Ganesh Murthy created DISPATCH-1387: ---------------------------------------
Summary: Coverity issues on master branch Key: DISPATCH-1387 URL: https://issues.apache.org/jira/browse/DISPATCH-1387 Project: Qpid Dispatch Issue Type: Improvement Components: Container Affects Versions: 1.8.0 Reporter: Ganesh Murthy Fix For: 1.9.0 {noformat} Please find the latest report on new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan. 18 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 18 of 18 defect(s) ** CID 344879: (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 344879: (FORWARD_NULL) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: 193 in qdra_config_address_get_first_CT() 187 qdr_agent_write_config_address_CT(query, addr); 188 189 // 190 // Advance to the next address 191 // 192 query->next_offset = offset; >>> CID 344879: (FORWARD_NULL) >>> Passing null pointer "addr" to "qdr_manage_advance_config_address_CT", >>>which dereferences it. 193 qdr_manage_advance_config_address_CT(query, addr); 194 195 // 196 // Enqueue the response. 197 // 198 qdr_agent_enqueue_response_CT(core, query); /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: 187 in qdra_config_address_get_first_CT() 181 addr = DEQ_NEXT(addr); 182 assert(addr); 183 184 // 185 // Write the columns of the object into the response body. 186 // >>> CID 344879: (FORWARD_NULL) >>> Passing null pointer "addr" to "qdr_agent_write_config_address_CT", >>>which dereferences it. 187 qdr_agent_write_config_address_CT(query, addr); 188 189 // 190 // Advance to the next address 191 // 192 query->next_offset = offset; ** CID 344878: API usage errors (PRINTF_ARGS) ________________________________________________________________________________________________________ *** CID 344878: API usage errors (PRINTF_ARGS) /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in callback_metrics() 552 stats->headers_sent = true; 553 } 554 555 while (stats->current < metrics_length) { 556 if (write_metric(&position, end, &metrics[stats->current], &stats->context->stats)) { 557 stats->current++; >>> CID 344878: API usage errors (PRINTF_ARGS) >>> Argument "stats->current" to format specifier "%i" was expected to have >>>type "int" but has type "unsigned long". 558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of %i", stats->current, metrics_length); 559 } else { 560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in buffer"); 561 break; 562 } 563 } ** CID 344877: API usage errors (PRINTF_ARGS) ________________________________________________________________________________________________________ *** CID 344877: API usage errors (PRINTF_ARGS) /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in callback_metrics() 552 stats->headers_sent = true; 553 } 554 555 while (stats->current < metrics_length) { 556 if (write_metric(&position, end, &metrics[stats->current], &stats->context->stats)) { 557 stats->current++; >>> CID 344877: API usage errors (PRINTF_ARGS) >>> Argument "metrics_length" to format specifier "%i" was expected to have >>>type "int" but has type "unsigned long". 558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of %i", stats->current, metrics_length); 559 } else { 560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in buffer"); 561 break; 562 } 563 } ** CID 344876: (FORWARD_NULL) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 331 in qdra_conn_link_route_get_first_CT() ________________________________________________________________________________________________________ *** CID 344876: (FORWARD_NULL) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 329 in qdra_conn_link_route_get_first_CT() 323 // 324 qdr_link_route_t *lr = DEQ_HEAD(conn->conn_link_routes); 325 for (int i = 0; i < offset && lr; i++) 326 lr = DEQ_NEXT(lr); 327 assert(lr); 328 // write the lr into the response and advance to next >>> CID 344876: (FORWARD_NULL) >>> Passing null pointer "lr" to "_write_as_list_CT", which dereferences it. 329 _write_as_list_CT(query, lr); 330 query->next_offset = offset + 1; 331 query->more = DEQ_NEXT(lr) != NULL; 332 } 333 qdr_agent_enqueue_response_CT(core, query); 334 } /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 331 in qdra_conn_link_route_get_first_CT() 325 for (int i = 0; i < offset && lr; i++) 326 lr = DEQ_NEXT(lr); 327 assert(lr); 328 // write the lr into the response and advance to next 329 _write_as_list_CT(query, lr); 330 query->next_offset = offset + 1; >>> CID 344876: (FORWARD_NULL) >>> Dereferencing null pointer "lr". 