You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2018/06/29 16:00:00 UTC
[jira] [Commented] (DISPATCH-1058) Fix leaks/other code issues
found by Coverity
[ https://issues.apache.org/jira/browse/DISPATCH-1058?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16527868#comment-16527868 ]
ASF subversion and git services commented on DISPATCH-1058:
-----------------------------------------------------------
Commit 9a48334eb32c261b527db1920a574dc5998f27b6 in qpid-dispatch's branch refs/heads/master from [~ganeshmurthy]
[ https://git-wip-us.apache.org/repos/asf?p=qpid-dispatch.git;h=9a48334 ]
DISPATCH-1058 - Memory leak fixes and other fixes found by Coverity
> Fix leaks/other code issues found by Coverity
> ----------------------------------------------
>
> Key: DISPATCH-1058
> URL: https://issues.apache.org/jira/browse/DISPATCH-1058
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Container
> Affects Versions: 1.1.0
> Reporter: Ganesh Murthy
> Assignee: Ganesh Murthy
> Priority: Major
> Fix For: 1.2.0
>
>
> {noformat}
> ________________________________________________________________________________________________________
> *** CID 294222: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/qpid-dispatch/src/policy.c: 293 in qd_policy_parse_tree()
> 287 if (!tree)
> 288 return NULL;
> 289
> 290 // make a writable, disposable copy of the csv string
> 291 char * dup = strdup(config_spec);
> 292 if (!dup)
> >>> CID 294222: Resource leaks (RESOURCE_LEAK)
> >>> Variable "tree" going out of scope leaks the storage it points to.
> 293 return NULL;
> 294 char * dupend = dup + strlen(dup);
> 295
> 296 char * pch = dup;
> 297 while (pch < dupend) {
> 298 // the tuple strings
> ** CID 294221: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/qpid-dispatch/tests/policy_test.c: 101 in test_link_name_tree_lookup()
> ________________________________________________________________________________________________________
> *** CID 294219: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/qpid-dispatch/src/router_core/forwarder.c: 810 in qdr_forward_link_balanced_CT()
> 804
> 805 qdr_connection_enqueue_work_CT(core, conn, work);
> 806
> 807 return true;
> 808 }
> 809
> >>> CID 294219: Resource leaks (RESOURCE_LEAK)
> >>> Variable "insert" going out of scope leaks the storage it points to.
> 810 return false;
> 811 }
> 812
> 813
> 814 //==================================================================================
> 815 // In-Thread API Functions
> ** CID 294218: (RESOURCE_LEAK)
> /home/kgiusti/work/qpid-dispatch/tests/parse_tree_tests.c: 77 in test_add_and_match_str()
> /home/kgiusti/work/qpid-dispatch/tests/parse_tree_tests.c: 80 in test_add_and_match_str()
> /home/kgiusti/work/qpid-dispatch/tests/parse_tree_tests.c: 83 in test_add_and_match_str()
> ________________________________________________________________________________________________________
> *** CID 294217: Null pointer dereferences (REVERSE_INULL)
> /home/kgiusti/work/qpid-dispatch/src/router_core/forwarder.c: 199 in qdr_forward_deliver_CT()
> 193
> 194 //
> 195 // We are dealing here only with link routed deliveries
> 196 // If the out_link has a connected link and if the out_link is an inter-router link, increment the global deliveries_transit
> 197 // If the out_link is a route container link, add to the global deliveries_egress
> 198 //
> >>> CID 294217: Null pointer dereferences (REVERSE_INULL)
> >>> Null-checking "out_link" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
> 199 if (out_link && out_link->connected_link) {
> 200 if (out_link->conn->role == QDR_ROLE_INTER_ROUTER) {
> 201 core->deliveries_transit++;
> 202 }
> 203 else {
> 204 core->deliveries_egress++;
> ** CID 294216: (USE_AFTER_FREE)
> /home/kgiusti/work/qpid-dispatch/src/router_core/transfer.c: 1028 in qdr_link_deliver_CT()
> ________________________________________________________________________________________________________
> *** CID 294216: (USE_AFTER_FREE)
> /home/kgiusti/work/qpid-dispatch/src/router_core/transfer.c: 1028 in qdr_link_deliver_CT()
> 1022 //
> 1023 // Deal with any delivery restrictions for this address.
> 1024 //
> 1025 if (addr && addr->router_control_only && link->link_type != QD_LINK_CONTROL) {
> 1026 qdr_delivery_release_CT(core, dlv);
> 1027 qdr_link_issue_credit_CT(core, link, 1, false);
> >>> CID 294216: (USE_AFTER_FREE)
> >>> Calling "qdr_delivery_decref_CT" dereferences freed pointer "dlv".
> 1028 qdr_delivery_decref_CT(core, dlv, "qdr_link_deliver_CT - removed from action on restricted access");
> 1029 } else {
> 1030 //
> 1031 // Give the action reference to the qdr_link_forward function. Don't decref/incref.
