You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ganesh Murthy (JIRA)" <ji...@apache.org> on 2018/11/30 16:53:00 UTC
[jira] [Resolved] (DISPATCH-1163) Coverity issues on master branch
[ https://issues.apache.org/jira/browse/DISPATCH-1163?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ganesh Murthy resolved DISPATCH-1163.
-------------------------------------
Resolution: Fixed
> Coverity issues on master branch
> ---------------------------------
>
> Key: DISPATCH-1163
> URL: https://issues.apache.org/jira/browse/DISPATCH-1163
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Container
> Affects Versions: 1.4.1
> Reporter: Ganesh Murthy
> Priority: Major
> Fix For: 1.5.0
>
>
> {noformat}
> Hi,
> Please find the latest report on new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
> 3 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
> New defect(s) Reported-by: Coverity Scan
> Showing 3 of 3 defect(s)
> ** CID 324907: Memory - corruptions (OVERRUN)
> /home/kgiusti/work/qpid-dispatch/src/router_core/connections.c: 1477 in qdr_attach_link_data_CT()
> ________________________________________________________________________________________________________
> *** CID 324907: Memory - corruptions (OVERRUN)
> /home/kgiusti/work/qpid-dispatch/src/router_core/connections.c: 1477 in qdr_attach_link_data_CT()
> 1471 // are assigned priorities in the order in which they are attached.
> 1472 int next_slot = core->data_links_by_mask_bit[conn->mask_bit].count ++;
> 1473 if (next_slot > QDR_MAX_PRIORITY) {
> 1474 qd_log(core->log, QD_LOG_ERROR, "Attempt to attach too many inter-router links for priority sheaf.");
> 1475 }
> 1476 link->priority = next_slot;
> >>> CID 324907: Memory - corruptions (OVERRUN)
> >>> Overrunning array "core->data_links_by_mask_bit[conn->mask_bit].links" of 10 8-byte elements at element index 10 (byte offset 80) using index "next_slot" (which evaluates to 10).
> 1477 core->data_links_by_mask_bit[conn->mask_bit].links[next_slot] = link;
> 1478 }
> 1479 }
> 1480
> 1481
> 1482 static void qdr_detach_link_data_CT(qdr_core_t *core, qdr_connection_t *conn, qdr_link_t *link)
> ** CID 324906: Incorrect expression (UNUSED_VALUE)
> /home/kgiusti/work/qpid-dispatch/src/message.c: 791 in qd_message_parse_priority()
> ________________________________________________________________________________________________________
> *** CID 324906: Incorrect expression (UNUSED_VALUE)
> /home/kgiusti/work/qpid-dispatch/src/message.c: 791 in qd_message_parse_priority()
> 785 qd_parsed_field_t *field = qd_parse(iter);
> 786 if (qd_parse_ok(field)) {
> 787 if (qd_parse_is_list(field) && qd_parse_sub_count(field) >= 2) {
> 788 qd_parsed_field_t *priority_field = qd_parse_sub_value(field, 1);
> 789 if (qd_parse_tag(priority_field) != QD_AMQP_NULL) {
> 790 uint32_t value = qd_parse_as_uint(priority_field);
> >>> CID 324906: Incorrect expression (UNUSED_VALUE)
> >>> Assigning value from "(value >= 10U) ? 9 : (uint8_t)(value & 0xffU)" to "content->priority" here, but that stored value is overwritten before it can be used.
> 791 content->priority = value >= QDR_N_PRIORITIES ? QDR_N_PRIORITIES - 1 : (uint8_t) (value & 0x00ff);
> 792 content->priority = value > QDR_MAX_PRIORITY ? QDR_MAX_PRIORITY : (uint8_t) (value & 0x00ff);
> 793 content->priority_present = true;
> 794 }
> 795 }
> 796 }
> ** CID 324905: Security best practices violations (DC.WEAK_CRYPTO)
> /home/kgiusti/work/qpid-dispatch/src/router_core/core_client_api.c: 156 in qdrc_client_CT()
> ________________________________________________________________________________________________________
> *** CID 324905: Security best practices violations (DC.WEAK_CRYPTO)
> /home/kgiusti/work/qpid-dispatch/src/router_core/core_client_api.c: 156 in qdrc_client_CT()
> 150 if (!client)
> 151 return NULL;
> 152
> 153 ZERO(client);
> 154 client->core = core;
> 155 client->correlations = qd_hash(6, 4, 0);
> >>> CID 324905: Security best practices violations (DC.WEAK_CRYPTO)
> >>> "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break.
> 156 client->next_cid = rand();
> 157 client->rx_credit_max = credit_window;
> 158 client->user_context = user_context;
> 159 client->on_state_cb = on_state_cb;
> 160 client->on_flow_cb = on_flow_cb;
> 161
> ________________________________________________________________________________________________________
> To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX1-2FDm2ydKRp2jKIMEChnF9qYjWDV40qhnoFf9KqJJs5gJ3gKShavCjMfPIUiT4tI2B_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKlmbivMjLmRupWWPbw4s8pJuDqBj40bfXa-2BmqxyHmnf0eDQMSBH6cu0RSxwXczXjjgNPMXQZUGQcXGcA3WtDUB6p3QqgtL4m8e-2BSGh9K8vMCtW3am2nFIE1Lbf8nE95-2FmDMaZWOOMGEPkfYE2-2BOiWAbfugrCv-2BO3SVj8V44LoE8Mg-3D-3D
> To manage Coverity Scan email notifications for "gmurthy@redhat.com", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4GT7ZJULeBsdRIGSsmCGK3QgA2CDXnZgZ8-2FWGYmnExRLcco6O6snRtSPKudValmBAwINi3CN-2FlFC5he5SY5w85-2BEKaU-2FEfQJ1S-2BAvMeHNTnE-3D_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKlmbivMjLmRupWWPbw4s8pJGEbgcj4tgDiH6S3i9TtZ3xugsIHFbE9FvdpmoEQ2kYdFR8bB9M98VS1yhkSB01zzCgTEoXwSXPChOYOnSMKEyfajo1k47bHwRlPQSSs5Do9D0ia5TQMh4SpOX9CT4Zj7OW6Gz77uHKuEjuI7aZSpVA-3D-3D
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org