You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ganesh Murthy (JIRA)" <ji...@apache.org> on 2019/03/19 11:58:00 UTC
[jira] [Created] (DISPATCH-1292) Coverity issues on master branch
Ganesh Murthy created DISPATCH-1292:
---------------------------------------
Summary: Coverity issues on master branch
Key: DISPATCH-1292
URL: https://issues.apache.org/jira/browse/DISPATCH-1292
Project: Qpid Dispatch
Issue Type: Bug
Components: Container
Affects Versions: 1.5.0
Reporter: Ganesh Murthy
Assignee: Ganesh Murthy
Fix For: 1.6.0
{noformat}
10 of 17,133
New Defects reported by Coverity Scan for Apache Qpid dispatch-router
Inbox
x
scan-admin@coverity.com
12:31 AM (7 hours ago)
to me
Hi,
Please find the latest report on new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
11 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
55 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 336749: Control flow issues (MISSING_BREAK)
/home/gmurthy/opensource/qpid-dispatch/src/server.c: 909 in handle()
________________________________________________________________________________________________________
*** CID 336749: Control flow issues (MISSING_BREAK)
/home/gmurthy/opensource/qpid-dispatch/src/server.c: 909 in handle()
903 qdr_handle_authentication_service_connection_event(e);
904 return true;
905 }
906
907 switch (pn_event_type(e)) {
908
>>> CID 336749: Control flow issues (MISSING_BREAK)
>>> The case for value "PN_PROACTOR_INTERRUPT" is not terminated by a 'break' statement.
909 case PN_PROACTOR_INTERRUPT:
910 if (qd_server->stopping) {
911 /* Interrupt the next thread */
912 pn_proactor_interrupt(qd_server->proactor);
913 /* Stop the current thread */
914 return false;
** CID 336748: Resource leaks (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/src/router_node.c: 567 in AMQP_rx_handler()
________________________________________________________________________________________________________
*** CID 336748: Resource leaks (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/src/router_node.c: 567 in AMQP_rx_handler()
561 qd_log(router->log_source, QD_LOG_DEBUG, "Message rejected due to policy violation on target. User:%s", conn->user_id);
562 pn_link_flow(pn_link, 1);
563 pn_delivery_update(pnd, PN_REJECTED);
564 pn_delivery_settle(pnd);
565 qd_message_free(msg);
566 qd_iterator_free(addr_iter);
>>> CID 336748: Resource leaks (RESOURCE_LEAK)
>>> Variable "link_exclusions" going out of scope leaks the storage it points to.
567 return next_delivery;
568 }
569 }
570 } else {
571 //
572 // This is a targeted link, not anonymous.
** CID 336747: (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
/home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 86 in test_send_to_messenger()
________________________________________________________________________________________________________
*** CID 336747: (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
75 static char* test_send_to_messenger(void *context)
76 {
77 qd_message_t *msg = qd_message();
78 qd_message_content_t *content = MSG_CONTENT(msg);
79 qd_message_compose_1(msg, "test_addr_0", 0);
80 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
>>> CID 336747: (RESOURCE_LEAK)
>>> Variable "msg" going out of scope leaks the storage it points to.
81 if (buf == 0) return "Expected a buffer in the test message";
82
83 pn_message_t *pn_msg = pn_message();
84 size_t len = flatten_bufs(content);
85 int result = pn_message_decode(pn_msg, buffer, len);
86 if (result != 0) return "Error in pn_message_decode";
/home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 86 in test_send_to_messenger()
80 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
81 if (buf == 0) return "Expected a buffer in the test message";
82
83 pn_message_t *pn_msg = pn_message();
84 size_t len = flatten_bufs(content);
85 int result = pn_message_decode(pn_msg, buffer, len);
>>> CID 336747: (RESOURCE_LEAK)
>>> Variable "msg" going out of scope leaks the storage it points to.
86 if (result != 0) return "Error in pn_message_decode";
87
88 if (strcmp(pn_message_get_address(pn_msg), "test_addr_0") != 0)
89 return "Address mismatch in received message";
90
91 pn_message_free(pn_msg);
** CID 336746: (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 320 in test_send_message_annotations()
/home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 325 in test_send_message_annotations()
________________________________________________________________________________________________________
*** CID 336746: (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 320 in test_send_message_annotations()
314 qd_composed_field_t *ingress = qd_compose_subfield(0);
315 qd_compose_insert_string(ingress, "distress");
316 qd_message_set_ingress_annotation(msg, ingress);
317
318 qd_message_compose_1(msg, "test_addr_0", 0);
319 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
>>> CID 336746: (RESOURCE_LEAK)
>>> Variable "msg" going out of scope leaks the storage it points to.
