From 84c586f1f1d8bd102928f3ae95d1d1185a59de8f Mon Sep 17 00:00:00 2001

From: Douglas Gilbert <dgilbert@interlog.com>

Date: Wed, 19 Jan 2022 19:12:36 +0000

Subject: [PATCH] round of coverity identified issue fixes (and non-issues)

git-svn-id: https://svn.bingwo.ca/repos/sg3_utils/trunk@931 6180dd3e-e324-4e3e-922d-17de1ae2f315

diff --git a/lib/sg_cmds_basic.c b/lib/sg_cmds_basic.c

index e177354..92dd102 100644

--- a/lib/sg_cmds_basic.c

+++ b/lib/sg_cmds_basic.c

@@ -192,7 +192,6 @@ int

 sg_cmds_process_resp(struct sg_pt_base * ptvp, const char * leadin,

                      int pt_res, bool noisy, int verbose, int * o_sense_cat)

 {

-    bool favour_sense;

     int cat, slen, sstat, req_din_x, req_dout_x;

     int act_din_x, act_dout_x;

     const uint8_t * sbp;

@@ -323,19 +322,23 @@ sg_cmds_process_resp(struct sg_pt_base * ptvp, const char * leadin,

             get_scsi_pt_transport_err_str(ptvp, sizeof(b), b);

             pr2ws("%s: transport: %s\n", leadin, b);

         }

-        /* Shall we favour sense data over a transport error (given both) */

 #ifdef SG_LIB_LINUX

-        favour_sense = false; /* DRIVER_SENSE is not passed through */

+        return -1;      /* DRIVER_SENSE is not passed through */

 #else

-        favour_sense = ((SAM_STAT_CHECK_CONDITION ==

-                            get_scsi_pt_status_response(ptvp)) && (slen > 0));

+        /* Shall we favour sense data over a transport error (given both) */

+        {

+            bool favour_sense = ((SAM_STAT_CHECK_CONDITION ==

+                    get_scsi_pt_status_response(ptvp)) && (slen > 0));

+

+            if (favour_sense)

+                return sg_cmds_process_helper(leadin, req_din_x, act_din_x,

+                                              req_dout_x, act_dout_x, sbp,

+                                              slen, noisy, verbose,

+                                              o_sense_cat);

+            else

+                return -1;

+        }

 #endif

-        if (favour_sense)

-            return sg_cmds_process_helper(leadin, req_din_x, act_din_x,

-                                          req_dout_x, act_dout_x, sbp, slen,

-                                          noisy, verbose, o_sense_cat);

-        else

-            return -1;

     case SCSI_PT_RESULT_OS_ERR:

         if (verbose || noisy) {

             get_scsi_pt_os_err_str(ptvp, sizeof(b), b);

diff --git a/lib/sg_cmds_extra.c b/lib/sg_cmds_extra.c

index 7d4f453..bacb033 100644

--- a/lib/sg_cmds_extra.c

+++ b/lib/sg_cmds_extra.c

@@ -1807,6 +1807,7 @@ sg_ll_ata_pt(int sg_fd, const uint8_t * cdbp, int cdb_len,

     int k, res, slen, duration;

     int ret = -1;

     uint8_t apt_cdb[ATA_PT_32_CMDLEN];

+    uint8_t incoming_apt_cdb[ATA_PT_32_CMDLEN];

     uint8_t sense_b[SENSE_BUFF_LEN] = {0};

     uint8_t * sp;

     const uint8_t * bp;

@@ -1815,18 +1816,25 @@ sg_ll_ata_pt(int sg_fd, const uint8_t * cdbp, int cdb_len,

     char b[256];

     memset(apt_cdb, 0, sizeof(apt_cdb));

+    memset(incoming_apt_cdb, 0, sizeof(incoming_apt_cdb));

+    if (NULL == cdbp) {

+        if (vb)

+            pr2ws("NULL cdb pointer\n");

+        return -1;

+    }

+    memcpy(incoming_apt_cdb, cdbp, cdb_len);

     b[0] = '\0';

     switch (cdb_len) {

     case 12:

         cnamep = "ATA pass-through(12)";

         apt_cdb[0] = ATA_PT_12_CMD;

-        memcpy(apt_cdb + 1, cdbp + 1,  10);

+        memcpy(apt_cdb + 1, incoming_apt_cdb + 1,  10);