331 query->more = DEQ_NEXT(lr) != NULL; 332 } 333 qdr_agent_enqueue_response_CT(core, query); 334 } 335 336 ** CID 344875: API usage errors (PRINTF_ARGS) ________________________________________________________________________________________________________ *** CID 344875: API usage errors (PRINTF_ARGS) /home/kgiusti/work/dispatch/qpid-dispatch/src/policy.c: 1294 in qd_policy_host_pattern_add() 1288 assert (recovered); 1289 (void)recovered; /* Silence compiler complaints of unused variable */ 1290 } 1291 sys_mutex_unlock(policy->tree_lock); 1292 if (oldp) { 1293 free(payload); >>> CID 344875: API usage errors (PRINTF_ARGS) >>> Argument "oldp" to format specifier "%s" was expected to have type >>>"char *" but has type "void *". 1294 qd_log(policy->log_source, 1295 QD_LOG_WARNING, 1296 "vhost hostname pattern '%s' failed to replace optimized pattern '%s'", 1297 hostPattern, oldp); 1298 } 1299 return oldp == 0; ** CID 344874: Memory - corruptions (OVERLAPPING_COPY) /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in set_rhost_port() ________________________________________________________________________________________________________ *** CID 344874: Memory - corruptions (OVERLAPPING_COPY) /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in set_rhost_port() 589 if (sa && salen) { 590 char rport[NI_MAXSERV] = ""; 591 int err = getnameinfo(sa, salen, 592 ctx->rhost, sizeof(ctx->rhost), rport, sizeof(rport), 593 NI_NUMERICHOST | NI_NUMERICSERV); 594 if (!err) { >>> CID 344874: Memory - corruptions (OVERLAPPING_COPY) >>> In the call to function "snprintf", the object pointed to by argument >>>"ctx->rhost" may overlap with the object pointed to by argument >>>"ctx->rhost_port". 595 snprintf(ctx->rhost_port, sizeof(ctx->rhost_port), "%s:%s", ctx->rhost, rport); 596 } 597 } 598 } 599 600 ** CID 344873: (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 344873: (FORWARD_NULL) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: 222 in qdra_config_link_route_get_first_CT() 216 qdr_agent_write_config_link_route_CT(query, lr); 217 218 // 219 // Advance to the next link_route 220 // 221 query->next_offset = offset; >>> CID 344873: (FORWARD_NULL) >>> Passing null pointer "lr" to "qdr_manage_advance_config_link_route_CT", >>>which dereferences it. 222 qdr_manage_advance_config_link_route_CT(query, lr); 223 224 // 225 // Enqueue the response. 226 // 227 qdr_agent_enqueue_response_CT(core, query); /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: 216 in qdra_config_link_route_get_first_CT() 210 lr = DEQ_NEXT(lr); 211 assert(lr); 212 213 // 214 // Write the columns of the object into the response body. 215 // >>> CID 344873: (FORWARD_NULL) >>> Passing null pointer "lr" to "qdr_agent_write_config_link_route_CT", >>>which dereferences it. 216 qdr_agent_write_config_link_route_CT(query, lr); 217 218 // 219 // Advance to the next link_route 220 // 221 query->next_offset = offset; ** CID 344872: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 344872: Null pointer dereferences (FORWARD_NULL) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_address.c: 301 in qdra_address_get_first_CT() 295 qdr_manage_write_address_list_CT(core, query, addr); 296 297 // 298 // Advance to the next address 299 // 300 query->next_offset = offset; >>> CID 344872: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "addr" to "qdr_manage_advance_address_CT", which >>>dereferences it. 301 qdr_manage_advance_address_CT(query, addr); 302 303 // 304 // Enqueue the response. 305 // 306 qdr_agent_enqueue_response_CT(core, query); ** CID 344871: (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 344871: (FORWARD_NULL) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: 229 in qdra_config_auto_link_get_first_CT() 223 qdr_agent_write_config_auto_link_CT(query, al); 224 225 // 226 // Advance to the next auto_link 227 // 228 query->next_offset = offset; >>> CID 344871: (FORWARD_NULL) >>> Passing null pointer "al" to "qdr_manage_advance_config_auto_link_CT", >>>which dereferences it. 229 qdr_manage_advance_config_auto_link_CT(query, al); 230 231 // 232 // Enqueue the response. 