320 if (buf == 0) return "Expected a buffer in the test message";
321
322 pn_message_t *pn_msg = pn_message();
323 size_t len = flatten_bufs(content);
324 int result = pn_message_decode(pn_msg, buffer, len);
325 if (result != 0) return "Error in pn_message_decode";
/home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 325 in test_send_message_annotations()
319 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
320 if (buf == 0) return "Expected a buffer in the test message";
321
322 pn_message_t *pn_msg = pn_message();
323 size_t len = flatten_bufs(content);
324 int result = pn_message_decode(pn_msg, buffer, len);
>>> CID 336746: (RESOURCE_LEAK)
>>> Variable "msg" going out of scope leaks the storage it points to.
325 if (result != 0) return "Error in pn_message_decode";
326
327 pn_data_t *ma = pn_message_annotations(pn_msg);
328 if (!ma) return "Missing message annotations";
329 pn_data_rewind(ma);
330 pn_data_next(ma);
** CID 336745: Resource leaks (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in test_compose_subfields()
________________________________________________________________________________________________________
*** CID 336745: Resource leaks (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in test_compose_subfields()
353 qd_compose_insert_string(sub3, "Key2");
354
355 //
356 qd_composed_field_t *field = qd_compose(QD_PERFORMATIVE_MESSAGE_ANNOTATIONS, 0);
357 qd_compose_start_map(field);
358 qd_compose_insert_buffers(field, &sub1->buffers);
>>> CID 336745: Resource leaks (RESOURCE_LEAK)
>>> Variable "sub3" going out of scope leaks the storage it points to.
359 if (!DEQ_IS_EMPTY(sub1->buffers)) return "Buffer chain ownership not transferred!";
360 qd_compose_free(sub1);
361 qd_compose_insert_buffers(field, &sub2->buffers);
362 qd_compose_free(sub2);
363
364 qd_compose_insert_buffers(field, &sub3->buffers);
** CID 336744: (DC.WEAK_CRYPTO)
/home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 26 in qd_generate_discriminator()
/home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 27 in qd_generate_discriminator()
/home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 28 in qd_generate_discriminator()
________________________________________________________________________________________________________
*** CID 336744: (DC.WEAK_CRYPTO)
/home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 26 in qd_generate_discriminator()
20 #include <qpid/dispatch/discriminator.h>
21 #include <stdlib.h>
22
23 void qd_generate_discriminator(char *string)
24 {
25 static const char *table = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_";
>>> CID 336744: (DC.WEAK_CRYPTO)
>>> "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
26 long int rnd1 = random();
27 long int rnd2 = random();
28 long int rnd3 = random();
29 int idx;
30 int cursor = 0;
31
/home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 27 in qd_generate_discriminator()
21 #include <stdlib.h>
22
23 void qd_generate_discriminator(char *string)
24 {
25 static const char *table = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_";
26 long int rnd1 = random();
>>> CID 336744: (DC.WEAK_CRYPTO)
>>> "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
27 long int rnd2 = random();
28 long int rnd3 = random();
29 int idx;
30 int cursor = 0;
31
32 for (idx = 0; idx < 5; idx++) {
/home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 28 in qd_generate_discriminator()
22
23 void qd_generate_discriminator(char *string)
24 {
25 static const char *table = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_";
26 long int rnd1 = random();
27 long int rnd2 = random();
>>> CID 336744: (DC.WEAK_CRYPTO)
>>> "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
28 long int rnd3 = random();
29 int idx;
30 int cursor = 0;
31
32 for (idx = 0; idx < 5; idx++) {
33 string[cursor++] = table[(rnd1 >> (idx * 6)) & 63];
** CID 336743: Resource leaks (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in test_compose_subfields()
________________________________________________________________________________________________________
*** CID 336743: Resource leaks (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in test_compose_subfields()
353 qd_compose_insert_string(sub3, "Key2");
354
355 //
356 qd_composed_field_t *field = qd_compose(QD_PERFORMATIVE_MESSAGE_ANNOTATIONS, 0);
357 qd_compose_start_map(field);
358 qd_compose_insert_buffers(field, &sub1->buffers);
>>> CID 336743: Resource leaks (RESOURCE_LEAK)
>>> Variable "sub2" going out of scope leaks the storage it points to.
359 if (!DEQ_IS_EMPTY(sub1->buffers)) return "Buffer chain ownership not transferred!";
360 qd_compose_free(sub1);
361 qd_compose_insert_buffers(field, &sub2->buffers);
362 qd_compose_free(sub2);
363
364 qd_compose_insert_buffers(field, &sub3->buffers);
** CID 336742: Null pointer dereferences (REVERSE_INULL)
/home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_addr_tracking/edge_addr_tracking.c: 341 in on_link_event()
________________________________________________________________________________________________________
*** CID 336742: Null pointer dereferences (REVERSE_INULL)
/home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_addr_tracking/edge_addr_tracking.c: 341 in on_link_event()
335 if (addr && qdr_address_is_mobile_CT(addr) && DEQ_SIZE(addr->subscriptions) == 0 && link->link_direction == QD_INCOMING) {
336 qdr_addr_endpoint_state_t *endpoint_state = qdrc_get_endpoint_state_for_connection(mc->endpoint_state_list, link->conn);
337 assert(endpoint_state);
338 assert(link->edge_context == 0);
339 link->edge_context = endpoint_state;
340 endpoint_state->ref_count++;
>>> CID 336742: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "endpoint_state" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
341 if (qdrc_can_send_address(addr, link->conn) && endpoint_state) {
342 qdrc_send_message(mc->core, addr, endpoint_state->endpoint, true);
343 }
344 }
345 break;
346 }
** CID 336741: Resource leaks (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/router/src/main.c: 192 in daemon_process()
________________________________________________________________________________________________________
*** CID 336741: Resource leaks (RESOURCE_LEAK)
/home/gmurthy/opensource/qpid-dispatch/router/src/main.c: 192 in daemon_process()
186 if (strncmp("/", config_path, 1)) {
187 char *cur_path = NULL;
188 size_t path_size = 256;
189 int getcwd_error = 0;
190 cur_path = (char *) calloc(path_size, sizeof(char));
191
>>> CID 336741: Resource leaks (RESOURCE_LEAK)
>>> Overwriting "cur_path" in "cur_path = getcwd(cur_path, path_size)" leaks the storage that "cur_path" points to.
