You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@qpid.apache.org by "Ganesh Murthy (JIRA)" <ji...@apache.org> on 2019/07/18 15:03:00 UTC
[jira] [Assigned] (DISPATCH-1387) Coverity issues on master branch
[ https://issues.apache.org/jira/browse/DISPATCH-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ganesh Murthy reassigned DISPATCH-1387:
---------------------------------------
Assignee: Ganesh Murthy
> Coverity issues on master branch
> --------------------------------
>
> Key: DISPATCH-1387
> URL: https://issues.apache.org/jira/browse/DISPATCH-1387
> Project: Qpid Dispatch
> Issue Type: Improvement
> Components: Container
> Affects Versions: 1.8.0
> Reporter: Ganesh Murthy
> Assignee: Ganesh Murthy
> Priority: Major
> Fix For: 1.9.0
>
>
> {noformat}
> Please find the latest report on new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
> 18 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
> 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
> New defect(s) Reported-by: Coverity Scan
> Showing 18 of 18 defect(s)
> ** CID 344879: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344879: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: 193 in qdra_config_address_get_first_CT()
> 187 qdr_agent_write_config_address_CT(query, addr);
> 188
> 189 //
> 190 // Advance to the next address
> 191 //
> 192 query->next_offset = offset;
> >>> CID 344879: (FORWARD_NULL)
> >>> Passing null pointer "addr" to "qdr_manage_advance_config_address_CT", which dereferences it.
> 193 qdr_manage_advance_config_address_CT(query, addr);
> 194
> 195 //
> 196 // Enqueue the response.
> 197 //
> 198 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: 187 in qdra_config_address_get_first_CT()
> 181 addr = DEQ_NEXT(addr);
> 182 assert(addr);
> 183
> 184 //
> 185 // Write the columns of the object into the response body.
> 186 //
> >>> CID 344879: (FORWARD_NULL)
> >>> Passing null pointer "addr" to "qdr_agent_write_config_address_CT", which dereferences it.
> 187 qdr_agent_write_config_address_CT(query, addr);
> 188
> 189 //
> 190 // Advance to the next address
> 191 //
> 192 query->next_offset = offset;
> ** CID 344878: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344878: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in callback_metrics()
> 552 stats->headers_sent = true;
> 553 }
> 554
> 555 while (stats->current < metrics_length) {
> 556 if (write_metric(&position, end, &metrics[stats->current], &stats->context->stats)) {
> 557 stats->current++;
> >>> CID 344878: API usage errors (PRINTF_ARGS)
> >>> Argument "stats->current" to format specifier "%i" was expected to have type "int" but has type "unsigned long".
> 558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of %i", stats->current, metrics_length);
> 559 } else {
> 560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in buffer");
> 561 break;
> 562 }
> 563 }
> ** CID 344877: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344877: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in callback_metrics()
> 552 stats->headers_sent = true;
> 553 }
> 554
> 555 while (stats->current < metrics_length) {
> 556 if (write_metric(&position, end, &metrics[stats->current], &stats->context->stats)) {
> 557 stats->current++;
> >>> CID 344877: API usage errors (PRINTF_ARGS)
> >>> Argument "metrics_length" to format specifier "%i" was expected to have type "int" but has type "unsigned long".
> 558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of %i", stats->current, metrics_length);
> 559 } else {
> 560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in buffer");
> 561 break;
> 562 }
> 563 }
> ** CID 344876: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 331 in qdra_conn_link_route_get_first_CT()
> ________________________________________________________________________________________________________
> *** CID 344876: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 329 in qdra_conn_link_route_get_first_CT()
> 323 //
> 324 qdr_link_route_t *lr = DEQ_HEAD(conn->conn_link_routes);
> 325 for (int i = 0; i < offset && lr; i++)
> 326 lr = DEQ_NEXT(lr);
> 327 assert(lr);
> 328 // write the lr into the response and advance to next
> >>> CID 344876: (FORWARD_NULL)
> >>> Passing null pointer "lr" to "_write_as_list_CT", which dereferences it.
> 329 _write_as_list_CT(query, lr);
> 330 query->next_offset = offset + 1;
> 331 query->more = DEQ_NEXT(lr) != NULL;
> 332 }
> 333 qdr_agent_enqueue_response_CT(core, query);
> 334 }
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 331 in qdra_conn_link_route_get_first_CT()
> 325 for (int i = 0; i < offset && lr; i++)
> 326 lr = DEQ_NEXT(lr);
> 327 assert(lr);
> 328 // write the lr into the response and advance to next
> 329 _write_as_list_CT(query, lr);
> 330 query->next_offset = offset + 1;
> >>> CID 344876: (FORWARD_NULL)
> >>> Dereferencing null pointer "lr".
