You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ganesh Murthy (JIRA)" <ji...@apache.org> on 2019/07/17 17:36:00 UTC
[jira] [Created] (DISPATCH-1387) Coverity issues on master branch
Ganesh Murthy created DISPATCH-1387:
---------------------------------------
Summary: Coverity issues on master branch
Key: DISPATCH-1387
URL: https://issues.apache.org/jira/browse/DISPATCH-1387
Project: Qpid Dispatch
Issue Type: Improvement
Components: Container
Affects Versions: 1.8.0
Reporter: Ganesh Murthy
Fix For: 1.9.0
{noformat}
Please find the latest report on new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
18 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 18 of 18 defect(s)
** CID 344879: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 344879: (FORWARD_NULL)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: 193 in qdra_config_address_get_first_CT()
187 qdr_agent_write_config_address_CT(query, addr);
188
189 //
190 // Advance to the next address
191 //
192 query->next_offset = offset;
>>> CID 344879: (FORWARD_NULL)
>>> Passing null pointer "addr" to "qdr_manage_advance_config_address_CT", which dereferences it.
193 qdr_manage_advance_config_address_CT(query, addr);
194
195 //
196 // Enqueue the response.
197 //
198 qdr_agent_enqueue_response_CT(core, query);
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: 187 in qdra_config_address_get_first_CT()
181 addr = DEQ_NEXT(addr);
182 assert(addr);
183
184 //
185 // Write the columns of the object into the response body.
186 //
>>> CID 344879: (FORWARD_NULL)
>>> Passing null pointer "addr" to "qdr_agent_write_config_address_CT", which dereferences it.
187 qdr_agent_write_config_address_CT(query, addr);
188
189 //
190 // Advance to the next address
191 //
192 query->next_offset = offset;
** CID 344878: API usage errors (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 344878: API usage errors (PRINTF_ARGS)
/home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in callback_metrics()
552 stats->headers_sent = true;
553 }
554
555 while (stats->current < metrics_length) {
556 if (write_metric(&position, end, &metrics[stats->current], &stats->context->stats)) {
557 stats->current++;
>>> CID 344878: API usage errors (PRINTF_ARGS)
>>> Argument "stats->current" to format specifier "%i" was expected to have type "int" but has type "unsigned long".
558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of %i", stats->current, metrics_length);
559 } else {
560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in buffer");
561 break;
562 }
563 }
** CID 344877: API usage errors (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 344877: API usage errors (PRINTF_ARGS)
/home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in callback_metrics()
552 stats->headers_sent = true;
553 }
554
555 while (stats->current < metrics_length) {
556 if (write_metric(&position, end, &metrics[stats->current], &stats->context->stats)) {
557 stats->current++;
>>> CID 344877: API usage errors (PRINTF_ARGS)
>>> Argument "metrics_length" to format specifier "%i" was expected to have type "int" but has type "unsigned long".
558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of %i", stats->current, metrics_length);
559 } else {
560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in buffer");
561 break;
562 }
563 }
** CID 344876: (FORWARD_NULL)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 331 in qdra_conn_link_route_get_first_CT()
________________________________________________________________________________________________________
*** CID 344876: (FORWARD_NULL)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 329 in qdra_conn_link_route_get_first_CT()
323 //
324 qdr_link_route_t *lr = DEQ_HEAD(conn->conn_link_routes);
325 for (int i = 0; i < offset && lr; i++)
326 lr = DEQ_NEXT(lr);
327 assert(lr);
328 // write the lr into the response and advance to next
>>> CID 344876: (FORWARD_NULL)
>>> Passing null pointer "lr" to "_write_as_list_CT", which dereferences it.
329 _write_as_list_CT(query, lr);
330 query->next_offset = offset + 1;
331 query->more = DEQ_NEXT(lr) != NULL;
332 }
333 qdr_agent_enqueue_response_CT(core, query);
334 }
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 331 in qdra_conn_link_route_get_first_CT()
325 for (int i = 0; i < offset && lr; i++)
326 lr = DEQ_NEXT(lr);
327 assert(lr);
328 // write the lr into the response and advance to next
329 _write_as_list_CT(query, lr);
330 query->next_offset = offset + 1;
>>> CID 344876: (FORWARD_NULL)
>>> Dereferencing null pointer "lr".