         /* control byte at cdb[11] left at zero */

         break;

     case 16:

         cnamep = "ATA pass-through(16)";

         apt_cdb[0] = ATA_PT_16_CMD;

-        memcpy(apt_cdb + 1, cdbp + 1,  14);

+        memcpy(apt_cdb + 1, incoming_apt_cdb + 1,  14);

         /* control byte at cdb[15] left at zero */

         break;

     case 32:

@@ -1835,17 +1843,12 @@ sg_ll_ata_pt(int sg_fd, const uint8_t * cdbp, int cdb_len,

         /* control byte at cdb[1] left at zero */

         apt_cdb[7] = 0x18;    /* length starting at next byte */

         sg_put_unaligned_be16(ATA_PT_32_SA, apt_cdb + 8);

-        memcpy(apt_cdb + 10, cdbp + 10,  32 - 10);

+        memcpy(apt_cdb + 10, incoming_apt_cdb + 10,  32 - 10);

         break;

     default:

         pr2ws("cdb_len must be 12, 16 or 32\n");

         return -1;

     }

-    if (NULL == cdbp) {

-        if (vb)

-            pr2ws("%s NULL cdb pointer\n", cnamep);

-        return -1;

-    }

     if (sensep && (max_sense_len >= (int)sizeof(sense_b))) {

         sp = sensep;

         slen = max_sense_len;

diff --git a/lib/sg_lib.c b/lib/sg_lib.c

index 35f0fbd..1b267e4 100644

--- a/lib/sg_lib.c

+++ b/lib/sg_lib.c

@@ -3556,16 +3556,15 @@ sg_f2hex_arr(const char * fname, bool as_binary, bool no_space,

         k = read(fd, mp_arr, max_arr_len);

         if (k <= 0) {

             if (0 == k) {

-                ret = SG_LIB_SYNTAX_ERROR;

+                ret = SG_LIB_FILE_ERROR;

                 pr2ws("read 0 bytes from binary file %s\n", fname);

             } else {

                 ret = sg_convert_errno(errno);

                 pr2ws("read from binary file %s: %s\n", fname,

                         safe_strerror(errno));

             }

-            goto bin_fini;

-        }

-        if ((0 == fstat(fd, &a_stat)) && S_ISFIFO(a_stat.st_mode)) {

+        } else if ((k < max_arr_len) && (0 == fstat(fd, &a_stat)) &&

+                   S_ISFIFO(a_stat.st_mode)) {

             /* pipe; keep reading till error or 0 read */

             while (k < max_arr_len) {

                 m = read(fd, mp_arr + k, max_arr_len - k);

@@ -3576,13 +3575,13 @@ sg_f2hex_arr(const char * fname, bool as_binary, bool no_space,

                     pr2ws("read from binary pipe %s: %s\n", fname,

                             safe_strerror(err));

                     ret = sg_convert_errno(err);

-                    goto bin_fini;

+                    break;

                 }

                 k += m;

             }

         }

-        *mp_arr_len = k;

-bin_fini:

+        if (k >= 0)

+            *mp_arr_len = k;

         if ((fd >= 0) && (! has_stdin))

             close(fd);

         return ret;

@@ -3623,9 +3622,17 @@ sg_f2hex_arr(const char * fname, bool as_binary, bool no_space,

             if (isxdigit(line[0])) {

                 carry_over[1] = line[0];

                 carry_over[2] = '\0';

-                if (1 == sscanf(carry_over, "%4x", &h))

-                    mp_arr[off - 1] = h;       /* back up and overwrite */

-                else {

+                if (1 == sscanf(carry_over, "%4x", &h)) {

+                    if (off > 0) {

+                        if (off > max_arr_len) {

+                            pr2ws("%s: array length exceeded\n", __func__);

+                            ret = SG_LIB_LBA_OUT_OF_RANGE;

+                            *mp_arr_len = max_arr_len;

+                            goto fini;

+                        } else

+                            mp_arr[off - 1] = h; /* back up and overwrite */

+                    }

+                } else {

                     pr2ws("%s: carry_over error ['%s'] around line %d\n",

                             __func__, carry_over, j + 1);

                     ret = SG_LIB_SYNTAX_ERROR;

@@ -3667,8 +3674,8 @@ sg_f2hex_arr(const char * fname, bool as_binary, bool no_space,

