[Gluster-devel] Fwd: New Defects reported by Coverity Scan for GlusterFS
Lalatendu Mohanty
lmohanty at redhat.com
Tue Jun 3 15:42:21 UTC 2014
If you are interested to fix these Coverity issues , check the below
link for guidelines:
http://www.gluster.org/community/documentation/index.php/Fixing_Issues_Reported_By_Tools_For_Static_Code_Analysis#Coverity
Thanks,
Lala
-------- Original Message --------
Subject: New Defects reported by Coverity Scan for GlusterFS
Date: Tue, 03 Jun 2014 08:22:38 -0700
From: scan-admin at coverity.com
Hi,
Please find the latest report on new defect(s) introduced to GlusterFS found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 14 of 14 defect(s)
** CID 1220068: Missing parentheses (CONSTANT_EXPRESSION_RESULT)
/xlators/features/snapview-server/src/snapview-server.c: 1265 in svs_fgetxattr()
** CID 1220067: Missing parentheses (CONSTANT_EXPRESSION_RESULT)
/xlators/features/snapview-server/src/snapview-server.c: 1158 in svs_getxattr()
** CID 1220066: Logically dead code (DEADCODE)
/xlators/features/snapview-server/src/snapview-server.c: 1268 in svs_fgetxattr()
** CID 1220065: Logically dead code (DEADCODE)
/xlators/features/snapview-server/src/snapview-server.c: 1160 in svs_getxattr()
** CID 1220064: Logically dead code (DEADCODE)
/xlators/features/snapview-server/src/snapview-server.c: 594 in svs_lookup_entry_point()
** CID 1220060: Resource leak (RESOURCE_LEAK)
/xlators/features/snapview-server/src/snapview-server.c: 1500 in svs_get_snapshot_list()
** CID 1220059: Resource leak (RESOURCE_LEAK)
/xlators/features/snapview-server/src/snapview-server.c: 1500 in svs_get_snapshot_list()
** CID 1220058: Resource leak (RESOURCE_LEAK)
/xlators/features/snapview-client/src/snapview-client.c: 1315 in svc_readdirp()
** CID 1220057: Resource leak (RESOURCE_LEAK)
/xlators/features/snapview-server/src/snapview-server.c: 860 in svs_lookup_entry()
** CID 1220063: Improper use of negative value (NEGATIVE_RETURNS)
/xlators/features/snapview-server/src/snapview-server.c: 1264 in svs_fgetxattr()
** CID 1220062: Improper use of negative value (NEGATIVE_RETURNS)
/xlators/features/snapview-server/src/snapview-server.c: 1157 in svs_getxattr()
** CID 1220061: Array compared against 0 (NO_EFFECT)
/xlators/features/snapview-server/src/snapview-server.c: 693 in svs_lookup_gfid()
** CID 1220056: Unused pointer value (UNUSED_VALUE)
/xlators/features/snapview-server/src/snapview-server.c: 999 in svs_lookup()
** CID 1220055: Use after free (USE_AFTER_FREE)
/xlators/features/snapview-server/src/snapview-server.c: 1319 in svs_fgetxattr()
/xlators/features/snapview-server/src/snapview-server.c: 1319 in svs_fgetxattr()
________________________________________________________________________________________________________
*** CID 1220068: Missing parentheses (CONSTANT_EXPRESSION_RESULT)
/xlators/features/snapview-server/src/snapview-server.c: 1265 in svs_fgetxattr()
1259 op_errno = EINVAL;
1260 goto out;
1261 }
1262
1263 if (inode_ctx->type == SNAP_VIEW_VIRTUAL_INODE) {
1264 size = glfs_fgetxattr (glfd, name, NULL, 0);
>>> CID 1220068: Missing parentheses (CONSTANT_EXPRESSION_RESULT)
>>> "!size == -1" is always false regardless of the values of its operands. Did you intend to either negate the entire comparison expression, in which case parentheses would be required around the entire comparison expression to force that interpretation, or negate the sense of the comparison (that is, use '!=' rather than '==')? This occurs as the logical operand of if.
