-------- Original Message -------- Subject: New Defects reported by Coverity Scan for GlusterFS Date: Thu, 06 Mar 2014 08:20:28 -0800 From: scan-ad...@coverity.com Hi, Please find the latest report on new defect(s) introduced to GlusterFS found with Coverity Scan. Defect(s) Reported-by: Coverity Scan Showing 20 of 36 defect(s) ** CID 1128913: Argument cannot be negative (NEGATIVE_RETURNS) /xlators/storage/bd/src/bd.c: 693 in bd_open() ** CID 1128912: Argument cannot be negative (NEGATIVE_RETURNS) /xlators/storage/bd/src/bd.c: 693 in bd_open() ** CID 1128911: Argument cannot be negative (NEGATIVE_RETURNS) /xlators/storage/bd/src/bd-helper.c: 273 in __bd_fd_ctx_get() ** CID 1128910: Argument cannot be negative (NEGATIVE_RETURNS) /xlators/storage/bd/src/bd-helper.c: 273 in __bd_fd_ctx_get() ** CID 1128926: Unused pointer value (UNUSED_VALUE) /xlators/storage/bd/src/bd.c: 1446 in bd_fsetxattr() ** CID 1128914: Thread deadlock (ORDER_REVERSAL) /xlators/storage/bd/src/bd-helper.c: 285 in bd_fd_ctx_get() ** CID 1174824: Resource leak (RESOURCE_LEAK) /xlators/mgmt/glusterd/src/glusterd-store.c: 2616 in glusterd_store_retrieve_peers() ** CID 1174825: Resource leak (RESOURCE_LEAK) /xlators/mgmt/glusterd/src/glusterd-store.c: 1854 in glusterd_store_retrieve_node_state() /xlators/mgmt/glusterd/src/glusterd-store.c: 1854 in glusterd_store_retrieve_node_state() ** CID 1174763: Read from pointer after free (USE_AFTER_FREE) /xlators/mgmt/glusterd/src/glusterd-utils.c: 5594 in glusterd_brick_stop() ** CID 1134005: Ignoring number of bytes read (CHECKED_RETURN) /xlators/storage/bd/src/bd-helper.c: 921 in bd_do_ioctl_zerofill() ** CID 1128907: Dereference after null check (FORWARD_NULL) /xlators/storage/bd/src/bd.c: 1594 in bd_trunc_setxattr_cbk() ** CID 1128922: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 164 in bd_lookup_cbk() ** CID 1128921: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 1165 in bd_offload_getx_cbk() ** CID 1128920: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 245 in bd_readdirp_cbk() ** CID 1128919: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 1961 in bd_setattr() ** CID 1128918: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 1060 in bd_setx_stat_cbk() ** CID 1128917: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 1607 in bd_trunc_setxattr_cbk() ** CID 1128923: Dereference before null check (REVERSE_INULL) /xlators/storage/bd/src/bd-aio.c: 276 in bd_aio_writev_complete() ** CID 1134020: String not null terminated (STRING_NULL) /xlators/storage/bd/src/bd-helper.c: 913 in bd_do_ioctl_zerofill() /xlators/storage/bd/src/bd-helper.c: 907 in bd_do_ioctl_zerofill() ** CID 1128916: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd-helper.c: 345 in bd_validate_bd_xattr() ________________________________________________________________________________________________________ *** CID 1128913: Argument cannot be negative (NEGATIVE_RETURNS) /xlators/storage/bd/src/bd.c: 693 in bd_open() 687 return 0; 688 out: 689 BD_STACK_UNWIND (open, frame, -1, ret, fd, NULL); 690 691 FREE (devpath); 692 if (ret) {
CID 1128913: Argument cannot be negative (NEGATIVE_RETURNS) "_fd" is passed to a parameter that cannot be negative.
693 close (_fd); 694 GF_FREE (bd_fd); 695 } 696 697 return 0; 698 } ________________________________________________________________________________________________________ *** CID 1128912: Argument cannot be negative (NEGATIVE_RETURNS) /xlators/storage/bd/src/bd.c: 693 in bd_open() 687 return 0; 688 out: 689 BD_STACK_UNWIND (open, frame, -1, ret, fd, NULL); 690 691 FREE (devpath); 692 if (ret) {
CID 1128912: Argument cannot be negative (NEGATIVE_RETURNS) "_fd" is passed to a parameter that cannot be negative.
693 close (_fd); 694 GF_FREE (bd_fd); 695 } 696 697 return 0; 698 } ________________________________________________________________________________________________________ *** CID 1128911: Argument cannot be negative (NEGATIVE_RETURNS) /xlators/storage/bd/src/bd-helper.c: 273 in __bd_fd_ctx_get() 267 *bdfd_p = bdfd; 268 269 ret = 0; 270 out: 271 FREE (devpath); 272 if (ret) {
CID 1128911: Argument cannot be negative (NEGATIVE_RETURNS) "_fd" is passed to a parameter that cannot be negative.
