regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: result_independent_of_operands: (scm_t_uintmax)n >= 0UL is always true regardless of the values of its operands. This occurs as the logical second operand of '&&'.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-integer.i.c:77: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) >= 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-integer.i.c:77: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) >= 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/socket.c:294: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = src : src) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = src : src) + 1))->_mp_size > 0)) < 0 is always false regardless of the values of its operands. This occurs as the logical first operand of '||'.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-integer.i.c:77: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) >= 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:72: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) < 0 is always false regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: result_independent_of_operands: (scm_t_uintmax)n >= 0UL is always true regardless of the values of its operands. This occurs as the logical second operand of '&&'.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:4954: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = n : n) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = n : n) + 1))->_mp_size > 0)) < 0 is always false regardless of the values of its operands. This occurs as the logical first operand of '&&'.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:9119: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) < 0 is always false regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:9104: result_independent_of_operands: max <= 18446744073709551615UL /* 9223372036854775807UL * 2UL + 1UL */ is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:72: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) < 0 is always false regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: result_independent_of_operands: (scm_t_uintmax)n >= 0UL is always true regardless of the values of its operands. This occurs as the logical second operand of '&&'.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:9608: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = k : k) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = k : k) + 1))->_mp_size > 0)) < 0 is always false regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:9073: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = val : val) + 1))->_mp_size > 0)) >= 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:4901: result_independent_of_operands: ((((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = n : n) + 1))->_mp_size < 0) ? -1 : (((mpz_t *)((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *(NULL) = n : n) + 1))->_mp_size > 0)) >= 0 is always true regardless of the values of its operands. This occurs as the logical operand of if.

Error: CONSTANT_EXPRESSION_RESULT:
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:4570: result_independent_of_operands: ((m_tmp->_mp_size < 0) ? -1 : (m_tmp->_mp_size > 0)) < 0 is always false regardless of the values of its operands. This occurs as the logical first operand of '&&'.

Error: DEADCODE:
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:788: dead_error_condition: On this path, the switch value "tag" cannot be "1047UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:748: const: After this line, the value of "tag" is equal to 23.
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:776: equality_cond: Jumping to case "23UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:742: new_values: Noticing condition "tag >= 255UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:788: dead_error_begin: Execution cannot reach this statement "case 1047UL:".

Error: DEADCODE:
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:782: dead_error_condition: On this path, the switch value "tag" cannot be "279UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:748: const: After this line, the value of "tag" is equal to 23.
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:776: equality_cond: Jumping to case "23UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:742: new_values: Noticing condition "tag >= 255UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:782: dead_error_begin: Execution cannot reach this statement "case 279UL:".

Error: DEADCODE:
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:779: dead_error_condition: On this path, the switch value "tag" cannot be "535UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:748: const: After this line, the value of "tag" is equal to 23.
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:776: equality_cond: Jumping to case "23UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:742: new_values: Noticing condition "tag >= 255UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:779: dead_error_begin: Execution cannot reach this statement "case 535UL:".

Error: DEADCODE:
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:785: dead_error_condition: On this path, the switch value "tag" cannot be "791UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:748: const: After this line, the value of "tag" is equal to 23.
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:776: equality_cond: Jumping to case "23UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:742: new_values: Noticing condition "tag >= 255UL".
/builddir/build/BUILD/guile-2.0.2/libguile/gc.c:785: dead_error_begin: Execution cannot reach this statement "case 791UL:".

Error: DEADCODE:
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:1503: dead_error_condition: On this path, the condition "yy == 0L" cannot be true.
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:1503: at_most: After this line, the value of "yy" is at most -1.
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:1492: equality_cond: Condition "yy == 0L" is evaluated as false.
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:1503: equality_cond: Condition "yy == 0L" is evaluated as false.
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:1498: new_values: Noticing condition "yy > 0L".
/builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:1504: dead_error_line: Execution cannot reach this statement "scm_num_overflow(s_scm_ceil...".


