You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2019/09/09 19:49:00 UTC
[jira] [Commented] (DISPATCH-1387) Coverity issues on master branch
[ https://issues.apache.org/jira/browse/DISPATCH-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16926053#comment-16926053 ]
ASF GitHub Bot commented on DISPATCH-1387:
------------------------------------------
ganeshmurthy commented on pull request #563: DISPATCH-1387 - Additional fix. Fix null pointer dereference problems
URL: https://github.com/apache/qpid-dispatch/pull/563
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
> Coverity issues on master branch
> --------------------------------
>
> Key: DISPATCH-1387
> URL: https://issues.apache.org/jira/browse/DISPATCH-1387
> Project: Qpid Dispatch
> Issue Type: Improvement
> Components: Container
> Affects Versions: 1.8.0
> Reporter: Ganesh Murthy
> Assignee: Ganesh Murthy
> Priority: Major
> Fix For: 1.9.0
>
>
> {noformat}
> Please find the latest report on new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
> 18 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
> 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
> New defect(s) Reported-by: Coverity Scan
> Showing 18 of 18 defect(s)
> ** CID 344879: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344879: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: 193 in qdra_config_address_get_first_CT()
> 187 qdr_agent_write_config_address_CT(query, addr);
> 188
> 189 //
> 190 // Advance to the next address
> 191 //
> 192 query->next_offset = offset;
> >>> CID 344879: (FORWARD_NULL)
> >>> Passing null pointer "addr" to "qdr_manage_advance_config_address_CT", which dereferences it.
> 193 qdr_manage_advance_config_address_CT(query, addr);
> 194
> 195 //
> 196 // Enqueue the response.
> 197 //
> 198 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: 187 in qdra_config_address_get_first_CT()
> 181 addr = DEQ_NEXT(addr);
> 182 assert(addr);
> 183
> 184 //
> 185 // Write the columns of the object into the response body.
> 186 //
> >>> CID 344879: (FORWARD_NULL)
> >>> Passing null pointer "addr" to "qdr_agent_write_config_address_CT", which dereferences it.
> 187 qdr_agent_write_config_address_CT(query, addr);
> 188
> 189 //
> 190 // Advance to the next address
> 191 //
> 192 query->next_offset = offset;
> ** CID 344878: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344878: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in callback_metrics()
> 552 stats->headers_sent = true;
> 553 }
> 554
> 555 while (stats->current < metrics_length) {
> 556 if (write_metric(&position, end, &metrics[stats->current], &stats->context->stats)) {
> 557 stats->current++;
> >>> CID 344878: API usage errors (PRINTF_ARGS)
> >>> Argument "stats->current" to format specifier "%i" was expected to have type "int" but has type "unsigned long".
> 558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of %i", stats->current, metrics_length);
> 559 } else {
> 560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in buffer");
> 561 break;
> 562 }
> 563 }
> ** CID 344877: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344877: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in callback_metrics()
> 552 stats->headers_sent = true;
> 553 }
> 554
> 555 while (stats->current < metrics_length) {
> 556 if (write_metric(&position, end, &metrics[stats->current], &stats->context->stats)) {
> 557 stats->current++;
> >>> CID 344877: API usage errors (PRINTF_ARGS)
> >>> Argument "metrics_length" to format specifier "%i" was expected to have type "int" but has type "unsigned long".
> 558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of %i", stats->current, metrics_length);
> 559 } else {
> 560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in buffer");
> 561 break;
> 562 }
> 563 }
> ** CID 344876: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 331 in qdra_conn_link_route_get_first_CT()
> ________________________________________________________________________________________________________
> *** CID 344876: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 329 in qdra_conn_link_route_get_first_CT()
> 323 //
> 324 qdr_link_route_t *lr = DEQ_HEAD(conn->conn_link_routes);
> 325 for (int i = 0; i < offset && lr; i++)
> 326 lr = DEQ_NEXT(lr);
> 327 assert(lr);
> 328 // write the lr into the response and advance to next
> >>> CID 344876: (FORWARD_NULL)
> >>> Passing null pointer "lr" to "_write_as_list_CT", which dereferences it.
> 329 _write_as_list_CT(query, lr);
> 330 query->next_offset = offset + 1;
> 331 query->more = DEQ_NEXT(lr) != NULL;
> 332 }
> 333 qdr_agent_enqueue_response_CT(core, query);
> 334 }
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 331 in qdra_conn_link_route_get_first_CT()
> 325 for (int i = 0; i < offset && lr; i++)
> 326 lr = DEQ_NEXT(lr);
> 327 assert(lr);
> 328 // write the lr into the response and advance to next
> 329 _write_as_list_CT(query, lr);
> 330 query->next_offset = offset + 1;
> >>> CID 344876: (FORWARD_NULL)
> >>> Dereferencing null pointer "lr".
