[Gluster-devel] Fwd: New Defects reported by Coverity Scan for GlusterFS
Vijay Bellur
vbellur at redhat.com
Mon Dec 1 07:01:06 UTC 2014
Hi All,
Shall we set a goal for ourselves to be Coverity Scan clean by GlusterFS
3.7?
I think fixing problems reported in the incremental reports here would
be a good way of keeping the number of static analysis defects in
control. It would be great if developers who checked in code recently to
the files mentioned in these reports pay attention to the results.
Thanks,
Vijay
On 11/28/2014 12:37 PM, Lalatendu Mohanty wrote:
>
> Guideline for fixing Coverity issues :
> http://www.gluster.org/community/documentation/index.php/Fixing_Issues_Reported_By_Tools_For_Static_Code_Analysis#Coverity
>
> Thanks,
> Lala
>
> -------- Forwarded Message --------
> Subject: New Defects reported by Coverity Scan for GlusterFS
> Date: Thu, 27 Nov 2014 12:31:06 -0800
> From: scan-admin at coverity.com
> To: lala at redhat.com
>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to GlusterFS found with Coverity Scan.
>
> 13 new defect(s) introduced to GlusterFS found with Coverity Scan.
> 97 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 13 of 13 defect(s)
>
>
> ** CID 1256178: Logically dead code (DEADCODE)
> /api/src/glfs.c: 153 in glusterfs_ctx_defaults_init()
>
> ** CID 1256180: Logically dead code (DEADCODE)
> /api/src/glfs.c: 161 in glusterfs_ctx_defaults_init()
>
> ** CID 1256176: Logically dead code (DEADCODE)
> /glusterfsd/src/glusterfsd.c: 1426 in glusterfs_ctx_defaults_init()
>
> ** CID 1256179: Dereference after null check (FORWARD_NULL)
> /xlators/nfs/server/src/mount3.c: 1082 in mnt3_readlink_cbk()
>
> ** CID 1256177: Explicit null dereferenced (FORWARD_NULL)
> /api/src/glfs-fops.c: 702 in pub_glfs_preadv_async()
>
> ** CID 1256175: Array compared against 0 (NO_EFFECT)
> /xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()
> /xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()
>
> ** CID 1256173: Thread deadlock (ORDER_REVERSAL)
> /xlators/cluster/ec/src/ec-common.c: 1335 in ec_unlock_timer_add()
>
> ** CID 1256174: Copy into fixed size buffer (STRING_OVERFLOW)
> /xlators/mgmt/glusterd/src/glusterd.c: 287 in glusterd_dump_peer()
>
> ** CID 1256172: Copy into fixed size buffer (STRING_OVERFLOW)
> /xlators/mgmt/glusterd/src/glusterd.c: 330 in glusterd_dump_peer_rpcstat()
>
> ** CID 1256171: Copy into fixed size buffer (STRING_OVERFLOW)
> /xlators/mgmt/glusterd/src/glusterd-handshake.c: 279 in build_volfile_path()
>
> ** CID 1238183: Missing break in switch (MISSING_BREAK)
> /xlators/mgmt/glusterd/src/glusterd-rebalance.c: 577 in glusterd_op_stage_rebalance()
>
> ** CID 1228602: Use of untrusted scalar value (TAINTED_SCALAR)
> /xlators/mount/fuse/src/fuse-bridge.c: 4843 in fuse_thread_proc()
>
> ** CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
>
>
> ________________________________________________________________________________________________________
> *** CID 1256178: Logically dead code (DEADCODE)
> /api/src/glfs.c: 153 in glusterfs_ctx_defaults_init()
> 147
> 148 pthread_mutex_init (&(ctx->lock), NULL);
> 149
> 150 ret = 0;
> 151 err:
> 152 if (ret && pool) {
>>>> CID 1256178: Logically dead code (DEADCODE)
>>>> Execution cannot reach this statement "if (pool->frame_mem_pool)
> ...".
