You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ted Ross (JIRA)" <ji...@apache.org> on 2017/03/22 16:20:41 UTC
[jira] [Resolved] (DISPATCH-730) Coverity scan reported errors in
Qpid Dispatch master
[ https://issues.apache.org/jira/browse/DISPATCH-730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ted Ross resolved DISPATCH-730.
-------------------------------
Resolution: Fixed
> Coverity scan reported errors in Qpid Dispatch master
> -----------------------------------------------------
>
> Key: DISPATCH-730
> URL: https://issues.apache.org/jira/browse/DISPATCH-730
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Container
> Affects Versions: 0.8.0
> Reporter: Ganesh Murthy
> Assignee: Ganesh Murthy
> Fix For: 0.8.0
>
>
> 5 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
> New defect(s) Reported-by: Coverity Scan
> Showing 5 of 5 defect(s)
> ** CID 142339: (USE_AFTER_FREE)
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 284 in qdr_connection_process()
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 284 in qdr_connection_process()
> ________________________________________________________________________________________________________
> *** CID 142339: (USE_AFTER_FREE)
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 284 in qdr_connection_process()
> 278 if (link_work->work_type == QDR_LINK_WORK_DELIVERY && link_work->value > 0) {
> 279 DEQ_INSERT_HEAD(link->work_list, link_work);
> 280 link_work = 0; // Halt work processing
> 281 } else {
> 282 qdr_error_free(link_work->error);
> 283 free_qdr_link_work_t(link_work);
> >>> CID 142339: (USE_AFTER_FREE)
> >>> Dereferencing freed pointer "link".
> 284 link_work = DEQ_HEAD(link->work_list);
> 285 if (link_work)
> 286 DEQ_REMOVE_HEAD(link->work_list);
> 287 }
> 288 sys_mutex_unlock(conn->work_lock);
> 289 event_count++;
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 284 in qdr_connection_process()
> 278 if (link_work->work_type == QDR_LINK_WORK_DELIVERY && link_work->value > 0) {
> 279 DEQ_INSERT_HEAD(link->work_list, link_work);
> 280 link_work = 0; // Halt work processing
> 281 } else {
> 282 qdr_error_free(link_work->error);
> 283 free_qdr_link_work_t(link_work);
> >>> CID 142339: (USE_AFTER_FREE)
> >>> Dereferencing freed pointer "link".
> 284 link_work = DEQ_HEAD(link->work_list);
> 285 if (link_work)
> 286 DEQ_REMOVE_HEAD(link->work_list);
> 287 }
> 288 sys_mutex_unlock(conn->work_lock);
> 289 event_count++;
> ** CID 142338: Resource leaks (RESOURCE_LEAK)
> /home/gmurthy/opensource/dispatch/src/failoverlist.c: 103 in qd_failover_list()
> ________________________________________________________________________________________________________
> *** CID 142338: Resource leaks (RESOURCE_LEAK)
> /home/gmurthy/opensource/dispatch/src/failoverlist.c: 103 in qd_failover_list()
> 97 char *cursor = list->text;
> 98 char *next;
> 99 do {
> 100 next = qd_fol_next(cursor, ",");
> 101 qd_failover_item_t *item = qd_fol_item(cursor, error);
> 102 if (item == 0)
> >>> CID 142338: Resource leaks (RESOURCE_LEAK)
> >>> Variable "list" going out of scope leaks the storage it points to.
> 103 return 0;
> 104 DEQ_INSERT_TAIL(list->item_list, item);
> 105 cursor = next;
> 106 } while (cursor && *cursor);
> 107
> 108 return list;
> ** CID 142337: Null pointer dereferences (FORWARD_NULL)
> /home/gmurthy/opensource/dispatch/src/server.c: 564 in decorate_connection()
> ________________________________________________________________________________________________________
> *** CID 142337: Null pointer dereferences (FORWARD_NULL)
> /home/gmurthy/opensource/dispatch/src/server.c: 564 in decorate_connection()
> 558 if (config && config->inter_router_cost > 1) {
> 559 pn_data_put_symbol(pn_connection_properties(conn),
> 560 pn_bytes(strlen(QD_CONNECTION_PROPERTY_COST_KEY), QD_CONNECTION_PROPERTY_COST_KEY));
> 561 pn_data_put_int(pn_connection_properties(conn), config->inter_router_cost);
> 562 }
> 563
> >>> CID 142337: Null pointer dereferences (FORWARD_NULL)
> >>> Dereferencing null pointer "config".