1265 if (!size == -1) {
1266 gf_log (this->name, GF_LOG_ERROR, "getxattr on %s "
1267 "failed (key: %s)", uuid_utoa (fd->inode->gfid),
1268 name);
1269 op_ret = -1;
1270 op_errno = errno;
________________________________________________________________________________________________________
*** CID 1220067: Missing parentheses (CONSTANT_EXPRESSION_RESULT)
/xlators/features/snapview-server/src/snapview-server.c: 1158 in svs_getxattr()
1152 op_errno = EINVAL;
1153 goto out;
1154 } else if (inode_ctx->type == SNAP_VIEW_VIRTUAL_INODE) {
1155 fs = inode_ctx->fs;
1156 object = inode_ctx->object;
1157 size = glfs_h_getxattrs (fs, object, name, NULL, 0);
>>> CID 1220067: Missing parentheses (CONSTANT_EXPRESSION_RESULT)
>>> "!size == -1" is always false regardless of the values of its operands. Did you intend to either negate the entire comparison expression, in which case parentheses would be required around the entire comparison expression to force that interpretation, or negate the sense of the comparison (that is, use '!=' rather than '==')? This occurs as the logical operand of if.
1158 if (!size == -1) {
1159 gf_log (this->name, GF_LOG_ERROR, "getxattr on %s "
1160 "failed (key: %s)", loc->name, name);
1161 op_ret = -1;
1162 op_errno = errno;
1163 goto out;
________________________________________________________________________________________________________
*** CID 1220066: Logically dead code (DEADCODE)
/xlators/features/snapview-server/src/snapview-server.c: 1268 in svs_fgetxattr()
1262
1263 if (inode_ctx->type == SNAP_VIEW_VIRTUAL_INODE) {
1264 size = glfs_fgetxattr (glfd, name, NULL, 0);
1265 if (!size == -1) {
1266 gf_log (this->name, GF_LOG_ERROR, "getxattr on %s "
1267 "failed (key: %s)", uuid_utoa (fd->inode->gfid),
>>> CID 1220066: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "do {
do {
if (0)
...".
1268 name);
1269 op_ret = -1;
1270 op_errno = errno;
1271 goto out;
1272 }
1273 value = GF_CALLOC (size + 1, sizeof (char), gf_common_mt_char);
________________________________________________________________________________________________________
*** CID 1220065: Logically dead code (DEADCODE)
/xlators/features/snapview-server/src/snapview-server.c: 1160 in svs_getxattr()
1154 } else if (inode_ctx->type == SNAP_VIEW_VIRTUAL_INODE) {
1155 fs = inode_ctx->fs;
1156 object = inode_ctx->object;
1157 size = glfs_h_getxattrs (fs, object, name, NULL, 0);
1158 if (!size == -1) {
1159 gf_log (this->name, GF_LOG_ERROR, "getxattr on %s "
>>> CID 1220065: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "do {
do {
if (0)
...".
1160 "failed (key: %s)", loc->name, name);
1161 op_ret = -1;
1162 op_errno = errno;
1163 goto out;
1164 }
1165 value = GF_CALLOC (size + 1, sizeof (char), gf_common_mt_char);
________________________________________________________________________________________________________
*** CID 1220064: Logically dead code (DEADCODE)
/xlators/features/snapview-server/src/snapview-server.c: 594 in svs_lookup_entry_point()
588 }
589 uuid_copy (inode_ctx->pargfid, loc->pargfid);
590 memcpy (&inode_ctx->buf, buf, sizeof (*buf));
591 inode_ctx->type = SNAP_VIEW_ENTRY_POINT_INODE;
592 } else {
593 if (inode_ctx) {
>>> CID 1220064: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "memcpy(buf, &inode_ctx->buf...".
