You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Patrick Hunt (JIRA)" <ji...@apache.org> on 2009/02/11 19:16:59 UTC
[jira] Created: (ZOOKEEPER-310) Coverity report on issues in C
client code
Coverity report on issues in C client code
------------------------------------------
Key: ZOOKEEPER-310
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-310
Project: Zookeeper
Issue Type: Bug
Components: c client
Affects Versions: 3.1.0
Reporter: Patrick Hunt
Priority: Minor
Fix For: 3.2.0
Coverity found the following issues in the c code thatwe should look at/resolve:
1) zookeeper.c
Event unterminated_case: This case (value 0) is not terminated by a 'break' statement.
717 case 0:
718 errno = EHOSTDOWN;
Event fallthrough: The above case falls through to this one.
719 case -1:
Event unterminated_case: This case (value 0) is not terminated by a 'break' statement.
739 case 0:
740 errno = EHOSTDOWN;
Event fallthrough: The above case falls through to this one.
741 case -1:
Event negative_return_fn: Called negative-returning function "socket(2, 1, 0)"
Event var_assign: NEGATIVE return value of "socket" assigned to signed variable "zh->fd"
1099 zh->fd = socket(PF_INET, SOCK_STREAM, 0);
Event negative_returns: Tracked variable "zh->fd" was passed to a negative sink.
1100 setsockopt(zh->fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(int));
Event deref_ptr: Directly dereferenced pointer "cptr->buffer"
1308 cptr->buffer->curr_offset = get_buffer_len(oa);
Event check_after_deref: Pointer "cptr->buffer" dereferenced before NULL check
1309 if (!cptr->buffer) {
cli.c
Event returned_null: Function "strchr" returned NULL value (checked 4 out of 5 times)
Event var_assigned: Variable "ptr" assigned to NULL return value from "strchr"
532 char *ptr = strchr(buffer, '\n');
Event dereference: Dereferencing NULL value "ptr"
recordio.c
Event alloc_fn: Called allocation function "malloc"
Event var_assign: Assigned variable "buff" to storage returned from "malloc(12U)"
284 struct buff_struct *buff = malloc(sizeof(struct buff_struct));
Event leaked_storage: Variable "buff" goes out of scope
At conditional (1): "!(ia != NULL)" taking true path
285 if (!ia) return 0;
Event alloc_fn: Called allocation function "malloc"
Event var_assign: Assigned variable "buff" to storage returned from "malloc(12U)"
301 struct buff_struct *buff = malloc(sizeof(struct buff_struct));
Event leaked_storage: Variable "buff" goes out of scope
At conditional (1): "!(oa != NULL)" taking true path
302 if (!oa) return 0;
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (ZOOKEEPER-310) Coverity report on issues in C
client code
Posted by "Mahadev konar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mahadev konar updated ZOOKEEPER-310:
------------------------------------
Fix Version/s: (was: 3.2.0)
3.3.0
moving it to 3.3
> Coverity report on issues in C client code
> ------------------------------------------
>
> Key: ZOOKEEPER-310
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-310
> Project: Zookeeper
> Issue Type: Bug
> Components: c client
> Affects Versions: 3.1.0
> Reporter: Patrick Hunt
> Assignee: Mahadev konar
> Priority: Minor
> Fix For: 3.3.0
>
>
> Coverity found the following issues in the c code thatwe should look at/resolve:
> 1) zookeeper.c
> Event unterminated_case: This case (value 0) is not terminated by a 'break' statement.
> 717 case 0:
> 718 errno = EHOSTDOWN;
> Event fallthrough: The above case falls through to this one.
> 719 case -1:
> Event unterminated_case: This case (value 0) is not terminated by a 'break' statement.
> 739 case 0:
> 740 errno = EHOSTDOWN;
> Event fallthrough: The above case falls through to this one.
> 741 case -1:
> Event negative_return_fn: Called negative-returning function "socket(2, 1, 0)"
> Event var_assign: NEGATIVE return value of "socket" assigned to signed variable "zh->fd"
> 1099 zh->fd = socket(PF_INET, SOCK_STREAM, 0);
> Event negative_returns: Tracked variable "zh->fd" was passed to a negative sink.
> 1100 setsockopt(zh->fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(int));
> Event deref_ptr: Directly dereferenced pointer "cptr->buffer"
> 1308 cptr->buffer->curr_offset = get_buffer_len(oa);
> Event check_after_deref: Pointer "cptr->buffer" dereferenced before NULL check
> 1309 if (!cptr->buffer) {
> cli.c
> Event returned_null: Function "strchr" returned NULL value (checked 4 out of 5 times)
> Event var_assigned: Variable "ptr" assigned to NULL return value from "strchr"
> 532 char *ptr = strchr(buffer, '\n');
> Event dereference: Dereferencing NULL value "ptr"
> recordio.c
> Event alloc_fn: Called allocation function "malloc"
> Event var_assign: Assigned variable "buff" to storage returned from "malloc(12U)"
> 284 struct buff_struct *buff = malloc(sizeof(struct buff_struct));
> Event leaked_storage: Variable "buff" goes out of scope
> At conditional (1): "!(ia != NULL)" taking true path
> 285 if (!ia) return 0;
> Event alloc_fn: Called allocation function "malloc"
> Event var_assign: Assigned variable "buff" to storage returned from "malloc(12U)"
> 301 struct buff_struct *buff = malloc(sizeof(struct buff_struct));
> Event leaked_storage: Variable "buff" goes out of scope
> At conditional (1): "!(oa != NULL)" taking true path
> 302 if (!oa) return 0;
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (ZOOKEEPER-310) Coverity report on issues in C
client code
Posted by "Patrick Hunt (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Patrick Hunt reassigned ZOOKEEPER-310:
--------------------------------------
Assignee: Mahadev konar
> Coverity report on issues in C client code
> ------------------------------------------
>
> Key: ZOOKEEPER-310
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-310
> Project: Zookeeper
> Issue Type: Bug
> Components: c client
> Affects Versions: 3.1.0
> Reporter: Patrick Hunt
> Assignee: Mahadev konar
> Priority: Minor
> Fix For: 3.2.0
>
>
> Coverity found the following issues in the c code thatwe should look at/resolve:
> 1) zookeeper.c
> Event unterminated_case: This case (value 0) is not terminated by a 'break' statement.