273 close (_fd); 274 GF_FREE (bdfd); 275 } 276 return ret; 277 } 278 ________________________________________________________________________________________________________ *** CID 1128910: Argument cannot be negative (NEGATIVE_RETURNS) /xlators/storage/bd/src/bd-helper.c: 273 in __bd_fd_ctx_get() 267 *bdfd_p = bdfd; 268 269 ret = 0; 270 out: 271 FREE (devpath); 272 if (ret) {
CID 1128910: Argument cannot be negative (NEGATIVE_RETURNS) "_fd" is passed to a parameter that cannot be negative.
273 close (_fd); 274 GF_FREE (bdfd); 275 } 276 return ret; 277 } 278 ________________________________________________________________________________________________________ *** CID 1128926: Unused pointer value (UNUSED_VALUE) /xlators/storage/bd/src/bd.c: 1446 in bd_fsetxattr() 1440 VALIDATE_OR_GOTO (this, out); 1441 VALIDATE_OR_GOTO (this->private, out); 1442 VALIDATE_OR_GOTO (fd, out); 1443 1444 bd_inode_ctx_get (fd->inode, this, &bdatt); 1445
CID 1128926: Unused pointer value (UNUSED_VALUE) Pointer "data" returned by "dict_get(dict, "user.glusterfs.bd")" is never used.
1446 data = dict_get (dict, BD_XATTR); 1447 if ((data = dict_get (dict, BD_XATTR))) 1448 cl_type = BD_OF_NONE; 1449 else if ((data = dict_get (dict, BD_CLONE))) 1450 cl_type = BD_OF_CLONE; 1451 else if ((data = dict_get (dict, BD_SNAPSHOT))) ________________________________________________________________________________________________________ *** CID 1128914: Thread deadlock (ORDER_REVERSAL) /xlators/storage/bd/src/bd-helper.c: 285 in bd_fd_ctx_get() 279 int 280 bd_fd_ctx_get (xlator_t *this, fd_t *fd, bd_fd_t **bdfd) 281 { 282 int ret; 283 284 /* FIXME: Is it ok to fd->lock here ? */
CID 1128914: Thread deadlock (ORDER_REVERSAL) Calling function "pthread_spin_lock(pthread_spinlock_t *)" acquires lock "_fd.lock".
285 LOCK (&fd->lock); 286 { 287 ret = __bd_fd_ctx_get (this, fd, bdfd); 288 } 289 UNLOCK (&fd->lock); 290 ________________________________________________________________________________________________________ *** CID 1174824: Resource leak (RESOURCE_LEAK) /xlators/mgmt/glusterd/src/glusterd-store.c: 2616 in glusterd_store_retrieve_peers() 2610 2611 out: 2612 if (dir) 2613 closedir (dir); 2614 gf_log ("", GF_LOG_DEBUG, "Returning with %d", ret); 2615
CID 1174824: Resource leak (RESOURCE_LEAK) Variable "iter" going out of scope leaks the storage it points to.
2616 return ret; 2617 } 2618 2619 int32_t 2620 glusterd_resolve_all_bricks (xlator_t *this) 2621 { ________________________________________________________________________________________________________ *** CID 1174825: Resource leak (RESOURCE_LEAK) /xlators/mgmt/glusterd/src/glusterd-store.c: 1854 in glusterd_store_retrieve_node_state() 1848 if (ret && volinfo->rebal.dict) 1849 dict_unref (volinfo->rebal.dict); 1850 if (tmp_dict) 1851 dict_unref (tmp_dict); 1852 gf_log ("", GF_LOG_DEBUG, "Returning with %d", ret); 1853
CID 1174825: Resource leak (RESOURCE_LEAK) Variable "iter" going out of scope leaks the storage it points to.
1854 return ret; 1855 } 1856 1857 int32_t 1858 glusterd_store_retrieve_volume (char *volname) 1859 { /xlators/mgmt/glusterd/src/glusterd-store.c: 1854 in glusterd_store_retrieve_node_state() 1848 if (ret && volinfo->rebal.dict) 1849 dict_unref (volinfo->rebal.dict); 1850 if (tmp_dict) 1851 dict_unref (tmp_dict); 1852 gf_log ("", GF_LOG_DEBUG, "Returning with %d", ret); 1853
CID 1174825: Resource leak (RESOURCE_LEAK) Variable "iter" going out of scope leaks the storage it points to.