> 331 query->more = DEQ_NEXT(lr) != NULL;
> 332 }
> 333 qdr_agent_enqueue_response_CT(core, query);
> 334 }
> 335
> 336
> ** CID 344875: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344875: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/policy.c: 1294 in qd_policy_host_pattern_add()
> 1288 assert (recovered);
> 1289 (void)recovered; /* Silence compiler complaints of unused variable */
> 1290 }
> 1291 sys_mutex_unlock(policy->tree_lock);
> 1292 if (oldp) {
> 1293 free(payload);
> >>> CID 344875: API usage errors (PRINTF_ARGS)
> >>> Argument "oldp" to format specifier "%s" was expected to have type "char *" but has type "void *".
> 1294 qd_log(policy->log_source,
> 1295 QD_LOG_WARNING,
> 1296 "vhost hostname pattern '%s' failed to replace optimized pattern '%s'",
> 1297 hostPattern, oldp);
> 1298 }
> 1299 return oldp == 0;
> ** CID 344874: Memory - corruptions (OVERLAPPING_COPY)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in set_rhost_port()
> ________________________________________________________________________________________________________
> *** CID 344874: Memory - corruptions (OVERLAPPING_COPY)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in set_rhost_port()
> 589 if (sa && salen) {
> 590 char rport[NI_MAXSERV] = "";
> 591 int err = getnameinfo(sa, salen,
> 592 ctx->rhost, sizeof(ctx->rhost), rport, sizeof(rport),
> 593 NI_NUMERICHOST | NI_NUMERICSERV);
> 594 if (!err) {
> >>> CID 344874: Memory - corruptions (OVERLAPPING_COPY)
> >>> In the call to function "snprintf", the object pointed to by argument "ctx->rhost" may overlap with the object pointed to by argument "ctx->rhost_port".
> 595 snprintf(ctx->rhost_port, sizeof(ctx->rhost_port), "%s:%s", ctx->rhost, rport);
> 596 }
> 597 }
> 598 }
> 599
> 600
> ** CID 344873: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344873: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: 222 in qdra_config_link_route_get_first_CT()
> 216 qdr_agent_write_config_link_route_CT(query, lr);
> 217
> 218 //
> 219 // Advance to the next link_route
> 220 //
> 221 query->next_offset = offset;
> >>> CID 344873: (FORWARD_NULL)
> >>> Passing null pointer "lr" to "qdr_manage_advance_config_link_route_CT", which dereferences it.
> 222 qdr_manage_advance_config_link_route_CT(query, lr);
> 223
> 224 //
> 225 // Enqueue the response.
> 226 //
> 227 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: 216 in qdra_config_link_route_get_first_CT()
> 210 lr = DEQ_NEXT(lr);
> 211 assert(lr);
> 212
> 213 //
> 214 // Write the columns of the object into the response body.
> 215 //
> >>> CID 344873: (FORWARD_NULL)
> >>> Passing null pointer "lr" to "qdr_agent_write_config_link_route_CT", which dereferences it.
> 216 qdr_agent_write_config_link_route_CT(query, lr);
> 217
> 218 //
> 219 // Advance to the next link_route
> 220 //
> 221 query->next_offset = offset;
> ** CID 344872: Null pointer dereferences (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344872: Null pointer dereferences (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_address.c: 301 in qdra_address_get_first_CT()
> 295 qdr_manage_write_address_list_CT(core, query, addr);
> 296
> 297 //
> 298 // Advance to the next address
> 299 //
> 300 query->next_offset = offset;
> >>> CID 344872: Null pointer dereferences (FORWARD_NULL)
> >>> Passing null pointer "addr" to "qdr_manage_advance_address_CT", which dereferences it.
> 301 qdr_manage_advance_address_CT(query, addr);
> 302
> 303 //
> 304 // Enqueue the response.
> 305 //
> 306 qdr_agent_enqueue_response_CT(core, query);
> ** CID 344871: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344871: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: 229 in qdra_config_auto_link_get_first_CT()
> 223 qdr_agent_write_config_auto_link_CT(query, al);
> 224
> 225 //
> 226 // Advance to the next auto_link
> 227 //
> 228 query->next_offset = offset;
> >>> CID 344871: (FORWARD_NULL)
> >>> Passing null pointer "al" to "qdr_manage_advance_config_auto_link_CT", which dereferences it.