Error: FORWARD_NULL:
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:1924: var_compare_op: Comparing "buf" to null implies that "buf" might be null.
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:1943: var_deref_model: Passing null variable "buf" to function "unistring_escapes_to_guile_escapes", which dereferences it.
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:1631: var_assign_parm: Assigning: "after" = "buf".
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:1636: deref_var: Dereferencing "before", which equals a pointer parameter.

Error: FORWARD_NULL:
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-14.c:454: assign_zero: Assigning: "c->ranges" = 0.
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-14.c:462: var_deref_model: Passing null variable "c->ranges" to function "scm_i_charset_set", which dereferences it.
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-14.c:91: deref_parm: Directly dereferencing parameter "cs->ranges".



Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/programs.c:58: negative_return_fn: Function "scm_c_vector_length(free_variables)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/vectors.c:135: negative_return: Calling "scm_to_uint64", which might return a negative value.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_nsceg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/vectors.c:135: return_negative_fn: Returning the return value of "scm_to_uint64", which might be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/programs.c:58: var_assign: Assigning: unsigned variable "len" = "scm_c_vector_length".
/builddir/build/BUILD/guile-2.0.2/libguile/programs.c:64: negative_returns: Using unsigned variable "len" in a loop exit condition.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/struct.c:567: negative_return_fn: Function "scm_to_uint64(tail_array_size)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/struct.c:567: negative_returns: "scm_to_uint64(tail_array_size)" is passed to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/struct.c:462:40: sizet: "n_tail" is a size_t parameter.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/bitvectors.c:347: negative_return_fn: Function "scm_to_uint64(scm_length(list))" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/bitvectors.c:347: var_assign: Assigning: unsigned variable "bit_len" = "scm_to_uint64".
/builddir/build/BUILD/guile-2.0.2/libguile/bitvectors.c:348: negative_returns: "bit_len" is passed to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/bitvectors.c:108:30: sizet: "len" is a size_t parameter.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/bitvectors.c:132: negative_return_fn: Function "scm_to_uint64(len)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/bitvectors.c:132: negative_returns: "scm_to_uint64(len)" is passed to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/bitvectors.c:108:30: sizet: "len" is a size_t parameter.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/control.c:253: negative_return_fn: Function "scm_ilength(args)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/list.c:190: return_negative_constant: Explicitly returning negative value "-1L".
/builddir/build/BUILD/guile-2.0.2/libguile/control.c:253: var_assign: Assigning: unsigned variable "n" = "scm_ilength".
/builddir/build/BUILD/guile-2.0.2/libguile/control.c:255: negative_returns: Using unsigned variable "n" in a loop exit condition.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/control.c:63: negative_return_fn: Function "scm_to_uint64(((struct scm_vm *)(scm_t_bits)(0 ? *NULL = (SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *NULL = vm : vm)[1] : (SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *NULL = vm : vm)[1]))->sp[0])" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/control.c:63: var_assign: Assigning: unsigned variable "n" = "scm_to_uint64".
/builddir/build/BUILD/guile-2.0.2/libguile/control.c:64: negative_returns: Using unsigned variable "n" in a loop exit condition.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/eval.c:285: negative_return_fn: Function "scm_ilength((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *NULL = mx : mx)[0])" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/list.c:190: return_negative_constant: Explicitly returning negative value "-1L".
/builddir/build/BUILD/guile-2.0.2/libguile/eval.c:285: var_assign: Assigning: signed variable "len" = "scm_ilength".
/builddir/build/BUILD/guile-2.0.2/libguile/eval.c:293: negative_returns: Passing variable "len" to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/fluids.c:308: parm_assign_alias: Assigning: "j" = "n".
/builddir/build/BUILD/guile-2.0.2/libguile/fluids.c:312: index: Indexing with parameter copy "j".
/builddir/build/BUILD/guile-2.0.2/libguile/eval.c:293: negative_returns: "len" is passed to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/fluids.c:308: var_assign_parm: Assigning: "j" = "n".
/builddir/build/BUILD/guile-2.0.2/libguile/fluids.c:311: a_loop_bound: Using a copy "j" of an unsigned parameter in a loop exit test.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/foreign.c:270: negative_return_fn: Function "scm_to_uint64(len)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/foreign.c:270: var_assign: Assigning: unsigned variable "blen" = "scm_to_uint64".
/builddir/build/BUILD/guile-2.0.2/libgu	ile/foreign.c:272: negative_returns: "blen" is passed to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/bytevectors.c:294:60: sizet: "len" is a size_t parameter.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/foreign.c:416: negative_return_fn: Function "scm_to_uint64(length)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/foreign.c:416: var_assign: Assigning: unsigned variable "len" = "scm_to_uint64".
/builddir/build/BUILD/guile-2.0.2/libguile/foreign.c:419: negative_returns: "len" is passed to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:1533:50: sizet: "len" is a size_t parameter.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/generalized-vectors.c:147: negative_return_fn: Function "scm_to_uint64(idx)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/generalized-vectors.c:147: negative_returns: "scm_to_uint64(idx)" is passed to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/generalized-vectors.c:131:45: sizet: "idx" is a size_t parameter.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/generalized-vectors.c:166: negative_return_fn: Function "scm_to_uint64(idx)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/generalized-vectors.c:166: negative_returns: "scm_to_uint64(idx)" is passed to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/generalized-vectors.c:152:47: sizet: "idx" is a size_t parameter.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/posix.c:1298: negative_returns: Passing negative constant "-1" to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:2061: parm_assign_alias: Assigning: "i" = "argc".
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:2066: index: Indexing with parameter copy "i".