331 query->more = DEQ_NEXT(lr) != NULL;
332 }
333 qdr_agent_enqueue_response_CT(core, query);
334 }
335
336
** CID 344875: API usage errors (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 344875: API usage errors (PRINTF_ARGS)
/home/kgiusti/work/dispatch/qpid-dispatch/src/policy.c: 1294 in qd_policy_host_pattern_add()
1288 assert (recovered);
1289 (void)recovered; /* Silence compiler complaints of unused variable */
1290 }
1291 sys_mutex_unlock(policy->tree_lock);
1292 if (oldp) {
1293 free(payload);
>>> CID 344875: API usage errors (PRINTF_ARGS)
>>> Argument "oldp" to format specifier "%s" was expected to have type "char *" but has type "void *".
1294 qd_log(policy->log_source,
1295 QD_LOG_WARNING,
1296 "vhost hostname pattern '%s' failed to replace optimized pattern '%s'",
1297 hostPattern, oldp);
1298 }
1299 return oldp == 0;
** CID 344874: Memory - corruptions (OVERLAPPING_COPY)
/home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in set_rhost_port()
________________________________________________________________________________________________________
*** CID 344874: Memory - corruptions (OVERLAPPING_COPY)
/home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in set_rhost_port()
589 if (sa && salen) {
590 char rport[NI_MAXSERV] = "";
591 int err = getnameinfo(sa, salen,
592 ctx->rhost, sizeof(ctx->rhost), rport, sizeof(rport),
593 NI_NUMERICHOST | NI_NUMERICSERV);
594 if (!err) {
>>> CID 344874: Memory - corruptions (OVERLAPPING_COPY)
>>> In the call to function "snprintf", the object pointed to by argument "ctx->rhost" may overlap with the object pointed to by argument "ctx->rhost_port".
595 snprintf(ctx->rhost_port, sizeof(ctx->rhost_port), "%s:%s", ctx->rhost, rport);
596 }
597 }
598 }
599
600
** CID 344873: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 344873: (FORWARD_NULL)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: 222 in qdra_config_link_route_get_first_CT()
216 qdr_agent_write_config_link_route_CT(query, lr);
217
218 //
219 // Advance to the next link_route
220 //
221 query->next_offset = offset;
>>> CID 344873: (FORWARD_NULL)
>>> Passing null pointer "lr" to "qdr_manage_advance_config_link_route_CT", which dereferences it.
222 qdr_manage_advance_config_link_route_CT(query, lr);
223
224 //
225 // Enqueue the response.
226 //
227 qdr_agent_enqueue_response_CT(core, query);
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: 216 in qdra_config_link_route_get_first_CT()
210 lr = DEQ_NEXT(lr);
211 assert(lr);
212
213 //
214 // Write the columns of the object into the response body.
215 //
>>> CID 344873: (FORWARD_NULL)
>>> Passing null pointer "lr" to "qdr_agent_write_config_link_route_CT", which dereferences it.
216 qdr_agent_write_config_link_route_CT(query, lr);
217
218 //
219 // Advance to the next link_route
220 //
221 query->next_offset = offset;
** CID 344872: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 344872: Null pointer dereferences (FORWARD_NULL)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_address.c: 301 in qdra_address_get_first_CT()
295 qdr_manage_write_address_list_CT(core, query, addr);
296
297 //
298 // Advance to the next address
299 //
300 query->next_offset = offset;
>>> CID 344872: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "addr" to "qdr_manage_advance_address_CT", which dereferences it.
301 qdr_manage_advance_address_CT(query, addr);
302
303 //
304 // Enqueue the response.
305 //
306 qdr_agent_enqueue_response_CT(core, query);
** CID 344871: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 344871: (FORWARD_NULL)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: 229 in qdra_config_auto_link_get_first_CT()
223 qdr_agent_write_config_auto_link_CT(query, al);
224
225 //
226 // Advance to the next auto_link
227 //
228 query->next_offset = offset;
>>> CID 344871: (FORWARD_NULL)
>>> Passing null pointer "al" to "qdr_manage_advance_config_auto_link_CT", which dereferences it.