> 331 query->more = DEQ_NEXT(lr) != NULL;
> 332 }
> 333 qdr_agent_enqueue_response_CT(core, query);
> 334 }
> 335
> 336
> ** CID 344875: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344875: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/policy.c: 1294 in qd_policy_host_pattern_add()
> 1288 assert (recovered);
> 1289 (void)recovered; /* Silence compiler complaints of unused variable */
> 1290 }
> 1291 sys_mutex_unlock(policy->tree_lock);
> 1292 if (oldp) {
> 1293 free(payload);
> >>> CID 344875: API usage errors (PRINTF_ARGS)
> >>> Argument "oldp" to format specifier "%s" was expected to have type "char *" but has type "void *".
> 1294 qd_log(policy->log_source,
> 1295 QD_LOG_WARNING,
> 1296 "vhost hostname pattern '%s' failed to replace optimized pattern '%s'",
> 1297 hostPattern, oldp);
> 1298 }
> 1299 return oldp == 0;
> ** CID 344874: Memory - corruptions (OVERLAPPING_COPY)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in set_rhost_port()
> ________________________________________________________________________________________________________
> *** CID 344874: Memory - corruptions (OVERLAPPING_COPY)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in set_rhost_port()
> 589 if (sa && salen) {
> 590 char rport[NI_MAXSERV] = "";
> 591 int err = getnameinfo(sa, salen,
> 592 ctx->rhost, sizeof(ctx->rhost), rport, sizeof(rport),
> 593 NI_NUMERICHOST | NI_NUMERICSERV);
> 594 if (!err) {
> >>> CID 344874: Memory - corruptions (OVERLAPPING_COPY)
> >>> In the call to function "snprintf", the object pointed to by argument "ctx->rhost" may overlap with the object pointed to by argument "ctx->rhost_port".
> 595 snprintf(ctx->rhost_port, sizeof(ctx->rhost_port), "%s:%s", ctx->rhost, rport);
> 596 }
> 597 }
> 598 }
> 599
> 600
> ** CID 344873: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344873: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: 222 in qdra_config_link_route_get_first_CT()
> 216 qdr_agent_write_config_link_route_CT(query, lr);
> 217
> 218 //
> 219 // Advance to the next link_route
> 220 //
> 221 query->next_offset = offset;
> >>> CID 344873: (FORWARD_NULL)
> >>> Passing null pointer "lr" to "qdr_manage_advance_config_link_route_CT", which dereferences it.
> 222 qdr_manage_advance_config_link_route_CT(query, lr);
> 223
> 224 //
> 225 // Enqueue the response.
> 226 //
> 227 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: 216 in qdra_config_link_route_get_first_CT()
> 210 lr = DEQ_NEXT(lr);
> 211 assert(lr);
> 212
> 213 //
> 214 // Write the columns of the object into the response body.
> 215 //
> >>> CID 344873: (FORWARD_NULL)
> >>> Passing null pointer "lr" to "qdr_agent_write_config_link_route_CT", which dereferences it.
> 216 qdr_agent_write_config_link_route_CT(query, lr);
> 217
> 218 //
> 219 // Advance to the next link_route
> 220 //
> 221 query->next_offset = offset;
> ** CID 344872: Null pointer dereferences (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344872: Null pointer dereferences (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_address.c: 301 in qdra_address_get_first_CT()
> 295 qdr_manage_write_address_list_CT(core, query, addr);
> 296
> 297 //
> 298 // Advance to the next address
> 299 //
> 300 query->next_offset = offset;
> >>> CID 344872: Null pointer dereferences (FORWARD_NULL)
> >>> Passing null pointer "addr" to "qdr_manage_advance_address_CT", which dereferences it.
> 301 qdr_manage_advance_address_CT(query, addr);
> 302
> 303 //
> 304 // Enqueue the response.
> 305 //
> 306 qdr_agent_enqueue_response_CT(core, query);
> ** CID 344871: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344871: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: 229 in qdra_config_auto_link_get_first_CT()
> 223 qdr_agent_write_config_auto_link_CT(query, al);
> 224
> 225 //
> 226 // Advance to the next auto_link
> 227 //
> 228 query->next_offset = offset;
> >>> CID 344871: (FORWARD_NULL)
> >>> Passing null pointer "al" to "qdr_manage_advance_config_auto_link_CT", which dereferences it.
