You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ganesh Murthy (JIRA)" <ji...@apache.org> on 2016/10/11 13:38:21 UTC
[jira] [Commented] (DISPATCH-526) Coverity scan reported memory
leaks in Qpid Dispatch 0.7.0
[ https://issues.apache.org/jira/browse/DISPATCH-526?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15565425#comment-15565425 ]
Ganesh Murthy commented on DISPATCH-526:
----------------------------------------
Hi,
Please find the latest report on new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
7 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)
** CID 137723: Memory - illegal accesses (USE_AFTER_FREE)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/router_core/transfer.c: 699 in qdr_update_delivery_CT()
________________________________________________________________________________________________________
*** CID 137723: Memory - illegal accesses (USE_AFTER_FREE)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/router_core/transfer.c: 699 in qdr_update_delivery_CT()
693 peer->peer = 0;
694 dlv->peer = 0;
695
696 qdr_delivery_decref(dlv);
697 qdr_delivery_decref(peer);
698
>>> CID 137723: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "peer".
699 if (peer->link) {
700 peer_moved = qdr_delivery_settled_CT(core, peer);
701 if (peer_moved)
702 push = true;
703 }
704 }
** CID 137722: (USE_AFTER_FREE)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/router_core/transfer.c: 706 in qdr_update_delivery_CT()
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/router_core/transfer.c: 663 in qdr_update_delivery_CT()
________________________________________________________________________________________________________
*** CID 137722: (USE_AFTER_FREE)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/router_core/transfer.c: 706 in qdr_update_delivery_CT()
700 peer_moved = qdr_delivery_settled_CT(core, peer);
701 if (peer_moved)
702 push = true;
703 }
704 }
705
>>> CID 137722: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "dlv".
706 if (dlv->link)
707 dlv_moved = qdr_delivery_settled_CT(core, dlv);
708 }
709
710 if (push)
711 qdr_delivery_push_CT(core, peer);
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/router_core/transfer.c: 663 in qdr_update_delivery_CT()
657 qd_message_free(msg);
658 }
659
660
661 static void qdr_update_delivery_CT(qdr_core_t *core, qdr_action_t *action, bool discard)
662 {
>>> CID 137722: (USE_AFTER_FREE)
>>> Assigning: "dlv" = "action->args.delivery.delivery". Now both point to the same storage.
663 qdr_delivery_t *dlv = action->args.delivery.delivery;
664 qdr_delivery_t *peer = dlv->peer;
665 bool push = false;
666 bool peer_moved = false;
667 bool dlv_moved = false;
668 uint64_t disp = action->args.delivery.disposition;
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/router_core/transfer.c: 722 in qdr_update_delivery_CT()
716 qdr_delivery_decref(dlv);
717
718 //
719 // Release the unsettled references if the deliveries were moved
720 //
721 if (dlv_moved)
>>> CID 137722: (USE_AFTER_FREE)
>>> Calling "qdr_delivery_decref" dereferences freed pointer "dlv".
722 qdr_delivery_decref(dlv);
723 if (peer_moved)
724 qdr_delivery_decref(peer);
725 }
726
727
** CID 137721: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 137721: Memory - illegal accesses (USE_AFTER_FREE)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/router_core/transfer.c: 533 in qdr_link_forward_CT()
527 // Message was not delivered, drop the delivery.
528 //
529 // If the delivery is not settled, release it.
530 //
531 if (!dlv->settled)
532 qdr_delivery_release_CT(core, dlv);
>>> CID 137721: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "qdr_delivery_decref" dereferences freed pointer "dlv".
533 qdr_delivery_decref(dlv);
534 qdr_link_issue_credit_CT(core, link, 1, false);
535 } else if (fanout > 0) {
536 if (dlv->settled) {
537 //
538 // The delivery is settled. Keep it off the unsettled list and issue
** CID 137720: Memory - illegal accesses (UNINIT)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 272 in qd_dispatch_configure_listener()
________________________________________________________________________________________________________
*** CID 137720: Memory - illegal accesses (UNINIT)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 272 in qd_dispatch_configure_listener()
266
267
268 qd_config_listener_t *qd_dispatch_configure_listener(qd_dispatch_t *qd, qd_entity_t *entity)
269 {
270 qd_error_clear();
271 qd_connection_manager_t *cm = qd->connection_manager;
>>> CID 137720: Memory - illegal accesses (UNINIT)
>>> Assigning: "cl" = "(qd_config_listener_t *)malloc(216UL)", which is allocated but not initialized.
272 qd_config_listener_t *cl = NEW(qd_config_listener_t);
273 cl->is_connector = false;
274 cl->state = QD_BIND_NONE;
275 cl->listener = 0;
276 qd_config_ssl_profile_t *ssl_profile = 0;
277 if (load_server_config(qd, &cl->configuration, entity, &ssl_profile) != QD_ERROR_NONE) {
** CID 137718: (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 165 in set_config_host()
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 165 in set_config_host()
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 165 in set_config_host()
________________________________________________________________________________________________________
*** CID 137718: (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 165 in set_config_host()
159 }
160 else if (strcmp(host, HOST_ADDR_DEFAULT) != 0 && strcmp(addr, HOST_ADDR_DEFAULT) == 0) {
161 config->host = host;
162 }
163
164 assert(config->host);
>>> CID 137718: (RESOURCE_LEAK)
>>> Variable "addr" going out of scope leaks the storage it points to.