> 153 if (pool->frame_mem_pool)
> 154 mem_pool_destroy (pool->frame_mem_pool);
> 155 if (pool->stack_mem_pool)
> 156 mem_pool_destroy (pool->stack_mem_pool);
> 157 GF_FREE (pool);
> 158 }
>
> ________________________________________________________________________________________________________
> *** CID 1256180: Logically dead code (DEADCODE)
> /api/src/glfs.c: 161 in glusterfs_ctx_defaults_init()
> 155 if (pool->stack_mem_pool)
> 156 mem_pool_destroy (pool->stack_mem_pool);
> 157 GF_FREE (pool);
> 158 }
> 159
> 160 if (ret && ctx) {
>>>> CID 1256180: Logically dead code (DEADCODE)
>>>> Execution cannot reach this statement "if (ctx->stub_mem_pool)
> m...".
> 161 if (ctx->stub_mem_pool)
> 162 mem_pool_destroy (ctx->stub_mem_pool);
> 163 if (ctx->dict_pool)
> 164 mem_pool_destroy (ctx->dict_pool);
> 165 if (ctx->dict_data_pool)
> 166 mem_pool_destroy (ctx->dict_data_pool);
>
> ________________________________________________________________________________________________________
> *** CID 1256176: Logically dead code (DEADCODE)
> /glusterfsd/src/glusterfsd.c: 1426 in glusterfs_ctx_defaults_init()
> 1420 lim.rlim_max = RLIM_INFINITY;
> 1421 setrlimit (RLIMIT_CORE, &lim);
> 1422
> 1423 ret = 0;
> 1424 out:
> 1425
>>>> CID 1256176: Logically dead code (DEADCODE)
>>>> Execution cannot reach this expression "ctx" inside statement "if (ret && ctx) {
> if (ctx...".
> 1426 if (ret && ctx) {
> 1427 if (ctx->pool) {
> 1428 mem_pool_destroy (ctx->pool->frame_mem_pool);
> 1429 mem_pool_destroy (ctx->pool->stack_mem_pool);
> 1430 }
> 1431 GF_FREE (ctx->pool);
>
> ________________________________________________________________________________________________________
> *** CID 1256179: Dereference after null check (FORWARD_NULL)
> /xlators/nfs/server/src/mount3.c: 1082 in mnt3_readlink_cbk()
> 1076 GF_FREE (relative_path);
> 1077
> 1078 return ret;
> 1079
> 1080 mnterr:
> 1081 mntstat = mnt3svc_errno_to_mnterr (-ret);
>>>> CID 1256179: Dereference after null check (FORWARD_NULL)
>>>> Dereferencing null pointer "mres".
> 1082 mnt3svc_mnt_error_reply (mres->req, mntstat);
> 1083 if (absolute_path)
> 1084 GF_FREE (absolute_path);
> 1085 if (parent_path)
> 1086 GF_FREE (parent_path);
> 1087 if (relative_path)
>
> ________________________________________________________________________________________________________
> *** CID 1256177: Explicit null dereferenced (FORWARD_NULL)
> /api/src/glfs-fops.c: 702 in pub_glfs_preadv_async()
> 696 void *data)
> 697 {
> 698 struct glfs_io *gio = NULL;
> 699 int ret = 0;
> 700 call_frame_t *frame = NULL;
> 701 xlator_t *subvol = NULL;
>>>> CID 1256177: Explicit null dereferenced (FORWARD_NULL)
>>>> Assigning: "fs" = "NULL".
> 702 glfs_t *fs = NULL;
> 703 fd_t *fd = NULL;
> 704
> 705 __glfs_entry_fd (glfd);
> 706
> 707 subvol = priv_glfs_active_subvol (glfd->fs);
>
> ________________________________________________________________________________________________________
> *** CID 1256175: Array compared against 0 (NO_EFFECT)
> /xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()
> 2427 }
> 2428
> 2429 continue;
> 2430 }
> 2431
> 2432 /* Check if the brick has a LV associated with it */
>>>> CID 1256175: Array compared against 0 (NO_EFFECT)
>>>> Comparing an array to null is not useful: "!brickinfo->device_path".