                     *mp_arr_len = max_arr_len;

                     ret = SG_LIB_LBA_OUT_OF_RANGE;

                     goto fini;

-                }

-                mp_arr[off + k] = h;

+                } else

+                    mp_arr[off + k] = h;

             }

             if (isxdigit(*lcp) && (! isxdigit(*(lcp + 1))))

                 carry_over[0] = *lcp;

@@ -3692,8 +3699,8 @@ sg_f2hex_arr(const char * fname, bool as_binary, bool no_space,

                         ret = SG_LIB_LBA_OUT_OF_RANGE;

                         *mp_arr_len = max_arr_len;

                         goto fini;

-                    }

-                    mp_arr[off + k] = h;

+                    } else

+                        mp_arr[off + k] = h;

                     lcp = strpbrk(lcp, " ,\t");

                     if (NULL == lcp)

                         break;

@@ -3766,7 +3773,11 @@ uint32_t

 sg_get_page_size(void)

 {

 #if defined(HAVE_SYSCONF) && defined(_SC_PAGESIZE)

-    return (uint32_t)sysconf(_SC_PAGESIZE); /* POSIX.1 (was getpagesize()) */

+    {

+        long res = sysconf(_SC_PAGESIZE);   /* POSIX.1 (was getpagesize()) */

+

+        return (res <= 0) ? 4096 : res;

+    }

 #elif defined(SG_LIB_WIN32)

     static bool got_page_size = false;

     static uint32_t win_page_size;

diff --git a/src/sg_dd.c b/src/sg_dd.c

index 2fa3750..65f7698 100644

--- a/src/sg_dd.c

+++ b/src/sg_dd.c

@@ -85,6 +85,8 @@ static const char * version_str = "6.31 20211114";

 #define DEF_BLOCKS_PER_2048TRANSFER 32

 #define DEF_SCSI_CDBSZ 10

 #define MAX_SCSI_CDBSZ 16

+#define MAX_BPT_VALUE (1 << 24)         /* used for maximum bs as well */

+#define MAX_COUNT_SKIP_SEEK (1LL << 48) /* coverity wants upper bound */

 #define DEF_MODE_CDB_SZ 10

 #define DEF_MODE_RESP_LEN 252

@@ -1848,15 +1850,16 @@ main(int argc, char * argv[])

             bpt_given = true;

         } else if (0 == strcmp(key, "bs")) {

             blk_sz = sg_get_num(buf);

-            bpt_given = true;

-        } else if (0 == strcmp(key, "bs")) {

-            blk_sz = sg_get_num(buf);

-            if (-1 == blk_sz) {

+            if ((blk_sz < 0) || (blk_sz > MAX_BPT_VALUE)) {

                 pr2serr(ME "bad argument to 'bs='\n");

                 return SG_LIB_SYNTAX_ERROR;

             }

         } else if (0 == strcmp(key, "cdbsz")) {

             iflag.cdbsz = sg_get_num(buf);

+            if ((iflag.cdbsz < 6) || (iflag.cdbsz > 32)) {

+                pr2serr(ME "'cdbsz' expects 6, 10, 12, 16 or 32\n");

+                return SG_LIB_SYNTAX_ERROR;

+            }

             oflag.cdbsz = iflag.cdbsz;

             cdbsz_given = true;

         } else if (0 == strcmp(key, "cdl")) {

@@ -1894,7 +1897,7 @@ main(int argc, char * argv[])

         } else if (0 == strcmp(key, "count")) {

             if (0 != strcmp("-1", buf)) {

                 dd_count = sg_get_llnum(buf);

-                if (-1LL == dd_count) {

+                if ((dd_count < 0) || (dd_count > MAX_COUNT_SKIP_SEEK)) {

                     pr2serr(ME "bad argument to 'count='\n");

                     return SG_LIB_SYNTAX_ERROR;

                 }

@@ -1906,9 +1909,13 @@ main(int argc, char * argv[])

             t = sg_get_num(buf);

             oflag.fua = !! (t & 1);

             iflag.fua = !! (t & 2);

-        } else if (0 == strcmp(key, "ibs"))

+        } else if (0 == strcmp(key, "ibs")) {

             ibs = sg_get_num(buf);

-        else if (strcmp(key, "if") == 0) {

+            if ((ibs < 0) || (ibs > MAX_BPT_VALUE)) {

+                pr2serr(ME "bad argument to 'ibs='\n");