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/posix.c:434: negative_returns: Passing negative constant "-1" to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:2061: parm_assign_alias: Assigning: "i" = "argc".
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:2066: index: Indexing with parameter copy "i".

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-13.c:231: negative_return_fn: Function "scm_to_uint64(len)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-13.c:231: var_assign: Assigning: unsigned variable "clen" = "scm_to_uint64".
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-13.c:239: negative_returns: Using unsigned variable "clen" in a loop exit condition.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-4.c:255: negative_return_fn: Function "scm_to_uint64(len)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-4.c:255: negative_returns: "scm_to_uint64(len)" is passed to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/bytevectors.c:280:37: sizet: "len" is a size_t parameter.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-60.c:339: negative_return_fn: Function "scm_to_uint64(len)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-60.c:339: var_assign: Assigning: unsigned variable "ll" = "scm_to_uint64".
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-60.c:344: negative_returns: Using unsigned variable "ll" in a loop exit condition.
/builddir/build/BUILD/guile-2.0.2/libguile/srfi-60.c:355: negative_returns: Using unsigned variable "ll" in a loop exit condition.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:1122: negative_return_fn: Function "scm_to_uint64(k)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:1122: negative_returns: Passing variable "scm_to_uint64(k)" to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:1132: index: Passing parameter "len" to an index.
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:270: index: Passing parameter "len" to an index.
/builddir/build/BUILD/guile-2.0.2/libguile/strings.c:135: index: Indexing with parameter "len".

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/uniform.c:166: negative_return_fn: Function "scm_to_uint64(idx)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/uniform.c:166: negative_returns: "scm_to_uint64(idx)" is passed to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/uniform.c:157: neg_sink_parm_call: Passing "idx" to "scm_c_generalized_vector_ref", which cannot accept a negative.
/builddir/build/BUILD/guile-2.0.2/libguile/generalized-vectors.c:131:45: sizet: "idx" is a size_t parameter.

Error: NEGATIVE_RETURNS:
/builddir/build/BUILD/guile-2.0.2/libguile/uniform.c:184: negative_return_fn: Function "scm_to_uint64(idx)" returns a negative number.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_neg: Variable "(scm_t_uintmax)n" is negative.
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
/builddir/build/BUILD/guile-2.0.2/libguile/uniform.c:184: negative_returns: "scm_to_uint64(idx)" is passed to a parameter that cannot be negative.
/builddir/build/BUILD/guile-2.0.2/libguile/uniform.c:175: neg_sink_parm_call: Passing "idx" to "scm_c_generalized_vector_set_x", which cannot accept a negative.
/builddir/build/BUILD/guile-2.0.2/libguile/generalized-vectors.c:152:47: sizet: "idx" is a size_t parameter.