> 717 case 0:
> 718 errno = EHOSTDOWN;
> Event fallthrough: The above case falls through to this one.
> 719 case -1:
> Event unterminated_case: This case (value 0) is not terminated by a 'break' statement.
> 739 case 0:
> 740 errno = EHOSTDOWN;
> Event fallthrough: The above case falls through to this one.
> 741 case -1:
> Event negative_return_fn: Called negative-returning function "socket(2, 1, 0)"
> Event var_assign: NEGATIVE return value of "socket" assigned to signed variable "zh->fd"
> 1099 zh->fd = socket(PF_INET, SOCK_STREAM, 0);
> Event negative_returns: Tracked variable "zh->fd" was passed to a negative sink.
> 1100 setsockopt(zh->fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(int));
> Event deref_ptr: Directly dereferenced pointer "cptr->buffer"
> 1308 cptr->buffer->curr_offset = get_buffer_len(oa);
> Event check_after_deref: Pointer "cptr->buffer" dereferenced before NULL check
> 1309 if (!cptr->buffer) {
> cli.c
> Event returned_null: Function "strchr" returned NULL value (checked 4 out of 5 times)
> Event var_assigned: Variable "ptr" assigned to NULL return value from "strchr"
> 532 char *ptr = strchr(buffer, '\n');
> Event dereference: Dereferencing NULL value "ptr"
> recordio.c
> Event alloc_fn: Called allocation function "malloc"
> Event var_assign: Assigned variable "buff" to storage returned from "malloc(12U)"
> 284 struct buff_struct *buff = malloc(sizeof(struct buff_struct));
> Event leaked_storage: Variable "buff" goes out of scope
> At conditional (1): "!(ia != NULL)" taking true path
> 285 if (!ia) return 0;
> Event alloc_fn: Called allocation function "malloc"
> Event var_assign: Assigned variable "buff" to storage returned from "malloc(12U)"
> 301 struct buff_struct *buff = malloc(sizeof(struct buff_struct));
> Event leaked_storage: Variable "buff" goes out of scope
> At conditional (1): "!(oa != NULL)" taking true path
> 302 if (!oa) return 0;
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (ZOOKEEPER-310) Coverity report on issues in C
client code
Posted by "Mahadev konar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mahadev konar updated ZOOKEEPER-310:
------------------------------------
Fix Version/s: (was: 3.3.0)
3.4.0
moving this to 3.4 since its not a blocker....
> Coverity report on issues in C client code
> ------------------------------------------
>
> Key: ZOOKEEPER-310
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-310
> Project: Zookeeper
> Issue Type: Bug
> Components: c client
> Affects Versions: 3.1.0
> Reporter: Patrick Hunt
> Assignee: Mahadev konar
> Priority: Minor
> Fix For: 3.4.0
>
>
> Coverity found the following issues in the c code thatwe should look at/resolve:
> 1) zookeeper.c
> Event unterminated_case: This case (value 0) is not terminated by a 'break' statement.
> 717 case 0:
> 718 errno = EHOSTDOWN;
> Event fallthrough: The above case falls through to this one.
> 719 case -1:
> Event unterminated_case: This case (value 0) is not terminated by a 'break' statement.
> 739 case 0:
> 740 errno = EHOSTDOWN;
> Event fallthrough: The above case falls through to this one.
> 741 case -1:
> Event negative_return_fn: Called negative-returning function "socket(2, 1, 0)"
> Event var_assign: NEGATIVE return value of "socket" assigned to signed variable "zh->fd"
> 1099 zh->fd = socket(PF_INET, SOCK_STREAM, 0);
> Event negative_returns: Tracked variable "zh->fd" was passed to a negative sink.
> 1100 setsockopt(zh->fd, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(int));
> Event deref_ptr: Directly dereferenced pointer "cptr->buffer"
> 1308 cptr->buffer->curr_offset = get_buffer_len(oa);
> Event check_after_deref: Pointer "cptr->buffer" dereferenced before NULL check
> 1309 if (!cptr->buffer) {
> cli.c
> Event returned_null: Function "strchr" returned NULL value (checked 4 out of 5 times)
> Event var_assigned: Variable "ptr" assigned to NULL return value from "strchr"
> 532 char *ptr = strchr(buffer, '\n');
> Event dereference: Dereferencing NULL value "ptr"
> recordio.c
> Event alloc_fn: Called allocation function "malloc"
> Event var_assign: Assigned variable "buff" to storage returned from "malloc(12U)"
> 284 struct buff_struct *buff = malloc(sizeof(struct buff_struct));
> Event leaked_storage: Variable "buff" goes out of scope
> At conditional (1): "!(ia != NULL)" taking true path
> 285 if (!ia) return 0;
> Event alloc_fn: Called allocation function "malloc"
> Event var_assign: Assigned variable "buff" to storage returned from "malloc(12U)"
> 301 struct buff_struct *buff = malloc(sizeof(struct buff_struct));
> Event leaked_storage: Variable "buff" goes out of scope
> At conditional (1): "!(oa != NULL)" taking true path
> 302 if (!oa) return 0;
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.