> 229 qdr_manage_advance_config_auto_link_CT(query, al);
> 230
> 231 //
> 232 // Enqueue the response.
> 233 //
> 234 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: 223 in qdra_config_auto_link_get_first_CT()
> 217 al = DEQ_NEXT(al);
> 218 assert(al);
> 219
> 220 //
> 221 // Write the columns of the object into the response body.
> 222 //
> >>> CID 344871: (FORWARD_NULL)
> >>> Passing null pointer "al" to "qdr_agent_write_config_auto_link_CT", which dereferences it.
> 223 qdr_agent_write_config_auto_link_CT(query, al);
> 224
> 225 //
> 226 // Advance to the next auto_link
> 227 //
> 228 query->next_offset = offset;
> ** CID 344870: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344870: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 327 in qdra_link_get_first_CT()
> 321 qdr_agent_write_link_CT(core, query, link);
> 322
> 323 //
> 324 // Advance to the next address
> 325 //
> 326 query->next_offset = offset;
> >>> CID 344870: (FORWARD_NULL)
> >>> Passing null pointer "link" to "qdr_manage_advance_link_CT", which dereferences it.
> 327 qdr_manage_advance_link_CT(query, link);
> 328
> 329 //
> 330 // Enqueue the response.
> 331 //
> 332 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 321 in qdra_link_get_first_CT()
> 315 link = DEQ_NEXT(link);
> 316 assert(link);
> 317
> 318 //
> 319 // Write the columns of the link into the response body.
> 320 //
> >>> CID 344870: (FORWARD_NULL)
> >>> Passing null pointer "link" to "qdr_agent_write_link_CT", which dereferences it.
> 321 qdr_agent_write_link_CT(core, query, link);
> 322
> 323 //
> 324 // Advance to the next address
> 325 //
> 326 query->next_offset = offset;
> ** CID 344869: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344869: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: 337 in qdra_connection_get_first_CT()
> 331 qdr_agent_write_connection_CT(core, query, conn);
> 332
> 333 //
> 334 // Advance to the next connection
> 335 //
> 336 query->next_offset = offset;
> >>> CID 344869: (FORWARD_NULL)
> >>> Passing null pointer "conn" to "qdr_manage_advance_connection_CT", which dereferences it.
> 337 qdr_manage_advance_connection_CT(query, conn);
> 338
> 339 //
> 340 // Enqueue the response.
> 341 //
> 342 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: 331 in qdra_connection_get_first_CT()
> 325 conn = DEQ_NEXT(conn);
> 326 assert(conn);
> 327
> 328 //
> 329 // Write the columns of the object into the response body.
> 330 //
> >>> CID 344869: (FORWARD_NULL)
> >>> Passing null pointer "conn" to "qdr_agent_write_connection_CT", which dereferences it.
> 331 qdr_agent_write_connection_CT(core, query, conn);
> 332
> 333 //
> 334 // Advance to the next connection
> 335 //
> 336 query->next_offset = offset;
> ** CID 344868: Insecure data handling (TAINTED_SCALAR)
> ________________________________________________________________________________________________________
> *** CID 344868: Insecure data handling (TAINTED_SCALAR)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/connection_manager.c: 556 in qd_dispatch_configure_ssl_profile()
> 550 ssl_profile->ssl_uid_format = qd_entity_opt_string(entity, "uidFormat", 0); CHECK();
> 551 ssl_profile->uid_name_mapping_file = qd_entity_opt_string(entity, "uidNameMappingFile", 0); CHECK();
> 552
> 553 //
> 554 // Process the password to handle any modifications or lookups needed
> 555 //
> >>> CID 344868: Insecure data handling (TAINTED_SCALAR)
> >>> Passing tainted variable "ssl_profile->ssl_password" to a tainted sink.
> 556 qd_config_ssl_profile_process_password(ssl_profile); CHECK();
> 557
> 558 qd_log(cm->log_source, QD_LOG_INFO, "Created SSL Profile with name %s ", ssl_profile->name);
> 559 return ssl_profile;
> 560
> 561 error:
> ** CID 344867: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344867: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 61 in logger()
> 55 static void logger(int lll, const char *line) {
> 56 if (strstr(line, IGNORED)) return;
> 57 size_t len = strlen(line);
> 58 while (len > 1 && isspace(line[len-1])) { /* Strip trailing newline */
> 59 --len;
> 60 }
> >>> CID 344867: API usage errors (PRINTF_ARGS)
> >>> Precision argument "len" to format specifier "%.*s" was expected to have type "int" but has type "unsigned long".