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:57: unsigned_compare: This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "n >= 0UL".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:616: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:708: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:792: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:826: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:966: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:985: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:993: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:1004: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:1008: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:1079: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:1168: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:1322: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:1426: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/lib/strftime.c:996: bad_memset: Memset with fill value '0'.  Did you want 0? "memset(p, 48, padding)".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/libguile/control.c:253: unsigned_compare: This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "n >= 0UL".

Error: NO_EFFECT:
/builddir/build/BUILD/guile-2.0.2/libguile/gen-scmconfig.c:218: array_null: Comparing an array to null is not useful: ""inline"".

Error: OVERRUN_STATIC:
/builddir/build/BUILD/guile-2.0.2/libguile/arrays.c:912: overrun-local: Overrunning static array "tag", with 80 elements, at position 80 with index variable "tag_len".

Error: OVERRUN_STATIC:
/builddir/build/BUILD/guile-2.0.2/libguile/hashtab.c:279: overrun-local: Overrunning static array "hashtable_size", with 25 elements, at position 25 with index variable "i".

TError: RESOURCE_LEAK:
/builddir/build/BUILD/guile-2.0.2/libguile/script.c:307: alloc_fn: Calling allocation function "scm_malloc".
/builddir/build/BUILD/guile-2.0.2/libguile/gc-malloc.c:108: alloc_fn: Storage is returned from allocation function "scm_realloc".
/builddir/build/BUILD/guile-2.0.2/libguile/gc-malloc.c:91: alloc_fn: Storage is returned from allocation function "realloc".
/builddir/build/BUILD/guile-2.0.2/libguile/gc-malloc.c:91: var_assign: Assigning: "ptr" = "realloc(mem, size)".
/builddir/build/BUILD/guile-2.0.2/libguile/gc-malloc.c:93: return_alloc: Returning allocated memory "ptr".
/builddir/build/BUILD/guile-2.0.2/libguile/gc-malloc.c:108: return_alloc_fn: Directly returning storage allocated by "scm_realloc".
/builddir/build/BUILD/guile-2.0.2/libguile/script.c:307: var_assign: Assigning: "nargv" =  storage returned from "scm_malloc((1 + nargc) * sizeof (char *) /*8*/)".
/builddir/build/BUILD/guile-2.0.2/libguile/script.c:320: leaked_storage: Variable "nargv" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/builddir/build/BUILD/guile-2.0.2/libguile/script.c:327: alloc_fn: Calling allocation function "script_read_arg".
/builddir/build/BUILD/guile-2.0.2/libguile/script.c:228: alloc_fn: Storage is returned from allocation function "scm_malloc".
/builddir/build/BUILD/guile-2.0.2/libguile/gc-malloc.c:108: alloc_fn: Storage is returned from allocation function "scm_realloc".
/builddir/build/BUILD/guile-2.0.2/libguile/gc-malloc.c:91: alloc_fn: Storage is returned from allocation function "realloc".
/builddir/build/BUILD/guile-2.0.2/libguile/gc-malloc.c:91: var_assign: Assigning: "ptr" = "realloc(mem, size)".
/builddir/build/BUILD/guile-2.0.2/libguile/gc-malloc.c:93: return_alloc: Returning allocated memory "ptr".
/builddir/build/BUILD/guile-2.0.2/libguile/gc-malloc.c:108: return_alloc_fn: Directly returning storage allocated by "scm_realloc".
/builddir/build/BUILD/guile-2.0.2/libguile/script.c:228: var_assign: Assigning: "buf" = "scm_malloc(size + 1UL)".
/builddir/build/BUILD/guile-2.0.2/libguile/script.c:268: return_alloc: Returning allocated memory "buf".
/builddir/build/BUILD/guile-2.0.2/libguile/script.c:327: var_assign: Assigning: "narg" =  storage returned from "script_read_arg(f)".
/builddir/build/BUILD/guile-2.0.2/libguile/script.c:330: leaked_storage: Variable "narg" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/builddir/build/BUILD/guile-2.0.2/libguile/posix.c:1342: alloc_fn: Calling allocation function "tmpfile".
/builddir/build/BUILD/guile-2.0.2/libguile/posix.c:1342: var_assign: Assigning: "rv" =  storage returned from "tmpfile()".
/builddir/build/BUILD/guile-2.0.2/libguile/posix.c:1344: noescape: Variable "rv" is not freed or pointed-to in function "fileno".
/builddir/build/BUILD/guile-2.0.2/libguile/posix.c:1344: leaked_storage: Variable "rv" going out of scope leaks the storage it points to.