1854 return ret; 1855 } 1856 1857 int32_t 1858 glusterd_store_retrieve_volume (char *volname) 1859 { ________________________________________________________________________________________________________ *** CID 1174763: Read from pointer after free (USE_AFTER_FREE) /xlators/mgmt/glusterd/src/glusterd-utils.c: 5594 in glusterd_brick_stop() 5588 5589 gf_log (this->name, GF_LOG_DEBUG, "About to stop glusterfs" 5590 " for brick %s:%s", brickinfo->hostname, 5591 brickinfo->path); 5592 ret = glusterd_volume_stop_glusterfs (volinfo, brickinfo, del_brick); 5593 if (ret) {
CID 1174763: Read from pointer after free (USE_AFTER_FREE) Dereferencing freed pointer "brickinfo".
5594 gf_log (this->name, GF_LOG_CRITICAL, "Unable to stop" 5595 " brick: %s:%s", brickinfo->hostname, 5596 brickinfo->path); 5597 goto out; 5598 } 5599 ________________________________________________________________________________________________________ *** CID 1134005: Ignoring number of bytes read (CHECKED_RETURN) /xlators/storage/bd/src/bd-helper.c: 921 in bd_do_ioctl_zerofill() 915 if (sysfd < 0) { 916 gf_log ("bd_do_ioctl_zerofill", GF_LOG_DEBUG, 917 "sysfs file %s does not exist", lvname); 918 goto skip; 919 } 920
CID 1134005: Ignoring number of bytes read (CHECKED_RETURN) "read(int, void *, size_t)" returns the number of bytes read, but it is ignored.
921 read (sysfd, buff, sizeof (buff)); 922 close (sysfd); 923 924 max_bytes = atoll (buff); 925 926 skip: ________________________________________________________________________________________________________ *** CID 1128907: Dereference after null check (FORWARD_NULL) /xlators/storage/bd/src/bd.c: 1594 in bd_trunc_setxattr_cbk() 1588 return 0; 1589 1590 revert_xattr: 1591 /* revert setxattr */ 1592 op_ret = dict_get_str (local->dict, BD_XATTR, &bd); 1593 GF_FREE (bd);
CID 1128907: Dereference after null check (FORWARD_NULL) Dereferencing null pointer "bdatt".
1594 gf_asprintf (&bd, "%s:%ld", bdatt->type, bdatt->iatt.ia_size); 1595 1596 if (local->fd) 1597 STACK_WIND (frame, bd_trunc_setxattr_setx_cbk, 1598 FIRST_CHILD(this), 1599 FIRST_CHILD(this)->fops->fsetxattr, ________________________________________________________________________________________________________ *** CID 1128922: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 164 in bd_lookup_cbk() 158 dict_del (xattr, GF_CONTENT_KEY); 159 memcpy (buf, &bdatt->iatt, sizeof (struct iatt)); 160 161 out: 162 BD_STACK_UNWIND (lookup, frame, op_ret, op_errno, inode, buf, 163 xattr, postparent);
CID 1128922: Resource leak (RESOURCE_LEAK) Variable "type" going out of scope leaks the storage it points to.
164 return 0; 165 } 166 167 /* 168 * bd_lookup: Issues posix_lookup to find out if file is mapped to BD 169 * bd_lookup -> posix_lookup -> bd_lookup_cbk ________________________________________________________________________________________________________ *** CID 1128921: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 1165 in bd_offload_getx_cbk() 1159 } 1160 1161 STACK_WIND (frame, bd_offload_setx_cbk, FIRST_CHILD(this), 1162 FIRST_CHILD(this)->fops->setxattr, 1163 local->dloc, local->dict, 0, NULL); 1164
CID 1128921: Resource leak (RESOURCE_LEAK) Variable "type" going out of scope leaks the storage it points to.
1165 return 0; 1166 1167 out: 1168 if (local->fd) 1169 BD_STACK_UNWIND (fsetxattr, frame, -1, op_errno, NULL); 1170 else ________________________________________________________________________________________________________ *** CID 1128920: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 245 in bd_readdirp_cbk() 239 FREE (type); 240 } 241 } 242 243 out: 244 BD_STACK_UNWIND (readdirp, frame, op_ret, op_errno, entries, xdata);
CID 1128920: Resource leak (RESOURCE_LEAK) Variable "type" going out of scope leaks the storage it points to.
245 return 0; 246 } 247 248 /* 249 * bd_readdirp: In bd_readdirp_cbk if the file and BD_XATTR_SIZE is set 250 * ia_size is updated with the LV(BD_XATTR_SIZE) size ________________________________________________________________________________________________________ *** CID 1128919: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 1961 in bd_setattr() 1955 *ck_valid = valid; 1956 1957 STACK_WIND_COOKIE (frame, bd_setattr_cbk, ck_valid, FIRST_CHILD(this), 1958 FIRST_CHILD(this)->fops->setattr, 1959 loc, stbuf, valid, xdata); 1960
CID 1128919: Resource leak (RESOURCE_LEAK) Variable "ck_valid" going out of scope leaks the storage it points to.
