[ https://issues.apache.org/jira/browse/DISPATCH-837?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ganesh Murthy updated DISPATCH-837: ----------------------------------- Description: {noformat} New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 181415: Integer handling issues (NO_EFFECT) /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 679 in qd_parse_annotations_v1() ________________________________________________________________________________________________________ *** CID 181415: Integer handling issues (NO_EFFECT) /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 679 in qd_parse_annotations_v1() 673 // Adjust size of user annotation blob by the size of the router 674 // annotations 675 blob_pointer->remaining = user_bytes; 676 assert(blob_pointer->remaining >= 0); 677 678 *blob_item_count = user_entries; >>> CID 181415: Integer handling issues (NO_EFFECT) >>> This greater-than-or-equal-to-zero comparison of an unsigned value is >>> always true. "*blob_item_count >= 0U". 679 assert(*blob_item_count >= 0); 680 return 0; 681 } 682 683 684 void qd_parse_annotations( ** CID 124934: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 181 in test_message_properties() ________________________________________________________________________________________________________ *** CID 124934: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 181 in test_message_properties() 175 qd_message_content_t *content = MSG_CONTENT(msg); 176 177 set_content(content, size); 178 179 qd_iterator_t *iter = qd_message_field_iterator(msg, QD_FIELD_CORRELATION_ID); 180 if (!iter) return "Expected iterator for the 'correlation-id' field"; >>> CID 124934: Resource leaks (RESOURCE_LEAK) >>> Variable "iter" going out of scope leaks the storage it points to. 181 if (qd_iterator_length(iter) != 13) return "Bad length for correlation-id"; 182 if (!qd_iterator_equal(iter, (const unsigned char *)"correlationId")) { 183 qd_iterator_free(iter); 184 return "Invalid correlation-id"; 185 }{noformat} was: {noformat} New defect(s) Reported-by: Coverity Scan Showing 10 of 10 defect(s) ** CID 181420: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/src/dispatch.c: 190 in qd_dispatch_configure_router() ________________________________________________________________________________________________________ *** CID 181420: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/src/dispatch.c: 190 in qd_dispatch_configure_router() 184 qd->default_treatment = QD_TREATMENT_ANYCAST_BALANCED; 185 } 186 187 qd_error_t qd_dispatch_configure_router(qd_dispatch_t *qd, qd_entity_t *entity) 188 { 189 qd_dispatch_set_router_id(qd, qd_entity_opt_string(entity, "routerId", 0)); QD_ERROR_RET(); >>> CID 181420: Resource leaks (RESOURCE_LEAK) >>> Failing to save or free storage allocated by >>> "qd_entity_opt_string(entity, "defaultDistribution", NULL)" leaks it. 190 qd_dispatch_set_router_default_distribution(qd, qd_entity_opt_string(entity, "defaultDistribution", 0)); QD_ERROR_RET(); 191 if (! qd->router_id) { 192 qd_dispatch_set_router_id(qd, qd_entity_opt_string(entity, "id", 0)); QD_ERROR_RET(); 193 } 194 if (!qd->router_id) { 195 qd_log_source_t *router_log = qd_log_source("ROUTER"); ** CID 181419: Concurrent data access violations (ATOMICITY) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 149 in qdr_link_process_deliveries() ________________________________________________________________________________________________________ *** CID 181419: Concurrent data access violations (ATOMICITY) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 149 in qdr_link_process_deliveries() 143 dlv = DEQ_HEAD(link->undelivered); 144 sys_mutex_unlock(conn->work_lock); 145 if (dlv) { 146 settled = dlv->settled; 147 core->deliver_handler(core->user_context, link, dlv, settled); 148 sys_mutex_lock(conn->work_lock); >>> CID 181419: Concurrent data access violations (ATOMICITY) >>> Using an unreliable value of "dlv" inside the second locked section. If >>> the data that "dlv" depends on was changed by another thread, this use >>> might be incorrect. 149 send_complete = qdr_delivery_send_complete(dlv); 150 if (send_complete) { 151 // 152 // The entire message has been sent. It is now the appropriate time to have the delivery removed 153 // from the head of the undelivered list and move it to the unsettled list if it is not settled. 