Error: SIZEOF_MISMATCH:
/builddir/build/BUILD/guile-2.0.2/libguile/bytevectors.c:256: suspicious_sizeof: Passing argument "24UL /* 3UL * sizeof (SCM) /*8*/ */" to function "scm_gc_malloc" and then casting the return value to "SCM" is suspicious.  Did you intend to use "sizeof(struct scm_unused_struct)" instead of "sizeof (SCM)" ?

Error: UNUSED_VALUE:
/builddir/build/BUILD/guile-2.0.2/libguile/read.c:411: returned_pointer: Pointer "tmp" returned by "scm_read_expression(port)" is never used.

Error: UNUSED_VALUE:
/builddir/build/BUILD/guile-2.0.2/libguile/stacks.c:189: returned_pointer: Pointer "frame" returned by "scm_stack_ref(stack, scm_from_int64(len - 1UL))" is never used.

Re: Coverity scan of Fedora Guile-2.0.2 package

[Andy Wingo]

Hi Michal,

Thank you for sending these results.  I have used coverity in the past
and know that it can find lots of interesting bugs.  However, a few of
Guile's constructs caused a fair number of false positives in this
batch.  So in the beginning there were not many actual positives.

However towards the end of the list, we started finding real issues.
The only one with a significant security impact was the buffer overflow
when reading array tags.  I fixed it properly in 2.0 and will back-port
a more minimal fix to 1.8.

The list of unique issues and their resolutions is below.  Given the
number of false positives though, I will decline your offer for the full
report.  Anyone other Guile developer is welcome to it, of course.

Regards,

Andy

On Thu 28 Jul 2011 11:38, Michal Luscon <mluscon@redhat.com> writes:

> Error: CHECKED_RETURN:
> /builddir/build/BUILD/guile-2.0.2/libguile/r6rs-ports.c:1151: check_return: Calling function "scm_fill_input" without checking return value (as is done elsewhere 5 out of 6 times).

This one is fine, the `count' check is equivalent and comes up later.

> Error: CONSTANT_EXPRESSION_RESULT:
> /builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:103: result_independent_of_operands: val <= 18446744073709551615UL /* 9223372036854775807UL * 2UL + 1UL */ is always true regardless of the values of its operands. This occurs as the logical operand of if.

This one and others are also fine -- they are multiply-included files
which are parameterized on different type ranges, and we rely on the
compiler to eliminate dead branches.

> Error: CONSTANT_EXPRESSION_RESULT:
> /builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:4570: result_independent_of_operands: ((m_tmp->_mp_size < 0) ? -1 : (m_tmp->_mp_size > 0)) < 0 is always false regardless of the values of its operands. This occurs as the logical first operand of '&&'.

This one and similar ones perplex me.  They come from the expansion of
mpz_sgn, which can (and do) indeed return -1, 0, or 1.  I think it is a
bug in coverity.

>
> Error: DEADCODE:
> /builddir/build/BUILD/guile-2.0.2/libguile/gc.c:788: dead_error_condition: On this path, the switch value "tag" cannot be "1047UL".