229 qdr_manage_advance_config_auto_link_CT(query, al);
230
231 //
232 // Enqueue the response.
233 //
234 qdr_agent_enqueue_response_CT(core, query);
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: 223 in qdra_config_auto_link_get_first_CT()
217 al = DEQ_NEXT(al);
218 assert(al);
219
220 //
221 // Write the columns of the object into the response body.
222 //
>>> CID 344871: (FORWARD_NULL)
>>> Passing null pointer "al" to "qdr_agent_write_config_auto_link_CT", which dereferences it.
223 qdr_agent_write_config_auto_link_CT(query, al);
224
225 //
226 // Advance to the next auto_link
227 //
228 query->next_offset = offset;
** CID 344870: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 344870: (FORWARD_NULL)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 327 in qdra_link_get_first_CT()
321 qdr_agent_write_link_CT(core, query, link);
322
323 //
324 // Advance to the next address
325 //
326 query->next_offset = offset;
>>> CID 344870: (FORWARD_NULL)
>>> Passing null pointer "link" to "qdr_manage_advance_link_CT", which dereferences it.
327 qdr_manage_advance_link_CT(query, link);
328
329 //
330 // Enqueue the response.
331 //
332 qdr_agent_enqueue_response_CT(core, query);
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 321 in qdra_link_get_first_CT()
315 link = DEQ_NEXT(link);
316 assert(link);
317
318 //
319 // Write the columns of the link into the response body.
320 //
>>> CID 344870: (FORWARD_NULL)
>>> Passing null pointer "link" to "qdr_agent_write_link_CT", which dereferences it.
321 qdr_agent_write_link_CT(core, query, link);
322
323 //
324 // Advance to the next address
325 //
326 query->next_offset = offset;
** CID 344869: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 344869: (FORWARD_NULL)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: 337 in qdra_connection_get_first_CT()
331 qdr_agent_write_connection_CT(core, query, conn);
332
333 //
334 // Advance to the next connection
335 //
336 query->next_offset = offset;
>>> CID 344869: (FORWARD_NULL)
>>> Passing null pointer "conn" to "qdr_manage_advance_connection_CT", which dereferences it.
337 qdr_manage_advance_connection_CT(query, conn);
338
339 //
340 // Enqueue the response.
341 //
342 qdr_agent_enqueue_response_CT(core, query);
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: 331 in qdra_connection_get_first_CT()
325 conn = DEQ_NEXT(conn);
326 assert(conn);
327
328 //
329 // Write the columns of the object into the response body.
330 //
>>> CID 344869: (FORWARD_NULL)
>>> Passing null pointer "conn" to "qdr_agent_write_connection_CT", which dereferences it.
331 qdr_agent_write_connection_CT(core, query, conn);
332
333 //
334 // Advance to the next connection
335 //
336 query->next_offset = offset;
** CID 344868: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 344868: Insecure data handling (TAINTED_SCALAR)
/home/kgiusti/work/dispatch/qpid-dispatch/src/connection_manager.c: 556 in qd_dispatch_configure_ssl_profile()
550 ssl_profile->ssl_uid_format = qd_entity_opt_string(entity, "uidFormat", 0); CHECK();
551 ssl_profile->uid_name_mapping_file = qd_entity_opt_string(entity, "uidNameMappingFile", 0); CHECK();
552
553 //
554 // Process the password to handle any modifications or lookups needed
555 //
>>> CID 344868: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "ssl_profile->ssl_password" to a tainted sink.
556 qd_config_ssl_profile_process_password(ssl_profile); CHECK();
557
558 qd_log(cm->log_source, QD_LOG_INFO, "Created SSL Profile with name %s ", ssl_profile->name);
559 return ssl_profile;
560
561 error:
** CID 344867: API usage errors (PRINTF_ARGS)
________________________________________________________________________________________________________
*** CID 344867: API usage errors (PRINTF_ARGS)
/home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 61 in logger()
55 static void logger(int lll, const char *line) {
56 if (strstr(line, IGNORED)) return;
57 size_t len = strlen(line);
58 while (len > 1 && isspace(line[len-1])) { /* Strip trailing newline */
59 --len;
60 }
>>> CID 344867: API usage errors (PRINTF_ARGS)
>>> Precision argument "len" to format specifier "%.*s" was expected to have type "int" but has type "unsigned long".