+                return SG_LIB_SYNTAX_ERROR;

+            }

+        } else if (strcmp(key, "if") == 0) {

             if ('\0' != inf[0]) {

                 pr2serr("Second IFILE argument??\n");

                 return SG_LIB_SYNTAX_ERROR;

@@ -1921,9 +1928,13 @@ main(int argc, char * argv[])

                 pr2serr(ME "bad argument to 'iflag='\n");

                 return SG_LIB_SYNTAX_ERROR;

             }

-        } else if (0 == strcmp(key, "obs"))

+        } else if (0 == strcmp(key, "obs")) {

             obs = sg_get_num(buf);

-        else if (0 == strcmp(key, "odir")) {

+            if ((obs < 0) || (obs > MAX_BPT_VALUE)) {

+                pr2serr(ME "bad argument to 'obs='\n");

+                return SG_LIB_SYNTAX_ERROR;

+            }

+        } else if (0 == strcmp(key, "odir")) {

             iflag.direct = !! sg_get_num(buf);

             oflag.direct = iflag.direct;

         } else if (strcmp(key, "of") == 0) {

@@ -1956,13 +1967,13 @@ main(int argc, char * argv[])

             }

         } else if (0 == strcmp(key, "seek")) {

             seek = sg_get_llnum(buf);

-            if (-1LL == seek) {

+            if ((seek < 0) || (seek > MAX_COUNT_SKIP_SEEK)) {

                 pr2serr(ME "bad argument to 'seek='\n");

                 return SG_LIB_SYNTAX_ERROR;

             }

         } else if (0 == strcmp(key, "skip")) {

             skip = sg_get_llnum(buf);

-            if (-1LL == skip) {

+            if ((skip < 0) || (skip > MAX_COUNT_SKIP_SEEK)) {

                 pr2serr(ME "bad argument to 'skip='\n");

                 return SG_LIB_SYNTAX_ERROR;

             }

@@ -2080,8 +2091,8 @@ main(int argc, char * argv[])

         pr2serr("Can't use both append and seek switches\n");

         return SG_LIB_CONTRADICT;

     }

-    if (bpt < 1) {

-        pr2serr("bpt must be greater than 0\n");

+    if ((bpt < 1) || (bpt > MAX_BPT_VALUE)) {

+        pr2serr("bpt must be > 0 and <= %d\n", MAX_BPT_VALUE);

         return SG_LIB_SYNTAX_ERROR;

     }

     if (iflag.sparse)

diff --git a/src/sg_logs.c b/src/sg_logs.c

index 694ee6e..de5d339 100644

--- a/src/sg_logs.c

+++ b/src/sg_logs.c

@@ -669,8 +673,8 @@ get_vp_mask(int vpn)

     if (vpn < 0)

         return 0;

     else

-        return (vpn > (32 - MVP_OFFSET)) ?  OVP_ALL :

-                                            (1 << (vpn + MVP_OFFSET));

+        return (vpn >= (32 - MVP_OFFSET)) ?  OVP_ALL :

+                                             (1 << (vpn + MVP_OFFSET));

 }

 static int

diff --git a/src/sg_map26.c b/src/sg_map26.c

index 3fca019..2ea8d69 100644

--- a/src/sg_map26.c

+++ b/src/sg_map26.c

@@ -396,7 +396,7 @@ list_matching_nodes(const char * dir_name, int file_type, int majj, int minn,

 }

 struct sg_item_t {

-        char name[NAME_LEN_MAX];

+        char name[NAME_LEN_MAX + 2];

         int ft;

         int nt;

         int d_type;

diff --git a/src/sg_modes.c b/src/sg_modes.c

index 47062b1..c0fc87f 100644

--- a/src/sg_modes.c

+++ b/src/sg_modes.c

@@ -790,6 +790,9 @@ dStrRaw(const uint8_t * str, int len)

         printf("%c", str[k]);

 }

+/* Note to coverity: this function is safe as long as the page_code_desc

+ * objects pointed to by pcdp have a sentinel object at the end of each

+ * array. And they do by design.*/

 static int

 count_desc_elems(const struct page_code_desc * pcdp)

 {

diff --git a/src/sg_persist.c b/src/sg_persist.c

index e779fe4..872f16e 100644

--- a/src/sg_persist.c

+++ b/src/sg_persist.c

@@ -1279,7 +1279,9 @@ main(int argc, char * argv[])

             flagged = true;

             goto fini;