Fixed, I think.

> /builddir/build/BUILD/guile-2.0.2/libguile/gc.c:748: const: After this line, the value of "tag" is equal to 23.
> /builddir/build/BUILD/guile-2.0.2/libguile/gc.c:776: equality_cond: Jumping to case "23UL".
> /builddir/build/BUILD/guile-2.0.2/libguile/gc.c:742: new_values: Noticing condition "tag >= 255UL".
> /builddir/build/BUILD/guile-2.0.2/libguile/gc.c:788: dead_error_begin: Execution cannot reach this statement "case 1047UL:".

I am unclear about these, but this function is internal and never called
right now, and will change in 2.2, so I am going to punt.

> Error: DEADCODE:
> /builddir/build/BUILD/guile-2.0.2/libguile/numbers.c:1503:
> dead_error_condition: On this path, the condition "yy == 0L" cannot be
> true.

Fixed.

> Error: FORWARD_NULL:
> /builddir/build/BUILD/guile-2.0.2/libguile/strings.c:1924: var_compare_op: Comparing "buf" to null implies that "buf" might be null.
> /builddir/build/BUILD/guile-2.0.2/libguile/strings.c:1943: var_deref_model: Passing null variable "buf" to function "unistring_escapes_to_guile_escapes", which dereferences it.

This is fine, as scm_encoding_error does a nonlocal exit.

> Error: FORWARD_NULL:
> /builddir/build/BUILD/guile-2.0.2/libguile/srfi-14.c:454: assign_zero: Assigning: "c->ranges" = 0.
> /builddir/build/BUILD/guile-2.0.2/libguile/srfi-14.c:462: var_deref_model: Passing null variable "c->ranges" to function "scm_i_charset_set", which dereferences it.
> /builddir/build/BUILD/guile-2.0.2/libguile/srfi-14.c:91: deref_parm: Directly dereferencing parameter "cs->ranges".

When ranges is NULL, len is 0.  No error.

> Error: NEGATIVE_RETURNS:
> /builddir/build/BUILD/guile-2.0.2/libguile/programs.c:58: negative_return_fn: Function "scm_c_vector_length(free_variables)" returns a negative number.
> /builddir/build/BUILD/guile-2.0.2/libguile/vectors.c:135: negative_return: Calling "scm_to_uint64", which might return a negative value.
> /builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:32: var_tested_nsceg: Variable "(scm_t_uintmax)n" is negative.
> /builddir/build/BUILD/guile-2.0.2/libguile/conv-uinteger.i.c:34: return_negative_variable: Explicitly returning negative variable "n".
> /builddir/build/BUILD/guile-2.0.2/libguile/vectors.c:135: return_negative_fn: Returning the return value of "scm_to_uint64", which might be negative.
> /builddir/build/BUILD/guile-2.0.2/libguile/programs.c:58: var_assign: Assigning: unsigned variable "len" = "scm_c_vector_length".
> /builddir/build/BUILD/guile-2.0.2/libguile/programs.c:64: negative_returns: Using unsigned variable "len" in a loop exit condition.

This (and other similar cases) is a bug in coverity, presumably: there
is no way for scm_to_uint64 to return a negative number.  Perhaps it
doesn't understand the multiple-include thing correctly.

> Error: NEGATIVE_RETURNS:
> /builddir/build/BUILD/guile-2.0.2/libguile/control.c:253: negative_return_fn: Function "scm_ilength(args)" returns a negative number.
> /builddir/build/BUILD/guile-2.0.2/libguile/list.c:190: return_negative_constant: Explicitly returning negative value "-1L".
> /builddir/build/BUILD/guile-2.0.2/libguile/control.c:253: var_assign: Assigning: unsigned variable "n" = "scm_ilength".
> /builddir/build/BUILD/guile-2.0.2/libguile/control.c:255: negative_returns: Using unsigned variable "n" in a loop exit condition.

Good one!  Fixed.