1961 return 0; 1962 out: 1963 BD_STACK_UNWIND (setattr, frame, -1, ENOMEM, NULL, NULL, xdata); 1964 return 0; 1965 } 1966 ________________________________________________________________________________________________________ *** CID 1128918: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 1060 in bd_setx_stat_cbk() 1054 local->fd, local->dict, 0, NULL); 1055 else 1056 STACK_WIND (frame, bd_setx_setx_cbk, FIRST_CHILD(this), 1057 FIRST_CHILD(this)->fops->setxattr, 1058 &local->loc, local->dict, 0, NULL); 1059
CID 1128918: Resource leak (RESOURCE_LEAK) Variable "param" going out of scope leaks the storage it points to.
1060 return 0; 1061 1062 out: 1063 if (local->fd) 1064 BD_STACK_UNWIND (fsetxattr, frame, -1, op_errno, xdata); 1065 else ________________________________________________________________________________________________________ *** CID 1128917: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd.c: 1607 in bd_trunc_setxattr_cbk() 1601 else 1602 STACK_WIND (frame, bd_trunc_setxattr_setx_cbk, 1603 FIRST_CHILD(this), 1604 FIRST_CHILD(this)->fops->setxattr, 1605 &local->loc, local->dict, 0, NULL); 1606
CID 1128917: Resource leak (RESOURCE_LEAK) Variable "bd" going out of scope leaks the storage it points to.
1607 return 0; 1608 out: 1609 if (local->fd) 1610 BD_STACK_UNWIND (ftruncate, frame, -1, EIO, NULL, NULL, NULL); 1611 else 1612 BD_STACK_UNWIND (truncate, frame, -1, EIO, NULL, NULL, NULL); ________________________________________________________________________________________________________ *** CID 1128923: Dereference before null check (REVERSE_INULL) /xlators/storage/bd/src/bd-aio.c: 276 in bd_aio_writev_complete() 270 op_errno = 0; 271 272 out: 273 STACK_UNWIND_STRICT (writev, frame, op_ret, op_errno, &prebuf, &postbuf, 274 NULL); 275
CID 1128923: Dereference before null check (REVERSE_INULL) Null-checking "paiocb" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
276 if (paiocb) { 277 if (paiocb->iobref) 278 iobref_unref (paiocb->iobref); 279 GF_FREE (paiocb); 280 } 281 ________________________________________________________________________________________________________ *** CID 1134020: String not null terminated (STRING_NULL) /xlators/storage/bd/src/bd-helper.c: 913 in bd_do_ioctl_zerofill() 907 p = strrchr (dmname, '/'); 908 if (p) 909 dm = p + 1; 910 else 911 dm = dmname; 912
CID 1134020: String not null terminated (STRING_NULL) Passing unterminated string "dm" to "sprintf(char * restrict, char const * restrict, ...)".
913 sprintf(sysfs, "/sys/block/%s/queue/write_same_max_bytes", dm); 914 sysfd = open (sysfs, O_RDONLY); 915 if (sysfd < 0) { 916 gf_log ("bd_do_ioctl_zerofill", GF_LOG_DEBUG, 917 "sysfs file %s does not exist", lvname); 918 goto skip; /xlators/storage/bd/src/bd-helper.c: 907 in bd_do_ioctl_zerofill() 901 902 uuid_utoa_r (bdatt->iatt.ia_gfid, uuid); 903 sprintf (lvname, "/dev/%s/%s", vg, uuid); 904 905 readlink (lvname, dmname, sizeof (dmname)); 906
CID 1134020: String not null terminated (STRING_NULL) Passing unterminated string "dmname" to "strrchr(char const *, int)", which expects a null-terminated string.
907 p = strrchr (dmname, '/'); 908 if (p) 909 dm = p + 1; 910 else 911 dm = dmname; 912 ________________________________________________________________________________________________________ *** CID 1128916: Resource leak (RESOURCE_LEAK) /xlators/storage/bd/src/bd-helper.c: 345 in bd_validate_bd_xattr() 339 } 340 341 /* Destination file does not exist */ 342 if (stat (path, &stbuf)) { 343 gf_log (this->name, GF_LOG_WARNING, 344 "lstat failed for path %s", path);
CID 1128916: Resource leak (RESOURCE_LEAK) Variable "path" going out of scope leaks the storage it points to.
345 return -1; 346 } 347 348 vg = lvm_vg_open (priv->handle, priv->vg, "r", 0); 349 if (!vg) { 350 gf_log (this->name, GF_LOG_WARNING, ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/987?tab=Overview To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
_______________________________________________ Gluster-devel mailing list Gluster-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/gluster-devel