         }

-        sg_cmds_close_device(sg_fd);

+        res = sg_cmds_close_device(sg_fd);

+        if (res < 0)

+            pr2serr("%s: sg_cmds_close_device() failed res=%d\n", ME, res);

     }

     if (! op->readwrite_force) {

diff --git a/src/sg_raw.c b/src/sg_raw.c

index 9cfa19c..453a85a 100644

--- a/src/sg_raw.c

+++ b/src/sg_raw.c

@@ -323,7 +323,7 @@ parse_cmd_line(struct opts_t * op, int argc, char *argv[])

             return SG_LIB_SYNTAX_ERROR;

         }

-        if (op->cdb_length > MAX_SCSI_CDBSZ) {

+        if (op->cdb_length >= MAX_SCSI_CDBSZ) {

             pr2serr("CDB too long (max. %d bytes)\n", MAX_SCSI_CDBSZ);

             return SG_LIB_SYNTAX_ERROR;

         }

diff --git a/src/sg_read.c b/src/sg_read.c

index 628e0d8..a4f7cee 100644

--- a/src/sg_read.c

+++ b/src/sg_read.c

@@ -58,12 +58,14 @@

 #include "sg_pr2serr.h"

-static const char * version_str = "1.36 20191220";

+static const char * version_str = "1.38 20220118";

 #define DEF_BLOCK_SIZE 512

 #define DEF_BLOCKS_PER_TRANSFER 128

 #define DEF_SCSI_CDBSZ 10

 #define MAX_SCSI_CDBSZ 16

+#define MAX_BPT_VALUE (1 << 24)         /* used for maximum bs as well */

+#define MAX_COUNT_SKIP_SEEK (1LL << 48) /* coverity wants upper bound */

 #define ME "sg_read: "

@@ -456,30 +458,35 @@ main(int argc, char * argv[])

             do_blk_sgio = !! sg_get_num(buf);

         else if (0 == strcmp(key,"bpt")) {

             bpt = sg_get_num(buf);

-            if (-1 == bpt) {

+            if ((bpt < 0) || (bpt > MAX_BPT_VALUE)) {

                 pr2serr( ME "bad argument to 'bpt'\n");

                 return SG_LIB_SYNTAX_ERROR;

             }

         } else if (0 == strcmp(key,"bs")) {

             bs = sg_get_num(buf);

-            if (-1 == bs) {

+            if ((bs < 0) || (bs > MAX_BPT_VALUE)) {

                 pr2serr( ME "bad argument to 'bs'\n");

                 return SG_LIB_SYNTAX_ERROR;

             }

-        } else if (0 == strcmp(key,"cdbsz"))

+        } else if (0 == strcmp(key,"cdbsz")) {

             scsi_cdbsz = sg_get_num(buf);

-        else if (0 == strcmp(key,"count")) {

+            if ((scsi_cdbsz < 0) || (scsi_cdbsz > 32)) {

+                pr2serr( ME "bad argument to 'cdbsz', expect 6, 10, 12, 16 "

+                        "or 32\n");

+                return SG_LIB_SYNTAX_ERROR;

+            }

+        } else if (0 == strcmp(key,"count")) {

             count_given = true;

             if ('-' == *buf) {

                 dd_count = sg_get_llnum(buf + 1);

-                if (-1 == dd_count) {

+                if ((dd_count < 0) || (dd_count > MAX_COUNT_SKIP_SEEK)) {

                     pr2serr( ME "bad argument to 'count'\n");

                     return SG_LIB_SYNTAX_ERROR;

                 }

                 dd_count = - dd_count;

             } else {

                 dd_count = sg_get_llnum(buf);

-                if (-1 == dd_count) {

+                if ((dd_count < 0) || (dd_count > MAX_COUNT_SKIP_SEEK)) {

                     pr2serr( ME "bad argument to 'count'\n");

                     return SG_LIB_SYNTAX_ERROR;

                 }

@@ -504,7 +511,7 @@ main(int argc, char * argv[])

             outf[INF_SZ - 1] = '\0';

         } else if (0 == strcmp(key,"skip")) {

             skip = sg_get_llnum(buf);

-            if (-1 == skip) {

+            if ((skip < 0) || (skip > MAX_COUNT_SKIP_SEEK)) {

                 pr2serr( ME "bad argument to 'skip'\n");

                 return SG_LIB_SYNTAX_ERROR;