594 memcpy (buf, &inode_ctx->buf, sizeof (*buf));
595 svs_iatt_fill (inode_ctx->pargfid, postparent);
596 } else {
597 svs_iatt_fill (loc->inode->gfid, buf);
598 if (parent)
599 svs_iatt_fill (parent->gfid,
________________________________________________________________________________________________________
*** CID 1220060: Resource leak (RESOURCE_LEAK)
/xlators/features/snapview-server/src/snapview-server.c: 1500 in svs_get_snapshot_list()
1494 fclose (fpn);
1495 fclose (fpu);
1496
1497 ret = 0;
1498
1499 out:
>>> CID 1220060: Resource leak (RESOURCE_LEAK)
>>> Variable "fpu" going out of scope leaks the storage it points to.
1500 return ret;
1501 }
1502
1503 int
1504 svs_fill_readdir (xlator_t *this, gf_dirent_t *entries, size_t size, off_t off)
1505 {
________________________________________________________________________________________________________
*** CID 1220059: Resource leak (RESOURCE_LEAK)
/xlators/features/snapview-server/src/snapview-server.c: 1500 in svs_get_snapshot_list()
1494 fclose (fpn);
1495 fclose (fpu);
1496
1497 ret = 0;
1498
1499 out:
>>> CID 1220059: Resource leak (RESOURCE_LEAK)
>>> Variable "fpn" going out of scope leaks the storage it points to.
1500 return ret;
1501 }
1502
1503 int
1504 svs_fill_readdir (xlator_t *this, gf_dirent_t *entries, size_t size, off_t off)
1505 {
________________________________________________________________________________________________________
*** CID 1220058: Resource leak (RESOURCE_LEAK)
/xlators/features/snapview-client/src/snapview-client.c: 1315 in svc_readdirp()
1309 wind = _gf_true;
1310
1311 out:
1312 if (!wind)
1313 SVC_STACK_UNWIND (readdirp, frame, op_ret, op_errno, NULL, NULL);
1314
>>> CID 1220058: Resource leak (RESOURCE_LEAK)
>>> Variable "local" going out of scope leaks the storage it points to.
1315 return 0;
1316 }
1317
1318 /* Renaming the entries from or to snapshots is not allowed as the snapshots
1319 are read-only.
1320 */
________________________________________________________________________________________________________
*** CID 1220057: Resource leak (RESOURCE_LEAK)
/xlators/features/snapview-server/src/snapview-server.c: 860 in svs_lookup_entry()
854 memcpy (&inode_ctx->buf, buf, sizeof (*buf));
855 svs_iatt_fill (parent->gfid, postparent);
856
857 op_ret = 0;
858
859 out:
>>> CID 1220057: Resource leak (RESOURCE_LEAK)
>>> Variable "object" going out of scope leaks the storage it points to.
860 return op_ret;
861 }
862
863 /* inode context is there means lookup has come on an object which was
864 built either as part of lookup or as part of readdirp. But in readdirp
865 we would not have got the handle to access the object in the gfapi
________________________________________________________________________________________________________
*** CID 1220063: Improper use of negative value (NEGATIVE_RETURNS)
/xlators/features/snapview-server/src/snapview-server.c: 1264 in svs_fgetxattr()
1258 op_ret = -1;
1259 op_errno = EINVAL;
1260 goto out;
1261 }
1262
1263 if (inode_ctx->type == SNAP_VIEW_VIRTUAL_INODE) {
>>> CID 1220063: Improper use of negative value (NEGATIVE_RETURNS)
>>> Assigning: signed variable "size" = "glfs_fgetxattr(struct glfs_fd *, char const *, void *, size_t)".