> Error: NEGATIVE_RETURNS:
> /builddir/build/BUILD/guile-2.0.2/libguile/eval.c:285: negative_return_fn: Function "scm_ilength((SCM *)(scm_t_cell *)(scm_t_bits)(0 ? *NULL = mx : mx)[0])" returns a negative number.

False positive.  The return value will be positive, as memoize.c
constructed the mx properly.

> Error: NEGATIVE_RETURNS:
> /builddir/build/BUILD/guile-2.0.2/libguile/posix.c:1298: negative_returns: Passing negative constant "-1" to a parameter that cannot be negative.
> /builddir/build/BUILD/guile-2.0.2/libguile/strings.c:2061: parm_assign_alias: Assigning: "i" = "argc".
> /builddir/build/BUILD/guile-2.0.2/libguile/strings.c:2066: index: Indexing with parameter copy "i".

False positive.  See scm_makfromstrs for details.

> Error: NO_EFFECT:
> /builddir/build/BUILD/guile-2.0.2/lib/strftime.c:616: bad_memset:
> Memset with fill value '0'.  Did you want 0? "memset(p, 48, _delta)".

False positive; I think that's what this code wants to do.

> Error: NO_EFFECT:
> /builddir/build/BUILD/guile-2.0.2/libguile/gen-scmconfig.c:218: array_null: Comparing an array to null is not useful: ""inline"".

False positive; this is part of build configuration.

> Error: OVERRUN_STATIC:
> /builddir/build/BUILD/guile-2.0.2/libguile/arrays.c:912: overrun-local: Overrunning static array "tag", with 80 elements, at position 80 with index variable "tag_len".

Nasty, a read-time buffer overflow.  Fixed.

> Error: OVERRUN_STATIC:
> /builddir/build/BUILD/guile-2.0.2/libguile/hashtab.c:279: overrun-local: Overrunning static array "hashtable_size", with 25 elements, at position 25 with index variable "i".

Fixed.

> TError: RESOURCE_LEAK:
> /builddir/build/BUILD/guile-2.0.2/libguile/script.c:320: leaked_storage: Variable "nargv" going out of scope leaks the storage it points to.

Fixed, though it is a small thing.

> Error: RESOURCE_LEAK:
> /builddir/build/BUILD/guile-2.0.2/libguile/script.c:327: alloc_fn: Calling allocation function "script_read_arg".
> /builddir/build/BUILD/guile-2.0.2/libguile/script.c:330: leaked_storage: Variable "narg" going out of scope leaks the storage it points to.

I looked at it a little bit and couldn't find a nice way to fix this
leak.  Because it is small and only at startup, I am going to punt.

> Error: RESOURCE_LEAK:
> /builddir/build/BUILD/guile-2.0.2/libguile/posix.c:1342: alloc_fn: Calling allocation function "tmpfile".
> /builddir/build/BUILD/guile-2.0.2/libguile/posix.c:1344: leaked_storage: Variable "rv" going out of scope leaks the storage it points to.

Good one.  I filed a bug.

> Error: SIZEOF_MISMATCH:
> /builddir/build/BUILD/guile-2.0.2/libguile/bytevectors.c:256: suspicious_sizeof: Passing argument "24UL /* 3UL * sizeof (SCM) /*8*/ */" to function "scm_gc_malloc" and then casting the return value to "SCM" is suspicious.  Did you intend to use "sizeof(struct scm_unused_struct)" instead of "sizeof (SCM)" ?

This was fine, but unclear; I changed it.

> Error: UNUSED_VALUE:
> /builddir/build/BUILD/guile-2.0.2/libguile/read.c:411: returned_pointer: Pointer "tmp" returned by "scm_read_expression(port)" is never used.

Harmless, but fixed.

> Error: UNUSED_VALUE:
> /builddir/build/BUILD/guile-2.0.2/libguile/stacks.c:189: returned_pointer: Pointer "frame" returned by "scm_stack_ref(stack, scm_from_int64(len - 1UL))" is never used.

Harmless, but fixed.