             }

diff --git a/src/sg_read_buffer.c b/src/sg_read_buffer.c

index 93c32a5..01a79c3 100644

--- a/src/sg_read_buffer.c

+++ b/src/sg_read_buffer.c

@@ -483,7 +483,10 @@ main(int argc, char * argv[])

             do_long = true;

             break;

         case 'm':

-            if (isdigit((uint8_t)*optarg)) {

+            if (NULL == optarg) {

+                pr2serr("bad argument to '--mode'\n");

+                return SG_LIB_SYNTAX_ERROR;

+            } else if (isdigit((uint8_t)*optarg)) {

                 rb_mode = sg_get_num(optarg);

                 if ((rb_mode < 0) || (rb_mode > 31)) {

                     pr2serr("argument to '--mode' should be in the range 0 "

diff --git a/src/sg_sat_phy_event.c b/src/sg_sat_phy_event.c

index 9b1f588..090ecf7 100644

--- a/src/sg_sat_phy_event.c

+++ b/src/sg_sat_phy_event.c

@@ -154,15 +154,17 @@ dStrRaw(const uint8_t * str, int len)

 }

 /* ATA READ LOG EXT command [2Fh, PIO data-in] */

-/* N.B. "log_addr" is the log page number, "page_in_log" is usually false */

+/* N.B. "log_addr" is the log page number, "page_in_log" is usually 0 */

 static int

-do_read_log_ext(int sg_fd, int log_addr, bool page_in_log, int feature,

+do_read_log_ext(int sg_fd, int log_addr, int page_in_log, int feature,

                 int blk_count, void * resp, int mx_resp_len, int cdb_len,

                 bool ck_cond, bool extend, int do_hex, bool do_raw,

                 int verbose)

 {

     /* Following for ATA READ/WRITE MULTIPLE (EXT) cmds, normally 0 */

+#if 0

     bool t_type = false;/* false -> 512 byte LBs, true -> device's LB size */

+#endif

     bool t_dir = true;  /* false -> to device, 1 -> from device */

     bool byte_block = true; /* false -> bytes, true -> 512 byte blocks (if

                                t_type=false) */

@@ -205,8 +207,10 @@ do_read_log_ext(int sg_fd, int log_addr, bool page_in_log, int feature,

         apt_cdb[2] = t_length;

         if (ck_cond)

             apt_cdb[2] |= 0x20;

+#if 0

         if (t_type)

             apt_cdb[2] |= 0x10;

+#endif

         if (t_dir)

             apt_cdb[2] |= 0x8;

         if (byte_block)

@@ -226,8 +230,10 @@ do_read_log_ext(int sg_fd, int log_addr, bool page_in_log, int feature,

         apt12_cdb[2] = t_length;

         if (ck_cond)

             apt12_cdb[2] |= 0x20;

+#if 0

         if (t_type)

             apt12_cdb[2] |= 0x10;

+#endif

         if (t_dir)

             apt12_cdb[2] |= 0x8;

         if (byte_block)

@@ -487,7 +493,7 @@ int main(int argc, char * argv[])

         return sg_convert_errno(err);

     }

     ret = do_read_log_ext(sg_fd, SATA_PHY_EVENT_LPAGE,

-                          false /* page_in_log */,

+                          0 /* page_in_log */,

                           (reset ? 1 : 0) /* feature */,

                           1 /* blk_count */, inBuff,

                           READ_LOG_EXT_RESPONSE_LEN, cdb_len, ck_cond,

diff --git a/src/sg_scan_linux.c b/src/sg_scan_linux.c

index 7354ad4..c04206a 100644

--- a/src/sg_scan_linux.c

+++ b/src/sg_scan_linux.c

@@ -203,6 +203,7 @@ int main(int argc, char * argv[])

         printf(ME "Out of memory\n");

         return SG_LIB_CAT_OTHER;

     }

+    strcpy(fname, "<null>");

     for (k = 1, j = 0; k < argc; ++k) {

         cp = argv[k];

diff --git a/src/sg_stpg.c b/src/sg_stpg.c

index e57b13c..a12b5ca 100644

--- a/src/sg_stpg.c

+++ b/src/sg_stpg.c

@@ -142,15 +142,14 @@ dStrRaw(const uint8_t * str, int len)

 static int

 decode_target_port(uint8_t * buff, int len, int *d_id, int *d_tpg)

