[Gluster-devel] GlusterFS in Ubuntu issues (bug 1086460)

Lalatendu Mohanty lmohanty at redhat.com
Fri Apr 25 18:45:09 UTC 2014

On 04/25/2014 09:44 PM, Joe Julian wrote:
> GlusterFS was rejected during the security analysis with these comments:
>> here's just a list of what I found while reading the code:
>> - cppcheck reports ~20 real coding mistakes, perhaps a few false 
>> positives
>> - get_uuid_via_daemon() doesn't check fork() for error return
>> - rdd_valid_config() buffer overflow rdd_config.out_file.path
>> - gf_cli_print_limit_list() doesn't check sprintf(abspath) return value
>> - rb_malloc() and rb_free() ignore their allocator argument
>>   Not a security problem, but might be very surprising
>> - int_to_data() data_from_[u]int{64,32,16,8}() data_from_double()
>>   all re-calculate the length rather than use the return value from
>>   gf_asprintf(). (Not a security problem, just redundant.)
> Should we add cppcheck to Jenkins?

Yes, we must.  There is a Jenkins plug-in present for Cppcheck[1]. Also 
we should update the page for Cppcheck in gluster wiki[2]

[1] https://wiki.jenkins-ci.org/display/JENKINS/Cppcheck+Plugin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140426/8c06bb0a/attachment-0003.html>

More information about the Gluster-devel mailing list