> 229 qdr_manage_advance_config_auto_link_CT(query, al);
> 230
> 231 //
> 232 // Enqueue the response.
> 233 //
> 234 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: 223 in qdra_config_auto_link_get_first_CT()
> 217 al = DEQ_NEXT(al);
> 218 assert(al);
> 219
> 220 //
> 221 // Write the columns of the object into the response body.
> 222 //
> >>> CID 344871: (FORWARD_NULL)
> >>> Passing null pointer "al" to "qdr_agent_write_config_auto_link_CT", which dereferences it.
> 223 qdr_agent_write_config_auto_link_CT(query, al);
> 224
> 225 //
> 226 // Advance to the next auto_link
> 227 //
> 228 query->next_offset = offset;
> ** CID 344870: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344870: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 327 in qdra_link_get_first_CT()
> 321 qdr_agent_write_link_CT(core, query, link);
> 322
> 323 //
> 324 // Advance to the next address
> 325 //
> 326 query->next_offset = offset;
> >>> CID 344870: (FORWARD_NULL)
> >>> Passing null pointer "link" to "qdr_manage_advance_link_CT", which dereferences it.
> 327 qdr_manage_advance_link_CT(query, link);
> 328
> 329 //
> 330 // Enqueue the response.
> 331 //
> 332 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 321 in qdra_link_get_first_CT()
> 315 link = DEQ_NEXT(link);
> 316 assert(link);
> 317
> 318 //
> 319 // Write the columns of the link into the response body.
> 320 //
> >>> CID 344870: (FORWARD_NULL)
> >>> Passing null pointer "link" to "qdr_agent_write_link_CT", which dereferences it.
> 321 qdr_agent_write_link_CT(core, query, link);
> 322
> 323 //
> 324 // Advance to the next address
> 325 //
> 326 query->next_offset = offset;
> ** CID 344869: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344869: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: 337 in qdra_connection_get_first_CT()
> 331 qdr_agent_write_connection_CT(core, query, conn);
> 332
> 333 //
> 334 // Advance to the next connection
> 335 //
> 336 query->next_offset = offset;
> >>> CID 344869: (FORWARD_NULL)
> >>> Passing null pointer "conn" to "qdr_manage_advance_connection_CT", which dereferences it.
> 337 qdr_manage_advance_connection_CT(query, conn);
> 338
> 339 //
> 340 // Enqueue the response.
> 341 //
> 342 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: 331 in qdra_connection_get_first_CT()
> 325 conn = DEQ_NEXT(conn);
> 326 assert(conn);
> 327
> 328 //
> 329 // Write the columns of the object into the response body.
> 330 //
> >>> CID 344869: (FORWARD_NULL)
> >>> Passing null pointer "conn" to "qdr_agent_write_connection_CT", which dereferences it.
> 331 qdr_agent_write_connection_CT(core, query, conn);
> 332
> 333 //
> 334 // Advance to the next connection
> 335 //
> 336 query->next_offset = offset;
> ** CID 344868: Insecure data handling (TAINTED_SCALAR)
> ________________________________________________________________________________________________________
> *** CID 344868: Insecure data handling (TAINTED_SCALAR)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/connection_manager.c: 556 in qd_dispatch_configure_ssl_profile()
> 550 ssl_profile->ssl_uid_format = qd_entity_opt_string(entity, "uidFormat", 0); CHECK();
> 551 ssl_profile->uid_name_mapping_file = qd_entity_opt_string(entity, "uidNameMappingFile", 0); CHECK();
> 552
> 553 //
> 554 // Process the password to handle any modifications or lookups needed
> 555 //
> >>> CID 344868: Insecure data handling (TAINTED_SCALAR)
> >>> Passing tainted variable "ssl_profile->ssl_password" to a tainted sink.
> 556 qd_config_ssl_profile_process_password(ssl_profile); CHECK();
> 557
> 558 qd_log(cm->log_source, QD_LOG_INFO, "Created SSL Profile with name %s ", ssl_profile->name);
> 559 return ssl_profile;
> 560
> 561 error:
> ** CID 344867: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344867: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 61 in logger()
> 55 static void logger(int lll, const char *line) {
> 56 if (strstr(line, IGNORED)) return;
> 57 size_t len = strlen(line);
> 58 while (len > 1 && isspace(line[len-1])) { /* Strip trailing newline */
> 59 --len;
> 60 }
> >>> CID 344867: API usage errors (PRINTF_ARGS)
> >>> Precision argument "len" to format specifier "%.*s" was expected to have type "int" but has type "unsigned long".