154 // ** CID 181418: Possible Control flow issues (DEADCODE) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 198 in qdr_link_process_deliveries() ________________________________________________________________________________________________________ *** CID 181418: Possible Control flow issues (DEADCODE) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 198 in qdr_link_process_deliveries() 192 sys_mutex_unlock(conn->work_lock); 193 194 } 195 } 196 197 if (drained) >>> CID 181418: Possible Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "(*core->drained_handler)(co...". 198 core->drained_handler(core->user_context, link); 199 else if (offer != -1) 200 core->offer_handler(core->user_context, link, offer); 201 } 202 203 return num_deliveries_completed; ** CID 181417: Memory - illegal accesses (USE_AFTER_FREE) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 587 in qdr_delivery_unlink_peers_CT() ________________________________________________________________________________________________________ *** CID 181417: Memory - illegal accesses (USE_AFTER_FREE) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 587 in qdr_delivery_unlink_peers_CT() 581 qdr_delivery_t * peer_dlv = dlv_ref->dlv; 582 if (peer_dlv == peer) { 583 if (peer->peer) { 584 peer->peer = 0; 585 qdr_delivery_decref_CT(core, dlv); 586 } >>> CID 181417: Memory - illegal accesses (USE_AFTER_FREE) >>> Dereferencing freed pointer "dlv". 587 qdr_del_delivery_ref(&dlv->peers, dlv_ref); 588 qdr_delivery_decref_CT(core, peer); 589 break; 590 } 591 dlv_ref = DEQ_NEXT(dlv_ref); 592 } ** CID 181416: (USE_AFTER_FREE) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1070 in qdr_deliver_continue_CT() /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1112 in qdr_deliver_continue_CT() /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1110 in qdr_deliver_continue_CT() /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1112 in qdr_deliver_continue_CT() ________________________________________________________________________________________________________ *** CID 181416: (USE_AFTER_FREE) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1070 in qdr_deliver_continue_CT() 1064 // This decref is for the action reference 1065 qdr_delivery_decref_CT(core, in_dlv); 1066 1067 // 1068 // If it is already in the undelivered list or it has no peers, don't try to deliver this again. 1069 // >>> CID 181416: (USE_AFTER_FREE) >>> Dereferencing freed pointer "in_dlv". 1070 if (in_dlv->where == QDR_DELIVERY_IN_UNDELIVERED || !qdr_delivery_has_peer_CT(in_dlv)) 1071 return; 1072 1073 qdr_deliver_continue_peers_CT(core, in_dlv); 1074 1075 /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1112 in qdr_deliver_continue_CT() 1106 peer = next_peer; 1107 } 1108 1109 // Remove the delivery from the settled list and decref the in_dlv. 1110 in_dlv->where = QDR_DELIVERY_NOWHERE; 1111 qdr_delivery_decref_CT(core, in_dlv); // This decref is for removing the delivery from the settled list. >>> CID 181416: (USE_AFTER_FREE) >>> Dereferencing freed pointer "in_dlv". 1112 DEQ_REMOVE(in_dlv->link->settled, in_dlv); 1113 } 1114 } 1115 } 1116 1117 /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1104 in qdr_deliver_continue_CT() 1098 // 1099 // The in_dlv has one or more peers. These peers will have to be unlinked. 1100 // 1101 qdr_delivery_t *peer = qdr_delivery_first_peer_CT(in_dlv); 1102 qdr_delivery_t *next_peer = 0; 1103 while (peer) { >>> CID 181416: (USE_AFTER_FREE) >>> Calling "qdr_delivery_next_peer_CT" dereferences freed pointer "in_dlv". 1104 next_peer = qdr_delivery_next_peer_CT(in_dlv); 1105 qdr_delivery_unlink_peers_CT(core, in_dlv, peer); 1106 peer = next_peer; 1107 } 1108 1109 // Remove the delivery from the settled list and decref the in_dlv. /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1110 in qdr_deliver_continue_CT() 1104 next_peer = qdr_delivery_next_peer_CT(in_dlv); 1105 qdr_delivery_unlink_peers_CT(core, in_dlv, peer); 1106 peer = next_peer; 1107 } 1108 1109 // Remove the delivery from the settled list and decref the in_dlv. >>> CID 181416: (USE_AFTER_FREE) >>> Dereferencing freed pointer "in_dlv". 1110 in_dlv->where = QDR_DELIVERY_NOWHERE; 1111 qdr_delivery_decref_CT(core, in_dlv); // This decref is for removing the delivery from the settled list. 1112 DEQ_REMOVE(in_dlv->link->settled, in_dlv); 1113 } 1114 } 1115 } /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1112 in qdr_deliver_continue_CT() 1106 peer = next_peer; 1107 } 1108 1109 // Remove the delivery from the settled list and decref the in_dlv. 1110 in_dlv->where = QDR_DELIVERY_NOWHERE; 1111 qdr_delivery_decref_CT(core, in_dlv); // This decref is for removing the delivery from the settled list. >>> CID 181416: (USE_AFTER_FREE) >>> Dereferencing freed pointer "in_dlv". 