[Gluster-devel] GlusterFS in Ubuntu issues (bug 1086460)
Lalatendu Mohanty
lmohanty at redhat.com
Mon Apr 28 06:27:01 UTC 2014
On 04/26/2014 03:53 AM, Joe Julian wrote:
> On 04/25/2014 03:11 PM, Justin Clift wrote:
>> On 25/04/2014, at 7:45 PM, Lalatendu Mohanty wrote:
>>> On 04/25/2014 09:44 PM, Joe Julian wrote:
>>>> GlusterFS was rejected during the security analysis with these
>>>> comments:
>>>>> here's just a list of what I found while reading the code:
>>>>> - cppcheck reports ~20 real coding mistakes, perhaps a few false
>>>>> positives
>>>>> - get_uuid_via_daemon() doesn't check fork() for error return
>>>>> - rdd_valid_config() buffer overflow rdd_config.out_file.path
>>>>> - gf_cli_print_limit_list() doesn't check sprintf(abspath) return
>>>>> value
>>>>> - rb_malloc() and rb_free() ignore their allocator argument
>>>>> Not a security problem, but might be very surprising
>>>>> - int_to_data() data_from_[u]int{64,32,16,8}() data_from_double()
>>>>> all re-calculate the length rather than use the return value from
>>>>> gf_asprintf(). (Not a security problem, just redundant.)
>>>> Should we add cppcheck to Jenkins?
>>> Yes, we must. There is a Jenkins plug-in present for Cppcheck[1].
>>> Also we should update the page for Cppcheck in gluster wiki[2]
>>>
>>> [1] https://wiki.jenkins-ci.org/display/JENKINS/Cppcheck+Plugin
>>> [2]
>>> http://www.gluster.org/community/documentation/index.php/Fixing_Issues_Reported_By_Tools_For_Static_Code_Analysis
>> Cppcheck home page:
>>
>> http://cppcheck.sourceforge.net
>>
>> It's in EPEL, so I've just yum installed it on build.gluster.org in
>> case someone has the time/inclination to get the Jenkins integration
>> happening. (I don't)
>>
>> + Justin
>>
> Just to keep all this discussion in one place:
>
> #gluster [10:01] <kkeithley> JoeJulian: I'll try running cppcheck to
> see how long it takes. I'm setting up a bunch of machines to do things
> like routinely run things like coverity, cppcheck, valgrind, etc. If
> cppcheck takes to long perhaps we just want a daily run instead of a
> run every time someone commits
I did a cppcheck run on git master of GlusterFS code and cloned the
original bug to mainline with the result[1]
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1091677
Thanks,
Lala
More information about the Gluster-devel
mailing list