 {

-    int c_set, assoc, desig_type, i_len;

-    int off, u;

+    int c_set, assoc, desig_type, i_len, off;

     const uint8_t * bp;

     const uint8_t * ip;

     *d_id = -1;

     *d_tpg = -1;

     off = -1;

-    while ((u = sg_vpd_dev_id_iter(buff, len, &off, -1, -1, -1)) == 0) {

+    while (sg_vpd_dev_id_iter(buff, len, &off, -1, -1, -1) == 0) {

         bp = buff + off;

         i_len = bp[3];

         if ((off + i_len + 4) > len) {

diff --git a/src/sg_vpd.c b/src/sg_vpd.c

index 0ca6303..1a74af5 100644

--- a/src/sg_vpd.c

+++ b/src/sg_vpd.c

@@ -755,6 +755,7 @@ decode_dev_ids_quiet(uint8_t * buff, int len, int m_assoc,

     uint8_t sas_tport_addr[8];

     rtp = 0;

+    u = 0;

     memset(sas_tport_addr, 0, sizeof(sas_tport_addr));

     for (k = 0, off = -1; true; ++k) {

         if ((0 == k) && (0 != buff[2])) {

diff --git a/src/sg_xcopy.c b/src/sg_xcopy.c

index 4307668..39ad83c 100644

--- a/src/sg_xcopy.c

+++ b/src/sg_xcopy.c

@@ -306,7 +306,7 @@ open_sg(struct xcopy_fp_t * fp, int vb)

     int devmajor, devminor, offset;

     struct sg_simple_inquiry_resp sir;

     char ebuff[EBUFF_SZ];

-    int len;

+    int len, res;

     devmajor = major(fp->devno);

     devminor = minor(fp->devno);

@@ -344,7 +344,9 @@ open_sg(struct xcopy_fp_t * fp, int vb)

     }

     if (sg_simple_inquiry(fp->sg_fd, &sir, false, vb)) {

         pr2serr("INQUIRY failed on %s\n", ebuff);

-        sg_cmds_close_device(fp->sg_fd);

+        res = sg_cmds_close_device(fp->sg_fd);

+        if (res < 0)

+            pr2serr("sg_cmds_close_device() failed as well\n");

         fp->sg_fd = -1;

         return -1;

     }

@@ -1024,7 +1026,7 @@ desc_from_vpd_id(int sg_fd, uint8_t *desc, int desc_len,

     int res, verb;

     uint8_t rcBuff[256], *bp, *best = NULL;

     unsigned int len = 254;

-    int off = -1, u, i_len, best_len = 0, assoc, desig, f_desig = 0;

+    int off = -1, i_len, best_len = 0, assoc, desig, f_desig = 0;

     char b[80];

     verb = (verbose ? verbose - 1: 0);

@@ -1060,8 +1062,7 @@ desc_from_vpd_id(int sg_fd, uint8_t *desc, int desc_len,

         hex2stderr(rcBuff, len, 1);

     }

-    while ((u = sg_vpd_dev_id_iter(rcBuff + 4, len - 4, &off, 0, -1, -1)) ==

-           0) {

+    while (sg_vpd_dev_id_iter(rcBuff + 4, len - 4, &off, 0, -1, -1) == 0) {

         bp = rcBuff + 4 + off;

         i_len = bp[3];

         if (((unsigned int)off + i_len + 4) > len) {

diff --git a/src/sgm_dd.c b/src/sgm_dd.c

index e95fca9..aa656b3 100644

--- a/src/sgm_dd.c

+++ b/src/sgm_dd.c

@@ -69,13 +69,15 @@

 #include "sg_pr2serr.h"

-static const char * version_str = "1.17 20211024";

+static const char * version_str = "1.19 20220118";

 #define DEF_BLOCK_SIZE 512

 #define DEF_BLOCKS_PER_TRANSFER 128

 #define DEF_BLOCKS_PER_2048TRANSFER 32

 #define DEF_SCSI_CDBSZ 10

 #define MAX_SCSI_CDBSZ 16

+#define MAX_BPT_VALUE (1 << 24)         /* used for maximum bs as well */

+#define MAX_COUNT_SKIP_SEEK (1LL << 48) /* coverity wants upper bound */

 #define ME "sgm_dd: "