> 564 qd_failover_list_t *fol = config->failover_list;
> 565 if (fol) {
> 566 pn_data_put_symbol(pn_connection_properties(conn),
> 567 pn_bytes(strlen(QD_CONNECTION_PROPERTY_FAILOVER_LIST_KEY), QD_CONNECTION_PROPERTY_FAILOVER_LIST_KEY));
> 568 pn_data_put_list(pn_connection_properties(conn));
> 569 pn_data_enter(pn_connection_properties(conn));
> ** CID 142336: API usage errors (CHAR_IO)
> /home/gmurthy/opensource/dispatch/src/connection_manager.c: 444 in qd_dispatch_configure_ssl_profile()
> ________________________________________________________________________________________________________
> *** CID 142336: API usage errors (CHAR_IO)
> /home/gmurthy/opensource/dispatch/src/connection_manager.c: 444 in qd_dispatch_configure_ssl_profile()
> 438 char buffer[200];
> 439
> 440 char c;
> 441 int i=0;
> 442
> 443 while(true) {
> >>> CID 142336: API usage errors (CHAR_IO)
> >>> Assigning the return value of "fgetc" to char "c" truncates its value.
> 444 c = fgetc(file);
> 445 if(c == EOF || c == '\n')
> 446 break;
> 447 buffer[i++] = c;
> 448 }
> 449
> ** CID 142335: (ATOMICITY)
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 279 in qdr_connection_process()
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 283 in qdr_connection_process()
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 279 in qdr_connection_process()
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 283 in qdr_connection_process()
> ________________________________________________________________________________________________________
> *** CID 142335: (ATOMICITY)
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 279 in qdr_connection_process()
> 273 free_qdr_link_t(link);
> 274 break;
> 275 }
> 276
> 277 sys_mutex_lock(conn->work_lock);
> 278 if (link_work->work_type == QDR_LINK_WORK_DELIVERY && link_work->value > 0) {
> >>> CID 142335: (ATOMICITY)
> >>> Using an unreliable value of "link_work" inside the second locked section. If the data that "link_work" depends on was changed by another thread, this use might be incorrect.
> 279 DEQ_INSERT_HEAD(link->work_list, link_work);
> 280 link_work = 0; // Halt work processing
> 281 } else {
> 282 qdr_error_free(link_work->error);
> 283 free_qdr_link_work_t(link_work);
> 284 link_work = DEQ_HEAD(link->work_list);
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 283 in qdr_connection_process()
> 277 sys_mutex_lock(conn->work_lock);
> 278 if (link_work->work_type == QDR_LINK_WORK_DELIVERY && link_work->value > 0) {
> 279 DEQ_INSERT_HEAD(link->work_list, link_work);
> 280 link_work = 0; // Halt work processing
> 281 } else {
> 282 qdr_error_free(link_work->error);
> >>> CID 142335: (ATOMICITY)
> >>> Using an unreliable value of "link_work" inside the second locked section. If the data that "link_work" depends on was changed by another thread, this use might be incorrect.
> 283 free_qdr_link_work_t(link_work);
> 284 link_work = DEQ_HEAD(link->work_list);
> 285 if (link_work)
> 286 DEQ_REMOVE_HEAD(link->work_list);
> 287 }
> 288 sys_mutex_unlock(conn->work_lock);
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 279 in qdr_connection_process()
> 273 free_qdr_link_t(link);
> 274 break;
> 275 }
> 276
> 277 sys_mutex_lock(conn->work_lock);
> 278 if (link_work->work_type == QDR_LINK_WORK_DELIVERY && link_work->value > 0) {
> >>> CID 142335: (ATOMICITY)
> >>> Using an unreliable value of "link_work" inside the second locked section. If the data that "link_work" depends on was changed by another thread, this use might be incorrect.
> 279 DEQ_INSERT_HEAD(link->work_list, link_work);
> 280 link_work = 0; // Halt work processing
> 281 } else {
> 282 qdr_error_free(link_work->error);
> 283 free_qdr_link_work_t(link_work);
> 284 link_work = DEQ_HEAD(link->work_list);
> /home/gmurthy/opensource/dispatch/src/router_core/connections.c: 283 in qdr_connection_process()
> 277 sys_mutex_lock(conn->work_lock);
> 278 if (link_work->work_type == QDR_LINK_WORK_DELIVERY && link_work->value > 0) {
> 279 DEQ_INSERT_HEAD(link->work_list, link_work);
> 280 link_work = 0; // Halt work processing
> 281 } else {
> 282 qdr_error_free(link_work->error);
> >>> CID 142335: (ATOMICITY)
> >>> Using an unreliable value of "link_work" inside the second locked section. If the data that "link_work" depends on was changed by another thread, this use might be incorrect.
> 283 free_qdr_link_work_t(link_work);
> 284 link_work = DEQ_HEAD(link->work_list);
> 285 if (link_work)
> 286 DEQ_REMOVE_HEAD(link->work_list);
> 287 }
> 288 sys_mutex_unlock(conn->work_lock);
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org