233 // 234 qdr_agent_enqueue_response_CT(core, query); /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: 223 in qdra_config_auto_link_get_first_CT() 217 al = DEQ_NEXT(al); 218 assert(al); 219 220 // 221 // Write the columns of the object into the response body. 222 // >>> CID 344871: (FORWARD_NULL) >>> Passing null pointer "al" to "qdr_agent_write_config_auto_link_CT", >>>which dereferences it. 223 qdr_agent_write_config_auto_link_CT(query, al); 224 225 // 226 // Advance to the next auto_link 227 // 228 query->next_offset = offset; ** CID 344870: (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 344870: (FORWARD_NULL) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 327 in qdra_link_get_first_CT() 321 qdr_agent_write_link_CT(core, query, link); 322 323 // 324 // Advance to the next address 325 // 326 query->next_offset = offset; >>> CID 344870: (FORWARD_NULL) >>> Passing null pointer "link" to "qdr_manage_advance_link_CT", which >>>dereferences it. 327 qdr_manage_advance_link_CT(query, link); 328 329 // 330 // Enqueue the response. 331 // 332 qdr_agent_enqueue_response_CT(core, query); /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 321 in qdra_link_get_first_CT() 315 link = DEQ_NEXT(link); 316 assert(link); 317 318 // 319 // Write the columns of the link into the response body. 320 // >>> CID 344870: (FORWARD_NULL) >>> Passing null pointer "link" to "qdr_agent_write_link_CT", which >>>dereferences it. 321 qdr_agent_write_link_CT(core, query, link); 322 323 // 324 // Advance to the next address 325 // 326 query->next_offset = offset; ** CID 344869: (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 344869: (FORWARD_NULL) /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: 337 in qdra_connection_get_first_CT() 331 qdr_agent_write_connection_CT(core, query, conn); 332 333 // 334 // Advance to the next connection 335 // 336 query->next_offset = offset; >>> CID 344869: (FORWARD_NULL) >>> Passing null pointer "conn" to "qdr_manage_advance_connection_CT", >>>which dereferences it. 337 qdr_manage_advance_connection_CT(query, conn); 338 339 // 340 // Enqueue the response. 341 // 342 qdr_agent_enqueue_response_CT(core, query); /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: 331 in qdra_connection_get_first_CT() 325 conn = DEQ_NEXT(conn); 326 assert(conn); 327 328 // 329 // Write the columns of the object into the response body. 330 // >>> CID 344869: (FORWARD_NULL) >>> Passing null pointer "conn" to "qdr_agent_write_connection_CT", which >>>dereferences it. 331 qdr_agent_write_connection_CT(core, query, conn); 332 333 // 334 // Advance to the next connection 335 // 336 query->next_offset = offset; ** CID 344868: Insecure data handling (TAINTED_SCALAR) ________________________________________________________________________________________________________ *** CID 344868: Insecure data handling (TAINTED_SCALAR) /home/kgiusti/work/dispatch/qpid-dispatch/src/connection_manager.c: 556 in qd_dispatch_configure_ssl_profile() 550 ssl_profile->ssl_uid_format = qd_entity_opt_string(entity, "uidFormat", 0); CHECK(); 551 ssl_profile->uid_name_mapping_file = qd_entity_opt_string(entity, "uidNameMappingFile", 0); CHECK(); 552 553 // 554 // Process the password to handle any modifications or lookups needed 555 // >>> CID 344868: Insecure data handling (TAINTED_SCALAR) >>> Passing tainted variable "ssl_profile->ssl_password" to a tainted sink. 556 qd_config_ssl_profile_process_password(ssl_profile); CHECK(); 557 558 qd_log(cm->log_source, QD_LOG_INFO, "Created SSL Profile with name %s ", ssl_profile->name); 559 return ssl_profile; 560 561 error: ** CID 344867: API usage errors (PRINTF_ARGS) ________________________________________________________________________________________________________ *** CID 344867: API usage errors (PRINTF_ARGS) /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 61 in logger() 55 static void logger(int lll, const char *line) { 56 if (strstr(line, IGNORED)) return; 57 size_t len = strlen(line); 58 while (len > 1 && isspace(line[len-1])) { /* Strip trailing newline */ 59 --len; 60 } >>> CID 344867: API usage errors (PRINTF_ARGS) >>> Precision argument "len" to format specifier "%.*s" was expected to >>>have type "int" but has type "unsigned long". 61 qd_log(http_log, qd_level(lll), "%.