> 1032 //
> 1033 qdr_link_forward_CT(core, link, dlv, addr, more);
> /home/kgiusti/work/qpid-dispatch/src/router_core/transfer.c: 1028 in qdr_link_deliver_CT()
> 1022 //
> 1023 // Deal with any delivery restrictions for this address.
> 1024 //
> 1025 if (addr && addr->router_control_only && link->link_type != QD_LINK_CONTROL) {
> 1026 qdr_delivery_release_CT(core, dlv);
> 1027 qdr_link_issue_credit_CT(core, link, 1, false);
> >>> CID 294216: (USE_AFTER_FREE)
> >>> Passing freed pointer "dlv" as an argument to "qdr_delivery_decref_CT".
> 1028 qdr_delivery_decref_CT(core, dlv, "qdr_link_deliver_CT - removed from action on restricted access");
> 1029 } else {
> 1030 //
> 1031 // Give the action reference to the qdr_link_forward function. Don't decref/incref.
> 1032 //
> 1033 qdr_link_forward_CT(core, link, dlv, addr, more);
> ** CID 294215: Null pointer dereferences (REVERSE_INULL)
> /home/kgiusti/work/qpid-dispatch/src/server.c: 925 in handle()
> ________________________________________________________________________________________________________
> *** CID 294215: Null pointer dereferences (REVERSE_INULL)
> /home/kgiusti/work/qpid-dispatch/src/server.c: 925 in handle()
> 919 case PN_TRANSPORT_ERROR:
> 920 {
> 921 qd_increment_conn_index(ctx);
> 922
> 923 pn_transport_t *transport = pn_event_transport(e);
> 924 pn_condition_t* condition = transport ? pn_transport_condition(transport) : NULL;
> >>> CID 294215: Null pointer dereferences (REVERSE_INULL)
> >>> Null-checking "ctx" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
> 925 if (ctx && ctx->connector) { /* Outgoing connection */
> 926 const qd_server_config_t *config = &ctx->connector->config;
> 927 if (condition && pn_condition_is_set(condition)) {
> 928 qd_log(qd_server->log_source, QD_LOG_INFO, "Connection to %s failed: %s %s", config->host_port,
> 929 pn_condition_get_name(condition), pn_condition_get_description(condition));
> 930 } else {
> ** CID 294214: (RESOURCE_LEAK)
> /home/kgiusti/work/qpid-dispatch/tests/policy_test.c: 149 in test_link_name_csv_parser()
> /home/kgiusti/work/qpid-dispatch/tests/policy_test.c: 154 in test_link_name_csv_parser()
> /home/kgiusti/work/qpid-dispatch/tests/policy_test.c: 159 in test_link_name_csv_parser()
> /home/kgiusti/work/qpid-dispatch/tests/policy_test.c: 164 in test_link_name_csv_parser()
> /home/kgiusti/work/qpid-dispatch/tests/policy_test.c: 169 in test_link_name_csv_parser()
> /home/kgiusti/work/qpid-dispatch/tests/policy_test.c: 174 in test_link_name_csv_parser()
> ________________________________________________________________________________________________________
> *** CID 294213: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/qpid-dispatch/src/router_core/forwarder.c: 810 in qdr_forward_link_balanced_CT()
> 804
> 805 qdr_connection_enqueue_work_CT(core, conn, work);
> 806
> 807 return true;
> 808 }
> 809
> >>> CID 294213: Resource leaks (RESOURCE_LEAK)
> >>> Variable "strip" going out of scope leaks the storage it points to.
> 810 return false;
> 811 }
> 812
> 813
> 814 //==================================================================================
> 815 // In-Thread API Functions
> ** CID 294212: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/qpid-dispatch/tests/policy_test.c: 133 in test_link_name_tree_lookup()
> ________________________________________________________________________________________________________
> *** CID 294211: Null pointer dereferences (FORWARD_NULL)
> /home/kgiusti/work/qpid-dispatch/src/policy.c: 389 in qd_policy_open_lookup_user()
> 383 (PyObject *)policy->py_policy_manager,
> 384 username, hostip, vhost, conn_name, conn_id);
> 385 if (result) {
> 386 char *res_string = py_obj_2_c_string(result);
> 387 const size_t res_len = res_string ? strlen(res_string) : 0;
> 388 if (res_len < name_buf_size) {
> >>> CID 294211: Null pointer dereferences (FORWARD_NULL)
> >>> Passing null pointer "res_string" to "strcpy", which dereferences it.
> 389 strcpy(name_buf, res_string);
> 390 } else {
> 391 qd_log(policy->log_source, QD_LOG_ERROR,
> 392 "Internal: lookup_user: insufficient buffer for name");
> 393 }
> 394 Py_XDECREF(result);
> ________________________________________________________________________________________________________
>
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org