@@ -795,6 +797,10 @@ main(int argc, char * argv[])

             }

         } else if (0 == strcmp(key,"cdbsz")) {

             scsi_cdbsz_in = sg_get_num(buf);

+            if ((scsi_cdbsz_in < 6) || (scsi_cdbsz_in > 32)) {

+                pr2serr(ME "'cdbsz' expects 6, 10, 12, 16 or 32\n");

+                return SG_LIB_SYNTAX_ERROR;

+            }

             scsi_cdbsz_out = scsi_cdbsz_in;

             cdbsz_given = true;

         } else if (0 == strcmp(key,"coe")) {

@@ -803,7 +809,7 @@ main(int argc, char * argv[])

         } else if (0 == strcmp(key,"count")) {

             if (0 != strcmp("-1", buf)) {

                 dd_count = sg_get_llnum(buf);

-                if (-1LL == dd_count) {

+                if ((dd_count < 0) || (dd_count > MAX_COUNT_SKIP_SEEK)) {

                     pr2serr(ME "bad argument to 'count'\n");

                     return SG_LIB_SYNTAX_ERROR;

                 }

@@ -818,7 +824,7 @@ main(int argc, char * argv[])

                 in_flags.fua = true;

         } else if (0 == strcmp(key,"ibs")) {

             ibs = sg_get_num(buf);

-            if (-1 == ibs) {

+            if ((ibs < 0) || (ibs > MAX_BPT_VALUE)) {

                 pr2serr(ME "bad argument to 'ibs'\n");

                 return SG_LIB_SYNTAX_ERROR;

             }

@@ -850,19 +856,19 @@ main(int argc, char * argv[])

             }

         } else if (0 == strcmp(key,"obs")) {

             obs = sg_get_num(buf);

-            if (-1 == obs) {

+            if ((obs < 0) || (obs > MAX_BPT_VALUE)) {

                 pr2serr(ME "bad argument to 'obs'\n");

                 return SG_LIB_SYNTAX_ERROR;

             }

         } else if (0 == strcmp(key,"seek")) {

             seek = sg_get_llnum(buf);

-            if (-1LL == seek) {

+            if ((seek < 0) || (seek > MAX_COUNT_SKIP_SEEK)) {

                 pr2serr(ME "bad argument to 'seek'\n");

                 return SG_LIB_SYNTAX_ERROR;

             }

         } else if (0 == strcmp(key,"skip")) {

             skip = sg_get_llnum(buf);

-            if (-1LL == skip) {

+            if ((skip < 0) || (skip > MAX_COUNT_SKIP_SEEK)) {

                 pr2serr(ME "bad argument to 'skip'\n");

                 return SG_LIB_SYNTAX_ERROR;

             }

@@ -955,8 +961,8 @@ main(int argc, char * argv[])

         pr2serr("Can't use both append and seek switches\n");

         return SG_LIB_CONTRADICT;

     }

-    if (bpt < 1) {

-        pr2serr("bpt must be greater than 0\n");

+    if ((bpt < 1) || (bpt > MAX_BPT_VALUE)) {

+        pr2serr("bpt must be > 0 and <= %d\n", MAX_BPT_VALUE);

         return SG_LIB_SYNTAX_ERROR;

     }

     /* defaulting transfer size to 128*2048 for CD/DVDs is too large

diff --git a/src/sgp_dd.c b/src/sgp_dd.c

index b71bf7b..a36d9d0 100644

--- a/src/sgp_dd.c

+++ b/src/sgp_dd.c

@@ -85,13 +85,15 @@

 #include "sg_pr2serr.h"

-static const char * version_str = "5.83 20211105";

+static const char * version_str = "5.84 20220118";

 #define DEF_BLOCK_SIZE 512

 #define DEF_BLOCKS_PER_TRANSFER 128

 #define DEF_BLOCKS_PER_2048TRANSFER 32

 #define DEF_SCSI_CDBSZ 10

 #define MAX_SCSI_CDBSZ 16

+#define MAX_BPT_VALUE (1 << 24)         /* used for maximum bs as well */

+#define MAX_COUNT_SKIP_SEEK (1LL << 48) /* coverity wants upper bound */

 #define SENSE_BUFF_LEN 64       /* Arbitrary, could be larger */

@@ -370,13 +372,15 @@ thread_exit_handler(int sig)

 static char *