> 2433 if (!brickinfo->device_path) {
> 2434 gf_log (this->name, GF_LOG_DEBUG,
> 2435 "Brick (%s:%s) does not have a LV "
> 2436 "associated with it. Removing the brick path",
> 2437 brickinfo->hostname, brickinfo->path);
> 2438 goto remove_brick_path;
> /xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()
> 2427 }
> 2428
> 2429 continue;
> 2430 }
> 2431
> 2432 /* Check if the brick has a LV associated with it */
>>>> CID 1256175: Array compared against 0 (NO_EFFECT)
>>>> Comparing an array to null is not useful: "brickinfo->device_path".
> 2433 if (!brickinfo->device_path) {
> 2434 gf_log (this->name, GF_LOG_DEBUG,
> 2435 "Brick (%s:%s) does not have a LV "
> 2436 "associated with it. Removing the brick path",
> 2437 brickinfo->hostname, brickinfo->path);
> 2438 goto remove_brick_path;
>
> ________________________________________________________________________________________________________
> *** CID 1256173: Thread deadlock (ORDER_REVERSAL)
> /xlators/cluster/ec/src/ec-common.c: 1335 in ec_unlock_timer_add()
> 1329 } else {
> 1330 ec_trace("UNLOCK_DELAY", fop, "lock=%p", lock);
> 1331
> 1332 delay.tv_sec = 1;
> 1333 delay.tv_nsec = 0;
> 1334
>>>> CID 1256173: Thread deadlock (ORDER_REVERSAL)
>>>> Calling "pthread_spin_lock(pthread_spinlock_t *)" acquires lock "_ec_fop_data.lock" while holding lock "_inode.lock" (count: 1 / 3).
> 1335 LOCK(&fop->lock);
> 1336
> 1337 fop->jobs++;
> 1338 fop->refs++;
> 1339
> 1340 UNLOCK(&fop->lock);
>
> ________________________________________________________________________________________________________
> *** CID 1256174: Copy into fixed size buffer (STRING_OVERFLOW)
> /xlators/mgmt/glusterd/src/glusterd.c: 287 in glusterd_dump_peer()
> 281 glusterd_dump_peer (glusterd_peerinfo_t *peerinfo, char *input_key, int index,
> 282 gf_boolean_t xpeers)
> 283 {
> 284 char subkey[50] = {0,};
> 285 char key[GF_DUMP_MAX_BUF_LEN] = {0,};
> 286
>>>> CID 1256174: Copy into fixed size buffer (STRING_OVERFLOW)
>>>> Note: This defect has an elevated risk because the source argument is a parameter of the current function.
> 287 strcpy (key, input_key);
> 288
> 289 snprintf (subkey, sizeof (subkey), "%s%d", key, index);
> 290
> 291 gf_proc_dump_build_key (key, subkey, "uuid");
> 292 gf_proc_dump_write (key, "%s",
>
> ________________________________________________________________________________________________________
> *** CID 1256172: Copy into fixed size buffer (STRING_OVERFLOW)
> /xlators/mgmt/glusterd/src/glusterd.c: 330 in glusterd_dump_peer_rpcstat()
> 324 int ret = -1;
> 325 rpc_clnt_t *rpc = NULL;
> 326 char rpcsvc_peername[RPCSVC_PEER_STRLEN] = {0,};
> 327 char subkey[50] = {0,};
> 328 char key[GF_DUMP_MAX_BUF_LEN] = {0,};
> 329
>>>> CID 1256172: Copy into fixed size buffer (STRING_OVERFLOW)
>>>> Note: This defect has an elevated risk because the source argument is a parameter of the current function.
> 330 strcpy (key, input_key);
> 331
> 332 /* Dump the rpc connection statistics */
> 333 rpc = peerinfo->rpc;
> 334 if (rpc) {
> 335 conn = &rpc->conn;
>
> ________________________________________________________________________________________________________
> *** CID 1256171: Copy into fixed size buffer (STRING_OVERFLOW)
> /xlators/mgmt/glusterd/src/glusterd-handshake.c: 279 in build_volfile_path()
> 273 if (ret == -1)
> 274 goto out;
> 275
> 276 ret = stat (path, &stbuf);
> 277
> 278 if ((ret == -1) && (errno == ENOENT)) {
>>>> CID 1256171: Copy into fixed size buffer (STRING_OVERFLOW)
>>>> You might overrun the 4096 byte fixed-size string "dup_volid" by copying "volid_ptr" without checking the length.