> 61 qd_log(http_log, qd_level(lll), "%.*s", len, line);
> 62 }
> 63
> 64 static void log_init() {
> 65 http_log = qd_log_source("HTTP");
> 66 int levels = 0;
> ** CID 344866: Control flow issues (DEADCODE)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in qd_parse_annotations_v1()
> ________________________________________________________________________________________________________
> *** CID 344866: Control flow issues (DEADCODE)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in qd_parse_annotations_v1()
> 826 case QD_MAE_TO:
> 827 *ma_to_override = val_field;
> 828 break;
> 829 case QD_MAE_PHASE:
> 830 *ma_phase = val_field;
> 831 break;
> >>> CID 344866: Control flow issues (DEADCODE)
> >>> Execution cannot reach this statement: "case QD_MAE_NONE:".
> 832 case QD_MAE_NONE:
> 833 assert(false);
> 834 break;
> 835 }
> 836
> 837 qd_iterator_free(val_iter);
> ** CID 336747: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
> ________________________________________________________________________________________________________
> *** CID 336747: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
> 75 static char* test_send_to_messenger(void *context)
> 76 {
> 77 qd_message_t *msg = qd_message();
> 78 qd_message_content_t *content = MSG_CONTENT(msg);
> 79 qd_message_compose_1(msg, "test_addr_0", 0);
> 80 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
> >>> CID 336747: Resource leaks (RESOURCE_LEAK)
> >>> Variable "msg" going out of scope leaks the storage it points to.
> 81 if (buf == 0) return "Expected a buffer in the test message";
> 82
> 83 pn_message_t *pn_msg = pn_message();
> 84 size_t len = flatten_bufs(content);
> 85 int result = pn_message_decode(pn_msg, buffer, len);
> 86 if (result != 0) {
> ** CID 336746: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_send_message_annotations()
> ________________________________________________________________________________________________________
> *** CID 336746: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_send_message_annotations()
> 335 if (result != 0) {
> 336 qd_message_free(msg);
> 337 return "Error in pn_message_decode";
> 338 }
> 339
> 340 pn_data_t *ma = pn_message_annotations(pn_msg);
> >>> CID 336746: Resource leaks (RESOURCE_LEAK)
> >>> Variable "msg" going out of scope leaks the storage it points to.
> 341 if (!ma) return "Missing message annotations";
> 342 pn_data_rewind(ma);
> 343 pn_data_next(ma);
> 344 if (pn_data_type(ma) != PN_MAP) return "Invalid message annotation type";
> 345 if (pn_data_get_map(ma) != QD_MA_N_KEYS * 2) return "Invalid map length";
> 346 pn_data_enter(ma);
> ** CID 142248: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
> ________________________________________________________________________________________________________
> *** CID 142248: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
> 296 qd_iterator_t *key_iter = qd_parse_raw(key_field);
> 297 qd_iterator_t *typed_iter = qd_parse_typed(key_field);
> 298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) {
> 299 unsigned char *result = qd_iterator_copy(key_iter);
> 300 snprintf(error, 1000, "First key: expected 'first', got '%s'", result);
> 301 free (result);
> >>> CID 142248: Resource leaks (RESOURCE_LEAK)
> >>> Variable "field" going out of scope leaks the storage it points to.
> 302 return error;
> 303 }
> 304
> 305 if (!qd_iterator_equal(typed_iter, (unsigned char*) "\xa3\x05\x66irst"))
> 306 return "Incorrect typed iterator on first-key";
> 307
> ** CID 142246: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
> ________________________________________________________________________________________________________
> *** CID 142246: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
> 296 qd_iterator_t *key_iter = qd_parse_raw(key_field);
> 297 qd_iterator_t *typed_iter = qd_parse_typed(key_field);
> 298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) {
> 299 unsigned char *result = qd_iterator_copy(key_iter);
> 300 snprintf(error, 1000, "First key: expected 'first', got '%s'", result);
> 301 free (result);
> >>> CID 142246: Resource leaks (RESOURCE_LEAK)
> >>> Variable "data_iter" going out of scope leaks the storage it points to.
> 302 return error;
> 303 }
> 304
> 305 if (!qd_iterator_equal(typed_iter, (unsigned char*) "\xa3\x05\x66irst"))
> 306 return "Incorrect typed iterator on first-key";
> 307
> \
>
>
>
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org