61 qd_log(http_log, qd_level(lll), "%.*s", len, line);
62 }
63
64 static void log_init() {
65 http_log = qd_log_source("HTTP");
66 int levels = 0;
** CID 344866: Control flow issues (DEADCODE)
/home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in qd_parse_annotations_v1()
________________________________________________________________________________________________________
*** CID 344866: Control flow issues (DEADCODE)
/home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in qd_parse_annotations_v1()
826 case QD_MAE_TO:
827 *ma_to_override = val_field;
828 break;
829 case QD_MAE_PHASE:
830 *ma_phase = val_field;
831 break;
>>> CID 344866: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "case QD_MAE_NONE:".
832 case QD_MAE_NONE:
833 assert(false);
834 break;
835 }
836
837 qd_iterator_free(val_iter);
** CID 336747: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
________________________________________________________________________________________________________
*** CID 336747: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
75 static char* test_send_to_messenger(void *context)
76 {
77 qd_message_t *msg = qd_message();
78 qd_message_content_t *content = MSG_CONTENT(msg);
79 qd_message_compose_1(msg, "test_addr_0", 0);
80 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
>>> CID 336747: Resource leaks (RESOURCE_LEAK)
>>> Variable "msg" going out of scope leaks the storage it points to.
81 if (buf == 0) return "Expected a buffer in the test message";
82
83 pn_message_t *pn_msg = pn_message();
84 size_t len = flatten_bufs(content);
85 int result = pn_message_decode(pn_msg, buffer, len);
86 if (result != 0) {
** CID 336746: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_send_message_annotations()
________________________________________________________________________________________________________
*** CID 336746: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_send_message_annotations()
335 if (result != 0) {
336 qd_message_free(msg);
337 return "Error in pn_message_decode";
338 }
339
340 pn_data_t *ma = pn_message_annotations(pn_msg);
>>> CID 336746: Resource leaks (RESOURCE_LEAK)
>>> Variable "msg" going out of scope leaks the storage it points to.
341 if (!ma) return "Missing message annotations";
342 pn_data_rewind(ma);
343 pn_data_next(ma);
344 if (pn_data_type(ma) != PN_MAP) return "Invalid message annotation type";
345 if (pn_data_get_map(ma) != QD_MA_N_KEYS * 2) return "Invalid map length";
346 pn_data_enter(ma);
** CID 142248: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
________________________________________________________________________________________________________
*** CID 142248: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
296 qd_iterator_t *key_iter = qd_parse_raw(key_field);
297 qd_iterator_t *typed_iter = qd_parse_typed(key_field);
298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) {
299 unsigned char *result = qd_iterator_copy(key_iter);
300 snprintf(error, 1000, "First key: expected 'first', got '%s'", result);
301 free (result);
>>> CID 142248: Resource leaks (RESOURCE_LEAK)
>>> Variable "field" going out of scope leaks the storage it points to.
302 return error;
303 }
304
305 if (!qd_iterator_equal(typed_iter, (unsigned char*) "\xa3\x05\x66irst"))
306 return "Incorrect typed iterator on first-key";
307
** CID 142246: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
________________________________________________________________________________________________________
*** CID 142246: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
296 qd_iterator_t *key_iter = qd_parse_raw(key_field);
297 qd_iterator_t *typed_iter = qd_parse_typed(key_field);
298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) {
299 unsigned char *result = qd_iterator_copy(key_iter);
300 snprintf(error, 1000, "First key: expected 'first', got '%s'", result);
301 free (result);
>>> CID 142246: Resource leaks (RESOURCE_LEAK)
>>> Variable "data_iter" going out of scope leaks the storage it points to.
302 return error;
303 }
304
305 if (!qd_iterator_equal(typed_iter, (unsigned char*) "\xa3\x05\x66irst"))
306 return "Incorrect typed iterator on first-key";
307
\
{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org