[ https://issues.apache.org/jira/browse/DISPATCH-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16888190#comment-16888190 ]
ASF subversion and git services commented on DISPATCH-1387: ----------------------------------------------------------- Commit 20723e898aa528fad6d5f092881a5583ae5d0255 in qpid-dispatch's branch refs/heads/master from Francesco Nigro [ https://gitbox.apache.org/repos/asf?p=qpid-dispatch.git;h=20723e8 ] DISPATCH-1387 - fix asserts on stack operations. This closes #538 (cherry picked from commit f44f3c3276843f77197ac1e5b3014120234376ab) > Coverity issues on master branch > -------------------------------- > > Key: DISPATCH-1387 > URL: https://issues.apache.org/jira/browse/DISPATCH-1387 > Project: Qpid Dispatch > Issue Type: Improvement > Components: Container > Affects Versions: 1.8.0 > Reporter: Ganesh Murthy > Assignee: Ganesh Murthy > Priority: Major > Fix For: 1.9.0 > > > {noformat} > Please find the latest report on new defect(s) introduced to Apache Qpid > dispatch-router found with Coverity Scan. > 18 new defect(s) introduced to Apache Qpid dispatch-router found with > Coverity Scan. > 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the > recent build analyzed by Coverity Scan. > New defect(s) Reported-by: Coverity Scan > Showing 18 of 18 defect(s) > ** CID 344879: (FORWARD_NULL) > ________________________________________________________________________________________________________ > *** CID 344879: (FORWARD_NULL) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: > 193 in qdra_config_address_get_first_CT() > 187 qdr_agent_write_config_address_CT(query, addr); > 188 > 189 // > 190 // Advance to the next address > 191 // > 192 query->next_offset = offset; > >>> CID 344879: (FORWARD_NULL) > >>> Passing null pointer "addr" to > >>>"qdr_manage_advance_config_address_CT", which dereferences it. > 193 qdr_manage_advance_config_address_CT(query, addr); > 194 > 195 // > 196 // Enqueue the response. > 197 // > 198 qdr_agent_enqueue_response_CT(core, query); > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: > 187 in qdra_config_address_get_first_CT() > 181 addr = DEQ_NEXT(addr); > 182 assert(addr); > 183 > 184 // > 185 // Write the columns of the object into the response body. > 186 // > >>> CID 344879: (FORWARD_NULL) > >>> Passing null pointer "addr" to "qdr_agent_write_config_address_CT", > >>>which dereferences it. > 187 qdr_agent_write_config_address_CT(query, addr); > 188 > 189 // > 190 // Advance to the next address > 191 // > 192 query->next_offset = offset; > ** CID 344878: API usage errors (PRINTF_ARGS) > ________________________________________________________________________________________________________ > *** CID 344878: API usage errors (PRINTF_ARGS) > /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in > callback_metrics() > 552 stats->headers_sent = true; > 553 } > 554 > 555 while (stats->current < metrics_length) { > 556 if (write_metric(&position, end, > &metrics[stats->current], &stats->context->stats)) { > 557 stats->current++; > >>> CID 344878: API usage errors (PRINTF_ARGS) > >>> Argument "stats->current" to format specifier "%i" was expected to > >>>have type "int" but has type "unsigned long". > 558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of > %i", stats->current, metrics_length); > 559 } else { > 560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in > buffer"); > 561 break; > 562 } > 563 } > ** CID 344877: API usage errors (PRINTF_ARGS) > ________________________________________________________________________________________________________ > *** CID 344877: API usage errors (PRINTF_ARGS) > /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in > callback_metrics() > 552 stats->headers_sent = true; > 553 } > 554 > 555 while (stats->current < metrics_length) { > 556 if (write_metric(&position, end, > &metrics[stats->current], &stats->context->stats)) { > 557 stats->current++; > >>> CID 344877: API usage errors (PRINTF_ARGS) > >>> Argument "metrics_length" to format specifier "%i" was expected to > >>>have type "int" but has type "unsigned long". > 558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of > %i", stats->current, metrics_length); > 559 } else { > 560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in > buffer"); > 561 break; > 562 } > 563 } > ** CID 344876: (FORWARD_NULL) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: > 331 in qdra_conn_link_route_get_first_CT() > ________________________________________________________________________________________________________ > *** CID 344876: (FORWARD_NULL) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: > 329 in qdra_conn_link_route_get_first_CT() > 323 // > 324 qdr_link_route_t *lr = DEQ_HEAD(conn->conn_link_routes); > 325 for (int i = 0; i < offset && lr; i++) > 326 lr = DEQ_NEXT(lr); > 327 assert(lr); > 328 // write the lr into the response and advance to next > >>> CID 344876: (FORWARD_NULL) > >>> Passing null pointer "lr" to "_write_as_list_CT", which dereferences > >>>it. > 329 _write_as_list_CT(query, lr); > 330 query->next_offset = offset + 1; > 331 query->more = DEQ_NEXT(lr) != NULL; > 332 } > 333 qdr_agent_enqueue_response_CT(core, query); > 334 } > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: > 331 in qdra_conn_link_route_get_first_CT() > 325 for (int i = 0; i < offset && lr; i++) > 326 lr = DEQ_NEXT(lr); > 327 assert(lr); > 328 // write the lr into the response and advance to next > 329 _write_as_list_CT(query, lr); > 330 query->next_offset = offset + 1; > >>> CID 344876: (FORWARD_NULL) > >>> Dereferencing null pointer "lr". > 331 query->more = DEQ_NEXT(lr) != NULL; > 332 } > 333 qdr_agent_enqueue_response_CT(core, query); > 334 } > 335 > 336 > ** CID 344875: API usage errors (PRINTF_ARGS) > ________________________________________________________________________________________________________ > *** CID 344875: API usage errors (PRINTF_ARGS) > /home/kgiusti/work/dispatch/qpid-dispatch/src/policy.c: 1294 in > qd_policy_host_pattern_add() > 1288 assert (recovered); > 1289 (void)recovered; /* Silence compiler complaints of > unused variable */ > 1290 } > 1291 sys_mutex_unlock(policy->tree_lock); > 1292 if (oldp) { > 1293 free(payload); > >>> CID 344875: API usage errors (PRINTF_ARGS) > >>> Argument "oldp" to format specifier "%s" was expected to have type > >>>"char *" but has type "void *". > 1294 qd_log(policy->log_source, > 1295 QD_LOG_WARNING, > 1296 "vhost hostname pattern '%s' failed to replace optimized > pattern '%s'", > 1297 hostPattern, oldp); > 1298 } > 1299 return oldp == 0; > ** CID 344874: Memory - corruptions (OVERLAPPING_COPY) > /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in > set_rhost_port() > ________________________________________________________________________________________________________ > *** CID 344874: Memory - corruptions (OVERLAPPING_COPY) > /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in > set_rhost_port() > 589 if (sa && salen) { > 590 char rport[NI_MAXSERV] = ""; > 591 int err = getnameinfo(sa, salen, > 592 ctx->rhost, sizeof(ctx->rhost), rport, > sizeof(rport), > 593 NI_NUMERICHOST | NI_NUMERICSERV); > 594 if (!err) { > >>> CID 344874: Memory - corruptions (OVERLAPPING_COPY) > >>> In the call to function "snprintf", the object pointed to by argument > >>>"ctx->rhost" may overlap with the object pointed to by argument > >>>"ctx->rhost_port". > 595 snprintf(ctx->rhost_port, sizeof(ctx->rhost_port), > "%s:%s", ctx->rhost, rport); > 596 } > 597 } > 598 } > 599 > 600 > ** CID 344873: (FORWARD_NULL) > ________________________________________________________________________________________________________ > *** CID 344873: (FORWARD_NULL) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: > 222 in qdra_config_link_route_get_first_CT() > 216 qdr_agent_write_config_link_route_CT(query, lr); > 217 > 218 // > 219 // Advance to the next link_route > 220 // > 221 query->next_offset = offset; > >>> CID 344873: (FORWARD_NULL) > >>> Passing null pointer "lr" to > >>>"qdr_manage_advance_config_link_route_CT", which dereferences it. > 222 qdr_manage_advance_config_link_route_CT(query, lr); > 223 > 224 // > 225 // Enqueue the response. > 226 // > 227 qdr_agent_enqueue_response_CT(core, query); > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: > 216 in qdra_config_link_route_get_first_CT() > 210 lr = DEQ_NEXT(lr); > 211 assert(lr); > 212 > 213 // > 214 // Write the columns of the object into the response body. > 215 // > >>> CID 344873: (FORWARD_NULL) > >>> Passing null pointer "lr" to "qdr_agent_write_config_link_route_CT", > >>>which dereferences it. > 216 qdr_agent_write_config_link_route_CT(query, lr); > 217 > 218 // > 219 // Advance to the next link_route > 220 // > 221 query->next_offset = offset; > ** CID 344872: Null pointer dereferences (FORWARD_NULL) > ________________________________________________________________________________________________________ > *** CID 344872: Null pointer dereferences (FORWARD_NULL) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_address.c: > 301 in qdra_address_get_first_CT() > 295 qdr_manage_write_address_list_CT(core, query, addr); > 296 > 297 // > 298 // Advance to the next address > 299 // > 300 query->next_offset = offset; > >>> CID 344872: Null pointer dereferences (FORWARD_NULL) > >>> Passing null pointer "addr" to "qdr_manage_advance_address_CT", which > >>>dereferences it. > 301 qdr_manage_advance_address_CT(query, addr); > 302 > 303 // > 304 // Enqueue the response. > 305 // > 306 qdr_agent_enqueue_response_CT(core, query); > ** CID 344871: (FORWARD_NULL) > ________________________________________________________________________________________________________ > *** CID 344871: (FORWARD_NULL) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: > 229 in qdra_config_auto_link_get_first_CT() > 223 qdr_agent_write_config_auto_link_CT(query, al); > 224 > 225 // > 226 // Advance to the next auto_link > 227 // > 228 query->next_offset = offset; > >>> CID 344871: (FORWARD_NULL) > >>> Passing null pointer "al" to > >>>"qdr_manage_advance_config_auto_link_CT", which dereferences it. > 229 qdr_manage_advance_config_auto_link_CT(query, al); > 230 > 231 // > 232 // Enqueue the response. > 233 // > 234 qdr_agent_enqueue_response_CT(core, query); > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: > 223 in qdra_config_auto_link_get_first_CT() > 217 al = DEQ_NEXT(al); > 218 assert(al); > 219 > 220 // > 221 // Write the columns of the object into the response body. > 222 // > >>> CID 344871: (FORWARD_NULL) > >>> Passing null pointer "al" to "qdr_agent_write_config_auto_link_CT", > >>>which dereferences it. > 223 qdr_agent_write_config_auto_link_CT(query, al); > 224 > 225 // > 226 // Advance to the next auto_link > 227 // > 228 query->next_offset = offset; > ** CID 344870: (FORWARD_NULL) > ________________________________________________________________________________________________________ > *** CID 344870: (FORWARD_NULL) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 327 > in qdra_link_get_first_CT() > 321 qdr_agent_write_link_CT(core, query, link); > 322 > 323 // > 324 // Advance to the next address > 325 // > 326 query->next_offset = offset; > >>> CID 344870: (FORWARD_NULL) > >>> Passing null pointer "link" to "qdr_manage_advance_link_CT", which > >>>dereferences it. > 327 qdr_manage_advance_link_CT(query, link); > 328 > 329 // > 330 // Enqueue the response. > 331 // > 332 qdr_agent_enqueue_response_CT(core, query); > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 321 > in qdra_link_get_first_CT() > 315 link = DEQ_NEXT(link); > 316 assert(link); > 317 > 318 // > 319 // Write the columns of the link into the response body. > 320 // > >>> CID 344870: (FORWARD_NULL) > >>> Passing null pointer "link" to "qdr_agent_write_link_CT", which > >>>dereferences it. > 321 qdr_agent_write_link_CT(core, query, link); > 322 > 323 // > 324 // Advance to the next address > 325 // > 326 query->next_offset = offset; > ** CID 344869: (FORWARD_NULL) > ________________________________________________________________________________________________________ > *** CID 344869: (FORWARD_NULL) > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: > 337 in qdra_connection_get_first_CT() > 331 qdr_agent_write_connection_CT(core, query, conn); > 332 > 333 // > 334 // Advance to the next connection > 335 // > 336 query->next_offset = offset; > >>> CID 344869: (FORWARD_NULL) > >>> Passing null pointer "conn" to "qdr_manage_advance_connection_CT", > >>>which dereferences it. > 337 qdr_manage_advance_connection_CT(query, conn); > 338 > 339 // > 340 // Enqueue the response. > 341 // > 342 qdr_agent_enqueue_response_CT(core, query); > /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: > 331 in qdra_connection_get_first_CT() > 325 conn = DEQ_NEXT(conn); > 326 assert(conn); > 327 > 328 // > 329 // Write the columns of the object into the response body. > 330 // > >>> CID 344869: (FORWARD_NULL) > >>> Passing null pointer "conn" to "qdr_agent_write_connection_CT", which > >>>dereferences it. > 331 qdr_agent_write_connection_CT(core, query, conn); > 332 > 333 // > 334 // Advance to the next connection > 335 // > 336 query->next_offset = offset; > ** CID 344868: Insecure data handling (TAINTED_SCALAR) > ________________________________________________________________________________________________________ > *** CID 344868: Insecure data handling (TAINTED_SCALAR) > /home/kgiusti/work/dispatch/qpid-dispatch/src/connection_manager.c: 556 in > qd_dispatch_configure_ssl_profile() > 550 ssl_profile->ssl_uid_format = > qd_entity_opt_string(entity, "uidFormat", 0); CHECK(); > 551 ssl_profile->uid_name_mapping_file = > qd_entity_opt_string(entity, "uidNameMappingFile", 0); CHECK(); > 552 > 553 // > 554 // Process the password to handle any modifications or lookups > needed > 555 // > >>> CID 344868: Insecure data handling (TAINTED_SCALAR) > >>> Passing tainted variable "ssl_profile->ssl_password" to a tainted > >>>sink. > 556 qd_config_ssl_profile_process_password(ssl_profile); CHECK(); > 557 > 558 qd_log(cm->log_source, QD_LOG_INFO, "Created SSL Profile with > name %s ", ssl_profile->name); > 559 return ssl_profile; > 560 > 561 error: > ** CID 344867: API usage errors (PRINTF_ARGS) > ________________________________________________________________________________________________________ > *** CID 344867: API usage errors (PRINTF_ARGS) > /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 61 in > logger() > 55 static void logger(int lll, const char *line) { > 56 if (strstr(line, IGNORED)) return; > 57 size_t len = strlen(line); > 58 while (len > 1 && isspace(line[len-1])) { /* Strip trailing > newline */ > 59 --len; > 60 } > >>> CID 344867: API usage errors (PRINTF_ARGS) > >>> Precision argument "len" to format specifier "%.*s" was expected to > >>>have type "int" but has type "unsigned long". > 61 qd_log(http_log, qd_level(lll), "%.*s", len, line); > 62 } > 63 > 64 static void log_init() { > 65 http_log = qd_log_source("HTTP"); > 66 int levels = 0; > ** CID 344866: Control flow issues (DEADCODE) > /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in > qd_parse_annotations_v1() > ________________________________________________________________________________________________________ > *** CID 344866: Control flow issues (DEADCODE) > /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in > qd_parse_annotations_v1() > 826 case QD_MAE_TO: > 827 *ma_to_override = val_field; > 828 break; > 829 case QD_MAE_PHASE: > 830 *ma_phase = val_field; > 831 break; > >>> CID 344866: Control flow issues (DEADCODE) > >>> Execution cannot reach this statement: "case QD_MAE_NONE:". > 832 case QD_MAE_NONE: > 833 assert(false); > 834 break; > 835 } > 836 > 837 qd_iterator_free(val_iter); > ** CID 336747: Resource leaks (RESOURCE_LEAK) > /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in > test_send_to_messenger() > ________________________________________________________________________________________________________ > *** CID 336747: Resource leaks (RESOURCE_LEAK) > /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in > test_send_to_messenger() > 75 static char* test_send_to_messenger(void *context) > 76 { > 77 qd_message_t *msg = qd_message(); > 78 qd_message_content_t *content = MSG_CONTENT(msg); > 79 qd_message_compose_1(msg, "test_addr_0", 0); > 80 qd_buffer_t *buf = DEQ_HEAD(content->buffers); > >>> CID 336747: Resource leaks (RESOURCE_LEAK) > >>> Variable "msg" going out of scope leaks the storage it points to. > 81 if (buf == 0) return "Expected a buffer in the test message"; > 82 > 83 pn_message_t *pn_msg = pn_message(); > 84 size_t len = flatten_bufs(content); > 85 int result = pn_message_decode(pn_msg, buffer, len); > 86 if (result != 0) { > ** CID 336746: Resource leaks (RESOURCE_LEAK) > /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in > test_send_message_annotations() > ________________________________________________________________________________________________________ > *** CID 336746: Resource leaks (RESOURCE_LEAK) > /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in > test_send_message_annotations() > 335 if (result != 0) { > 336 qd_message_free(msg); > 337 return "Error in pn_message_decode"; > 338 } > 339 > 340 pn_data_t *ma = pn_message_annotations(pn_msg); > >>> CID 336746: Resource leaks (RESOURCE_LEAK) > >>> Variable "msg" going out of scope leaks the storage it points to. > 341 if (!ma) return "Missing message annotations"; > 342 pn_data_rewind(ma); > 343 pn_data_next(ma); > 344 if (pn_data_type(ma) != PN_MAP) return "Invalid message > annotation type"; > 345 if (pn_data_get_map(ma) != QD_MA_N_KEYS * 2) return "Invalid map > length"; > 346 pn_data_enter(ma); > ** CID 142248: Resource leaks (RESOURCE_LEAK) > /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in > test_map() > ________________________________________________________________________________________________________ > *** CID 142248: Resource leaks (RESOURCE_LEAK) > /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in > test_map() > 296 qd_iterator_t *key_iter = qd_parse_raw(key_field); > 297 qd_iterator_t *typed_iter = qd_parse_typed(key_field); > 298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) { > 299 unsigned char *result = qd_iterator_copy(key_iter); > 300 snprintf(error, 1000, "First key: expected 'first', got > '%s'", result); > 301 free (result); > >>> CID 142248: Resource leaks (RESOURCE_LEAK) > >>> Variable "field" going out of scope leaks the storage it points to. > 302 return error; > 303 } > 304 > 305 if (!qd_iterator_equal(typed_iter, (unsigned char*) > "\xa3\x05\x66irst")) > 306 return "Incorrect typed iterator on first-key"; > 307 > ** CID 142246: Resource leaks (RESOURCE_LEAK) > /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in > test_map() > ________________________________________________________________________________________________________ > *** CID 142246: Resource leaks (RESOURCE_LEAK) > /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in > test_map() > 296 qd_iterator_t *key_iter = qd_parse_raw(key_field); > 297 qd_iterator_t *typed_iter = qd_parse_typed(key_field); > 298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) { > 299 unsigned char *result = qd_iterator_copy(key_iter); > 300 snprintf(error, 1000, "First key: expected 'first', got > '%s'", result); > 301 free (result); > >>> CID 142246: Resource leaks (RESOURCE_LEAK) > >>> Variable "data_iter" going out of scope leaks the storage it points > >>>to. > 302 return error; > 303 } > 304 > 305 if (!qd_iterator_equal(typed_iter, (unsigned char*) > "\xa3\x05\x66irst")) > 306 return "Incorrect typed iterator on first-key"; > 307 > \ > > > > {noformat} -- This message was sent by Atlassian JIRA (v7.6.14#76016) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org