> 279 strcpy (dup_volid, volid_ptr);
> 280 if (!strchr (dup_volid, '.')) {
> 281 switch (volinfo->transport_type) {
> 282 case GF_TRANSPORT_TCP:
> 283 strcat (dup_volid, ".tcp");
> 284 break;
>
> ________________________________________________________________________________________________________
> *** CID 1238183: Missing break in switch (MISSING_BREAK)
> /xlators/mgmt/glusterd/src/glusterd-rebalance.c: 577 in glusterd_op_stage_rebalance()
> 571 "disconnect those clients before "
> 572 "attempting this command again.",
> 573 volname);
> 574 goto out;
> 575 }
> 576
>>>> CID 1238183: Missing break in switch (MISSING_BREAK)
>>>> The above case falls through to this one.
> 577 case GF_DEFRAG_CMD_START_FORCE:
> 578 if (is_origin_glusterd (dict)) {
> 579 op_ctx = glusterd_op_get_ctx ();
> 580 if (!op_ctx) {
> 581 ret = -1;
> 582 gf_log (this->name, GF_LOG_ERROR,
>
> ________________________________________________________________________________________________________
> *** CID 1228602: Use of untrusted scalar value (TAINTED_SCALAR)
> /xlators/mount/fuse/src/fuse-bridge.c: 4843 in fuse_thread_proc()
> 4837 "short read on /dev/fuse");
> 4838 fuse_log_eh (this, "glusterfs-fuse: short read on "
> 4839 "/dev/fuse");
> 4840 break;
> 4841 }
> 4842
>>>> CID 1228602: Use of untrusted scalar value (TAINTED_SCALAR)
>>>> Assigning: "finh" = "(fuse_in_header_t *)iov_in[0].iov_base". Both are now tainted.
> 4843 finh = (fuse_in_header_t *)iov_in[0].iov_base;
> 4844
> 4845 if (res != finh->len
> 4846 #ifdef GF_DARWIN_HOST_OS
> 4847 /* work around fuse4bsd/MacFUSE msg size miscalculation bug,
> 4848 * that is, payload size is not taken into account for
>
> ________________________________________________________________________________________________________
> *** CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
> 2125 lines = NULL;
> 2126 goto out;
> 2127 }
> 2128 lines = p;
> 2129 }
> 2130
>>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
> 2131 lines[counter] = gf_strdup (buffer);
> 2132 }
> 2133
> 2134 lines[counter] = NULL;
> 2135 /* Reduce allocation to minimal size. */
> 2136 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
> 2125 lines = NULL;
> 2126 goto out;
> 2127 }
> 2128 lines = p;
> 2129 }
> 2130
>>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
> 2131 lines[counter] = gf_strdup (buffer);
> 2132 }
> 2133
> 2134 lines[counter] = NULL;
> 2135 /* Reduce allocation to minimal size. */
> 2136 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
> 2125 lines = NULL;
> 2126 goto out;
> 2127 }
> 2128 lines = p;
> 2129 }
> 2130
>>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
> 2131 lines[counter] = gf_strdup (buffer);
> 2132 }
> 2133
> 2134 lines[counter] = NULL;
> 2135 /* Reduce allocation to minimal size. */
> 2136 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
> 2125 lines = NULL;
> 2126 goto out;
> 2127 }
> 2128 lines = p;
> 2129 }
> 2130
>>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
> 2131 lines[counter] = gf_strdup (buffer);
> 2132 }
> 2133
> 2134 lines[counter] = NULL;
> 2135 /* Reduce allocation to minimal size. */
> 2136 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
>
>
> ________________________________________________________________________________________________________
> To view the defects in Coverity Scan visit,http://scan.coverity.com/projects/987?tab=overview
>
> To unsubscribe from the email notification for new defects,http://scan5.coverity.com/cgi-bin/unsubscribe.py
>
>
>
>
>
>
>
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at gluster.org
> http://supercolony.gluster.org/mailman/listinfo/gluster-devel
>
More information about the Gluster-devel
mailing list