1112 DEQ_REMOVE(in_dlv->link->settled, in_dlv); 1113 } 1114 } 1115 } 1116 1117 ** CID 181415: Integer handling issues (NO_EFFECT) /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 679 in qd_parse_annotations_v1() ________________________________________________________________________________________________________ *** CID 181415: Integer handling issues (NO_EFFECT) /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 679 in qd_parse_annotations_v1() 673 // Adjust size of user annotation blob by the size of the router 674 // annotations 675 blob_pointer->remaining = user_bytes; 676 assert(blob_pointer->remaining >= 0); 677 678 *blob_item_count = user_entries; >>> CID 181415: Integer handling issues (NO_EFFECT) >>> This greater-than-or-equal-to-zero comparison of an unsigned value is >>> always true. "*blob_item_count >= 0U". 679 assert(*blob_item_count >= 0); 680 return 0; 681 } 682 683 684 void qd_parse_annotations( ** CID 181414: (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 339 in test_q2_input_holdoff_sensing() /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_q2_input_holdoff_sensing() ________________________________________________________________________________________________________ *** CID 181414: (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 339 in test_q2_input_holdoff_sensing() 333 for (int nbufs=1; nbufs<QD_QLIMIT_Q2_UPPER + 1; nbufs++) { 334 qd_message_t *msg = qd_message(); 335 qd_message_content_t *content = MSG_CONTENT(msg); 336 337 set_content_bufs(content, nbufs); 338 if (qd_message_Q2_holdoff_should_block(msg) != (nbufs >= QD_QLIMIT_Q2_UPPER)) >>> CID 181414: (RESOURCE_LEAK) >>> Variable "msg" going out of scope leaks the storage it points to. 339 return "qd_message_holdoff_would_block was miscalculated"; 340 if (qd_message_Q2_holdoff_should_unblock(msg) != (nbufs < QD_QLIMIT_Q2_LOWER)) 341 return "qd_message_holdoff_would_unblock was miscalculated"; 342 343 qd_message_free(msg); 344 } /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_q2_input_holdoff_sensing() 335 qd_message_content_t *content = MSG_CONTENT(msg); 336 337 set_content_bufs(content, nbufs); 338 if (qd_message_Q2_holdoff_should_block(msg) != (nbufs >= QD_QLIMIT_Q2_UPPER)) 339 return "qd_message_holdoff_would_block was miscalculated"; 340 if (qd_message_Q2_holdoff_should_unblock(msg) != (nbufs < QD_QLIMIT_Q2_LOWER)) >>> CID 181414: (RESOURCE_LEAK) >>> Variable "msg" going out of scope leaks the storage it points to. 341 return "qd_message_holdoff_would_unblock was miscalculated"; 342 343 qd_message_free(msg); 344 } 345 return 0; 346 } ** CID 181413: Null pointer dereferences (REVERSE_INULL) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1084 in qdr_deliver_continue_CT() ________________________________________________________________________________________________________ *** CID 181413: Null pointer dereferences (REVERSE_INULL) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1084 in qdr_deliver_continue_CT() 1078 // The entire message has now been received. Check to see if there are in process subscriptions that need to 1079 // receive this message. in process subscriptions, at this time, can deal only with full messages. 1080 // 1081 qdr_subscription_t *sub = DEQ_HEAD(in_dlv->subscriptions); 1082 while (sub) { 1083 DEQ_REMOVE_HEAD(in_dlv->subscriptions); >>> CID 181413: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "in_dlv" suggests that it may be null, but it has already >>> been dereferenced on all paths leading to the check. 1084 qdr_forward_on_message_CT(core, sub, in_dlv ? in_dlv->link : 0, in_dlv->msg); 1085 sub = DEQ_HEAD(in_dlv->subscriptions); 1086 } 1087 1088 // This is a multicast delivery 1089 if (qdr_is_addr_treatment_multicast(in_dlv->link->owning_addr)) { ** CID 181412: Concurrent data access violations (MISSING_LOCK) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1185 in qdr_addr_start_inlinks_CT() ________________________________________________________________________________________________________ *** CID 181412: Concurrent data access violations (MISSING_LOCK) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1185 in qdr_addr_start_inlinks_CT() 1179 // 1180 // Move all the undelivered to a local list in case not all can be delivered. 