> 61 qd_log(http_log, qd_level(lll), "%.*s", len, line);
> 62 }
> 63
> 64 static void log_init() {
> 65 http_log = qd_log_source("HTTP");
> 66 int levels = 0;
> ** CID 344866: Control flow issues (DEADCODE)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in qd_parse_annotations_v1()
> ________________________________________________________________________________________________________
> *** CID 344866: Control flow issues (DEADCODE)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in qd_parse_annotations_v1()
> 826 case QD_MAE_TO:
> 827 *ma_to_override = val_field;
> 828 break;
> 829 case QD_MAE_PHASE:
> 830 *ma_phase = val_field;
> 831 break;
> >>> CID 344866: Control flow issues (DEADCODE)
> >>> Execution cannot reach this statement: "case QD_MAE_NONE:".
> 832 case QD_MAE_NONE:
> 833 assert(false);
> 834 break;
> 835 }
> 836
> 837 qd_iterator_free(val_iter);
> ** CID 336747: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
> ________________________________________________________________________________________________________
> *** CID 336747: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
> 75 static char* test_send_to_messenger(void *context)
> 76 {
> 77 qd_message_t *msg = qd_message();
> 78 qd_message_content_t *content = MSG_CONTENT(msg);
> 79 qd_message_compose_1(msg, "test_addr_0", 0);
> 80 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
> >>> CID 336747: Resource leaks (RESOURCE_LEAK)
> >>> Variable "msg" going out of scope leaks the storage it points to.
> 81 if (buf == 0) return "Expected a buffer in the test message";
> 82
> 83 pn_message_t *pn_msg = pn_message();
> 84 size_t len = flatten_bufs(content);
> 85 int result = pn_message_decode(pn_msg, buffer, len);
> 86 if (result != 0) {
> ** CID 336746: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_send_message_annotations()
> ________________________________________________________________________________________________________
> *** CID 336746: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_send_message_annotations()
> 335 if (result != 0) {
> 336 qd_message_free(msg);
> 337 return "Error in pn_message_decode";
> 338 }
> 339
> 340 pn_data_t *ma = pn_message_annotations(pn_msg);
> >>> CID 336746: Resource leaks (RESOURCE_LEAK)
> >>> Variable "msg" going out of scope leaks the storage it points to.
> 341 if (!ma) return "Missing message annotations";
> 342 pn_data_rewind(ma);
> 343 pn_data_next(ma);
> 344 if (pn_data_type(ma) != PN_MAP) return "Invalid message annotation type";
> 345 if (pn_data_get_map(ma) != QD_MA_N_KEYS * 2) return "Invalid map length";
> 346 pn_data_enter(ma);
> ** CID 142248: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
> ________________________________________________________________________________________________________
> *** CID 142248: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
> 296 qd_iterator_t *key_iter = qd_parse_raw(key_field);
> 297 qd_iterator_t *typed_iter = qd_parse_typed(key_field);
> 298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) {
> 299 unsigned char *result = qd_iterator_copy(key_iter);
> 300 snprintf(error, 1000, "First key: expected 'first', got '%s'", result);
> 301 free (result);
> >>> CID 142248: Resource leaks (RESOURCE_LEAK)
> >>> Variable "field" going out of scope leaks the storage it points to.
> 302 return error;
> 303 }
> 304
> 305 if (!qd_iterator_equal(typed_iter, (unsigned char*) "\xa3\x05\x66irst"))
> 306 return "Incorrect typed iterator on first-key";
> 307
> ** CID 142246: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
> ________________________________________________________________________________________________________
> *** CID 142246: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
> 296 qd_iterator_t *key_iter = qd_parse_raw(key_field);
> 297 qd_iterator_t *typed_iter = qd_parse_typed(key_field);
> 298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) {
> 299 unsigned char *result = qd_iterator_copy(key_iter);
> 300 snprintf(error, 1000, "First key: expected 'first', got '%s'", result);
> 301 free (result);
> >>> CID 142246: Resource leaks (RESOURCE_LEAK)
> >>> Variable "data_iter" going out of scope leaks the storage it points to.
> 302 return error;
> 303 }
> 304
> 305 if (!qd_iterator_equal(typed_iter, (unsigned char*) "\xa3\x05\x66irst"))
> 306 return "Incorrect typed iterator on first-key";
> 307
> \
>
>
>
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org