*s", len, line); 62 } 63 64 static void log_init() { 65 http_log = qd_log_source("HTTP"); 66 int levels = 0; ** CID 344866: Control flow issues (DEADCODE) /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in qd_parse_annotations_v1() ________________________________________________________________________________________________________ *** CID 344866: Control flow issues (DEADCODE) /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in qd_parse_annotations_v1() 826 case QD_MAE_TO: 827 *ma_to_override = val_field; 828 break; 829 case QD_MAE_PHASE: 830 *ma_phase = val_field; 831 break; >>> CID 344866: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "case QD_MAE_NONE:". 832 case QD_MAE_NONE: 833 assert(false); 834 break; 835 } 836 837 qd_iterator_free(val_iter); ** CID 336747: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger() ________________________________________________________________________________________________________ *** CID 336747: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger() 75 static char* test_send_to_messenger(void *context) 76 { 77 qd_message_t *msg = qd_message(); 78 qd_message_content_t *content = MSG_CONTENT(msg); 79 qd_message_compose_1(msg, "test_addr_0", 0); 80 qd_buffer_t *buf = DEQ_HEAD(content->buffers); >>> CID 336747: Resource leaks (RESOURCE_LEAK) >>> Variable "msg" going out of scope leaks the storage it points to. 81 if (buf == 0) return "Expected a buffer in the test message"; 82 83 pn_message_t *pn_msg = pn_message(); 84 size_t len = flatten_bufs(content); 85 int result = pn_message_decode(pn_msg, buffer, len); 86 if (result != 0) { ** CID 336746: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_send_message_annotations() ________________________________________________________________________________________________________ *** CID 336746: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_send_message_annotations() 335 if (result != 0) { 336 qd_message_free(msg); 337 return "Error in pn_message_decode"; 338 } 339 340 pn_data_t *ma = pn_message_annotations(pn_msg); >>> CID 336746: Resource leaks (RESOURCE_LEAK) >>> Variable "msg" going out of scope leaks the storage it points to. 341 if (!ma) return "Missing message annotations"; 342 pn_data_rewind(ma); 343 pn_data_next(ma); 344 if (pn_data_type(ma) != PN_MAP) return "Invalid message annotation type"; 345 if (pn_data_get_map(ma) != QD_MA_N_KEYS * 2) return "Invalid map length"; 346 pn_data_enter(ma); ** CID 142248: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map() ________________________________________________________________________________________________________ *** CID 142248: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map() 296 qd_iterator_t *key_iter = qd_parse_raw(key_field); 297 qd_iterator_t *typed_iter = qd_parse_typed(key_field); 298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) { 299 unsigned char *result = qd_iterator_copy(key_iter); 300 snprintf(error, 1000, "First key: expected 'first', got '%s'", result); 301 free (result); >>> CID 142248: Resource leaks (RESOURCE_LEAK) >>> Variable "field" going out of scope leaks the storage it points to. 302 return error; 303 } 304 305 if (!qd_iterator_equal(typed_iter, (unsigned char*) "\xa3\x05\x66irst")) 306 return "Incorrect typed iterator on first-key"; 307 ** CID 142246: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map() ________________________________________________________________________________________________________ *** CID 142246: Resource leaks (RESOURCE_LEAK) /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map() 296 qd_iterator_t *key_iter = qd_parse_raw(key_field); 297 qd_iterator_t *typed_iter = qd_parse_typed(key_field); 298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) { 299 unsigned char *result = qd_iterator_copy(key_iter); 300 snprintf(error, 1000, "First key: expected 'first', got '%s'", result); 301 free (result); >>> CID 142246: Resource leaks (RESOURCE_LEAK) >>> Variable "data_iter" going out of scope leaks the storage it points to. 302 return error; 303 } 304 305 if (!qd_iterator_equal(typed_iter, (unsigned char*) "\xa3\x05\x66irst")) 306 return "Incorrect typed iterator on first-key"; 307 \ {noformat} -- This message was sent by Atlassian JIRA (v7.6.14#76016) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org