1181 // We don't want to loop here forever putting the same messages on the undelivered 1182 // list. 1183 // 1184 qdr_delivery_list_t deliveries; >>> CID 181412: Concurrent data access violations (MISSING_LOCK) >>> Accessing "link->undelivered.scratch" without holding lock >>> "sys_mutex_t.mutex". Elsewhere, "qdr_delivery_list_t.scratch" is accessed >>> with "sys_mutex_t.mutex" held 4 out of 5 times. 1185 DEQ_MOVE(link->undelivered, deliveries); 1186 1187 qdr_delivery_t *dlv = DEQ_HEAD(deliveries); 1188 while (dlv) { 1189 DEQ_REMOVE_HEAD(deliveries); 1190 qdr_link_forward_CT(core, link, dlv, addr); ** CID 124934: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 181 in test_message_properties() ________________________________________________________________________________________________________ *** CID 124934: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 181 in test_message_properties() 175 qd_message_content_t *content = MSG_CONTENT(msg); 176 177 set_content(content, size); 178 179 qd_iterator_t *iter = qd_message_field_iterator(msg, QD_FIELD_CORRELATION_ID); 180 if (!iter) return "Expected iterator for the 'correlation-id' field"; >>> CID 124934: Resource leaks (RESOURCE_LEAK) >>> Variable "iter" going out of scope leaks the storage it points to. 181 if (qd_iterator_length(iter) != 13) return "Bad length for correlation-id"; 182 if (!qd_iterator_equal(iter, (const unsigned char *)"correlationId")) { 183 qd_iterator_free(iter); 184 return "Invalid correlation-id"; 185 } 186 qd_iterator_free(iter); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX1-2FDm2ydKRp2jKIMEChnF9qYjWDV40qhnoFf9KqJJs5gJ3gKShavCjMfPIUiT4tI2B_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKkH8DXAcTo0KcqFSFTvUzz6crMx-2FSgHb7MB-2FvuR2f4Tz6M6a5ScpyYAk5PcurHjL0urUVAhDaoDz7PUJ32Xt-2Bk3iq9oeTMzekZMSRgqTDTcg-2B1CsRw-2FOQXfLSeGZHAzACr1F21jPOxg73BaqGqnUtLTAqOWl23OBHnpHmqpqhHT5fYnuAht58nGAwRPIKtCQjo-3D {noformat} > Coverity scan reported errors in Qpid Dispatch master > ----------------------------------------------------- > > Key: DISPATCH-837 > URL: https://issues.apache.org/jira/browse/DISPATCH-837 > Project: Qpid Dispatch > Issue Type: Bug > Components: Container > Reporter: Ganesh Murthy > Assignee: Ganesh Murthy > > {noformat} > New defect(s) Reported-by: Coverity Scan > Showing 2 of 2 defect(s) > ** CID 181415: Integer handling issues (NO_EFFECT) > /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 679 in > qd_parse_annotations_v1() > ________________________________________________________________________________________________________ > *** CID 181415: Integer handling issues (NO_EFFECT) > /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 679 in > qd_parse_annotations_v1() > 673 // Adjust size of user annotation blob by the size of the router > 674 // annotations > 675 blob_pointer->remaining = user_bytes; > 676 assert(blob_pointer->remaining >= 0); > 677 > 678 *blob_item_count = user_entries; > >>> CID 181415: Integer handling issues (NO_EFFECT) > >>> This greater-than-or-equal-to-zero comparison of an unsigned value is > >>> always true. "*blob_item_count >= 0U". > 679 assert(*blob_item_count >= 0); > 680 return 0; > 681 } > 682 > 683 > 684 void qd_parse_annotations( > ** CID 124934: Resource leaks (RESOURCE_LEAK) > /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 181 in > test_message_properties() > ________________________________________________________________________________________________________ > *** CID 124934: Resource leaks (RESOURCE_LEAK) > /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 181 in > test_message_properties() > 175 qd_message_content_t *content = MSG_CONTENT(msg); > 176 > 177 set_content(content, size); > 178 > 179 qd_iterator_t *iter = qd_message_field_iterator(msg, > QD_FIELD_CORRELATION_ID); > 180 if (!iter) return "Expected iterator for the 'correlation-id' > field"; > >>> CID 124934: Resource leaks (RESOURCE_LEAK) > >>> Variable "iter" going out of scope leaks the storage it points to. > 181 if (qd_iterator_length(iter) != 13) return "Bad length for > correlation-id"; > 182 if (!qd_iterator_equal(iter, (const unsigned char > *)"correlationId")) { > 183 qd_iterator_free(iter); > 184 return "Invalid correlation-id"; > 185 }{noformat} -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org