1264 size = glfs_fgetxattr (glfd, name, NULL, 0);
1265 if (!size == -1) {
1266 gf_log (this->name, GF_LOG_ERROR, "getxattr on %s "
1267 "failed (key: %s)", uuid_utoa (fd->inode->gfid),
1268 name);
1269 op_ret = -1;
________________________________________________________________________________________________________
*** CID 1220062: Improper use of negative value (NEGATIVE_RETURNS)
/xlators/features/snapview-server/src/snapview-server.c: 1157 in svs_getxattr()
1151 op_ret = -1;
1152 op_errno = EINVAL;
1153 goto out;
1154 } else if (inode_ctx->type == SNAP_VIEW_VIRTUAL_INODE) {
1155 fs = inode_ctx->fs;
1156 object = inode_ctx->object;
>>> CID 1220062: Improper use of negative value (NEGATIVE_RETURNS)
>>> Assigning: signed variable "size" = "glfs_h_getxattrs(struct glfs *, struct glfs_object *, char const *, void *, size_t)".
1157 size = glfs_h_getxattrs (fs, object, name, NULL, 0);
1158 if (!size == -1) {
1159 gf_log (this->name, GF_LOG_ERROR, "getxattr on %s "
1160 "failed (key: %s)", loc->name, name);
1161 op_ret = -1;
1162 op_errno = errno;
________________________________________________________________________________________________________
*** CID 1220061: Array compared against 0 (NO_EFFECT)
/xlators/features/snapview-server/src/snapview-server.c: 693 in svs_lookup_gfid()
687 op_ret = -1;
688 *op_errno = ENOMEM;
689 goto out;
690 }
691
692 iatt_from_stat (buf, &statbuf);
>>> CID 1220061: Array compared against 0 (NO_EFFECT)
>>> Comparing an array to null is not useful: "loc->gfid".
693 if (loc->gfid)
694 uuid_copy (buf->ia_gfid, loc->gfid);
695 else
696 uuid_copy (buf->ia_gfid, loc->inode->gfid);
697
698 inode_ctx->type = SNAP_VIEW_VIRTUAL_INODE;
________________________________________________________________________________________________________
*** CID 1220056: Unused pointer value (UNUSED_VALUE)
/xlators/features/snapview-server/src/snapview-server.c: 999 in svs_lookup()
993
994 inode_ctx = svs_inode_ctx_get (this, loc->inode);
995
996 /* Initialize latest snapshot, which is used for nameless lookups */
997 dirent = svs_get_latest_snap_entry (this);
998 if (!dirent->fs)
>>> CID 1220056: Unused pointer value (UNUSED_VALUE)
>>> Pointer "fs" returned by "svs_initialise_snapshot_volume(this, dirent->name)" is never used.
999 fs = svs_initialise_snapshot_volume (this, dirent->name);
1000
1001 /* lookup is on the entry point to the snapshot world */
1002 if (entry_point) {
1003 op_ret = svs_lookup_entry_point (this, loc, parent, &buf,
1004 &postparent, &op_errno);
________________________________________________________________________________________________________
*** CID 1220055: Use after free (USE_AFTER_FREE)
/xlators/features/snapview-server/src/snapview-server.c: 1319 in svs_fgetxattr()
1313 op_ret = 0;
1314 op_errno = 0;
1315 }
1316
1317 out:
1318 if (op_ret)
>>> CID 1220055: Use after free (USE_AFTER_FREE)
>>> Calling "__gf_free(void *)" frees pointer "value" which has already been freed.
1319 GF_FREE (value);
1320
1321 STACK_UNWIND_STRICT (fgetxattr, frame, op_ret, op_errno, dict, NULL);
1322
1323 return 0;
1324 }
/xlators/features/snapview-server/src/snapview-server.c: 1319 in svs_fgetxattr()
1313 op_ret = 0;
1314 op_errno = 0;
1315 }
1316
1317 out:
1318 if (op_ret)
>>> CID 1220055: Use after free (USE_AFTER_FREE)
>>> Passing freed pointer "value" as an argument to function "__gf_free(void *)".
1319 GF_FREE (value);
1320
1321 STACK_UNWIND_STRICT (fgetxattr, frame, op_ret, op_errno, dict, NULL);
1322
1323 return 0;
1324 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/987?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140603/c55cd9c4/attachment-0001.html>
More information about the Gluster-devel
mailing list