165 }
166
167 static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *config, qd_entity_t* entity, qd_config_ssl_profile_t **ssl_profile)
168 {
169 qd_error_clear();
170
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 165 in set_config_host()
159 }
160 else if (strcmp(host, HOST_ADDR_DEFAULT) != 0 && strcmp(addr, HOST_ADDR_DEFAULT) == 0) {
161 config->host = host;
162 }
163
164 assert(config->host);
>>> CID 137718: (RESOURCE_LEAK)
>>> Variable "addr" going out of scope leaks the storage it points to.
165 }
166
167 static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *config, qd_entity_t* entity, qd_config_ssl_profile_t **ssl_profile)
168 {
169 qd_error_clear();
170
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 165 in set_config_host()
159 }
160 else if (strcmp(host, HOST_ADDR_DEFAULT) != 0 && strcmp(addr, HOST_ADDR_DEFAULT) == 0) {
161 config->host = host;
162 }
163
164 assert(config->host);
>>> CID 137718: (RESOURCE_LEAK)
>>> Variable "addr" going out of scope leaks the storage it points to.
165 }
166
167 static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *config, qd_entity_t* entity, qd_config_ssl_profile_t **ssl_profile)
168 {
169 qd_error_clear();
170
** CID 137717: (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 165 in set_config_host()
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 165 in set_config_host()
________________________________________________________________________________________________________
*** CID 137717: (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 165 in set_config_host()
159 }
160 else if (strcmp(host, HOST_ADDR_DEFAULT) != 0 && strcmp(addr, HOST_ADDR_DEFAULT) == 0) {
161 config->host = host;
162 }
163
164 assert(config->host);
>>> CID 137717: (RESOURCE_LEAK)
>>> Variable "host" going out of scope leaks the storage it points to.
165 }
166
167 static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *config, qd_entity_t* entity, qd_config_ssl_profile_t **ssl_profile)
168 {
169 qd_error_clear();
170
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/connection_manager.c: 165 in set_config_host()
159 }
160 else if (strcmp(host, HOST_ADDR_DEFAULT) != 0 && strcmp(addr, HOST_ADDR_DEFAULT) == 0) {
161 config->host = host;
162 }
163
164 assert(config->host);
>>> CID 137717: (RESOURCE_LEAK)
>>> Variable "host" going out of scope leaks the storage it points to.
165 }
166
167 static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *config, qd_entity_t* entity, qd_config_ssl_profile_t **ssl_profile)
168 {
169 qd_error_clear();
170
** CID 137716: Null pointer dereferences (FORWARD_NULL)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/alloc_pool.c: 129 in qd_alloc()
________________________________________________________________________________________________________
*** CID 137716: Null pointer dereferences (FORWARD_NULL)
/home/kgiusti/work/dispatch/0.7.0rc1/qpid-dispatch-0.7.0/src/alloc_pool.c: 129 in qd_alloc()
123 //
124 // If this is the thread's first pass through here, allocate the
125 // thread-local pool for this type.
126 //
127 if (*tpool == 0) {
128 NEW_CACHE_ALIGNED(qd_alloc_pool_t, *tpool);
>>> CID 137716: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "*tpool".
129 DEQ_ITEM_INIT(*tpool);
130 DEQ_INIT((*tpool)->free_list);
131 sys_mutex_lock(desc->lock);
132 DEQ_INSERT_TAIL(desc->tpool_list, *tpool);
133 sys_mutex_unlock(desc->lock);
134 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX1-2FDm2ydKRp2jKIMEChnF9qYjWDV40qhnoFf9KqJJs5gJ3gKShavCjMfPIUiT4tI2B_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKnBG3GO-2FOyedCzNqSxFDW0Jbsa5Hk1VMo0a27YnRLRbQA1zX5cOaBysMQhSxuqM5Mg82BNa5oITiOK4WX8Z2kcL5kRK9xacvKu9J1tDE2HVbb9m2O9yNCztlb3NHnBnFKMo3giPSr8U9FL-2Bw236gY4IVgBmIv-2FWyMFpcRoYyisETw-3D-3D
To manage Coverity Scan email notifications for "gmurthy@redhat.com", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4GT7ZJULeBsdRIGSsmCGK3QgA2CDXnZgZ8-2FWGYmnExRLcco6O6snRtSPKudValmBAwINi3CN-2FlFC5he5SY5w85-2BEKaU-2FEfQJ1S-2BAvMeHNTnE-3D_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKnBG3GO-2FOyedCzNqSxFDW0JxveBVItHXiEsuXXkFNRiOXE2Ibm4Vo4DMQzvZqkx3DKBleaGjTAKcxi-2B-2Bfo6fpFlTr5PBo2SMB2ktm0fATDThDLljcuHgVgaHNpkfWIZxtmGbMjF-2FghSfBT5uF-2BvAKOacL7Oy7-2FNIPqJPfPSiHA-2BxA-3D-3D
> Coverity scan reported memory leaks in Qpid Dispatch 0.7.0
> -----------------------------------------------------------
>
> Key: DISPATCH-526
> URL: https://issues.apache.org/jira/browse/DISPATCH-526
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Container
> Affects Versions: 0.7.0
> Reporter: Ganesh Murthy
>
> kguisti ran the coverity scan on 0.7.0 RC1 which found a few memory leaks. These will need to be fixed -
> https://scan4.coverity.com/reports.htm#v24864/p10022
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org