192 while ((cur_path = getcwd(cur_path, path_size)) == NULL) {
193 free(cur_path);
194 if ( errno != ERANGE ) {
195 // If unable to get current directory
196 getcwd_error = 1;
197 break;
** CID 336740: Security best practices violations (STRING_OVERFLOW)
/home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_router/addr_proxy.c: 118 in set_waypoint_capability()
________________________________________________________________________________________________________
*** CID 336740: Security best practices violations (STRING_OVERFLOW)
/home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_router/addr_proxy.c: 118 in set_waypoint_capability()
112 // In all remaining cases, the new links are acting as waypoints.
113 //
114 int ordinal = phase + (dir == QD_OUTGOING ? 0 : 1);
115 char cap[16];
116 char suffix[3];
117
>>> CID 336740: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 16-character fixed-size string "cap" by copying "QD_CAPABILITY_WAYPOINT_DEFAULT" without checking the length.
118 strcpy(cap, QD_CAPABILITY_WAYPOINT_DEFAULT);
119 suffix[0] = '.';
120 suffix[1] = '0' + ordinal;
121 suffix[2] = '\0';
122 strcat(cap, suffix);
123 qdr_terminus_add_capability(term, cap);
** CID 336739: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/home/gmurthy/opensource/qpid-dispatch/src/router_core/core_events.c: 51 in qdrc_event_subscribe_CT()
________________________________________________________________________________________________________
*** CID 336739: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/home/gmurthy/opensource/qpid-dispatch/src/router_core/core_events.c: 51 in qdrc_event_subscribe_CT()
45 sub->context = context;
46 sub->events = events;
47 sub->on_conn_event = on_conn_event;
48 sub->on_link_event = on_link_event;
49 sub->on_addr_event = on_addr_event;
50
>>> CID 336739: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "events & 0U /* !((0x3f | 0x3f00) | 0xfff0000) */" is always 0 regardless of the values of its operands. This occurs as a value.
51 assert((events & !(_QDRC_EVENT_CONN_RANGE | _QDRC_EVENT_LINK_RANGE | _QDRC_EVENT_ADDR_RANGE)) == 0);
52 assert(!(events & _QDRC_EVENT_CONN_RANGE) || on_conn_event);
53 assert(!(events & _QDRC_EVENT_LINK_RANGE) || on_link_event);
54 assert(!(events & _QDRC_EVENT_ADDR_RANGE) || on_addr_event);
55
56 if (events & _QDRC_EVENT_CONN_RANGE)
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX1-2FDm2ydKRp2jKIMEChnF9qYjWDV40qhnoFf9KqJJs5gJkRt3r-2Bll2jeD6T5JeFcgC_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKkvoS-2FuJVjgCuslzX1dwckJNC7zZIx1YhiEs45lNkv-2FJbkCiayCX8OOQy-2FsaHbaWWe2WidVwy7Ol1lHWtu-2FIQYOqyXS1KP10pikPG3AkmxqIH-2F7deyf8-2FTnTa-2Fl-2BQLbEh9AvC8YWxt6MQw6cAP-2Fi-2B4QnOJ-2F6VhEvoEVYwZwSgEWEQ-3D-3D
To manage Coverity Scan email notifications for "gmurthy@redhat.com", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4GT7ZJULeBsdRIGSsmCGK3QgA2CDXnZgZ8-2FWGYmnExRLcco6O6snRtSPKudValmBAwINi3CN-2FlFC5he5SY5w858xo9A3QAFQJ4sopzS8nVgs-3D_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKkvoS-2FuJVjgCuslzX1dwckJ6tm91XSA9ozRLZ6acLz7F19Px-2BcrMfPkJddQQwCtyrNP-2BrRe1ySqLnjIS-2BCkRhnAJeuv0cAtW3OXqGc5JwSHA3r3XoyfjAFFU1C12CubZ2MwIWrfy7TEjEPIll42I3rSdWmRFRevVSluUSqMa-2FJhcQ-3D-3D
{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org