[Gluster-devel] Fwd: New Defects reported by Coverity Scan for GlusterFS
Lalatendu Mohanty
lmohanty at redhat.com
Fri Jan 17 10:15:53 UTC 2014
-------- Original Message --------
Subject: New Defects reported by Coverity Scan for GlusterFS
Date: Fri, 17 Jan 2014 02:06:17 -0800
From: scan-admin at coverity.com
Hi,
Please find the latest report on new defect(s) introduced to GlusterFS found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 20 of 466 defect(s)
** CID 11205: Time of check time of use (TOCTOU)
/libglusterfs/src/common-utils.c: 90 in mkdir_p()
** CID 1124359: Unchecked return value (CHECKED_RETURN)
/xlators/protocol/client/src/client-rpc-fops.c: 2928 in client_fdctx_destroy()
/xlators/protocol/client/src/client-rpc-fops.c: 2937 in client_fdctx_destroy()
** CID 1124364: Unchecked return value from library (CHECKED_RETURN)
/xlators/storage/posix/src/posix.c: 1502 in posix_rmdir()
** CID 1124360: Unchecked return value (CHECKED_RETURN)
/xlators/performance/write-behind/src/write-behind.c: 1794 in wb_release()
** CID 1124362: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/afr/src/afr-self-heal-common.c: 2137 in afr_sh_entrylk()
** CID 1124358: Unchecked return value (CHECKED_RETURN)
/xlators/protocol/client/src/client.c: 2446 in client_init_grace_timer()
** CID 1124354: Unchecked return value from library (CHECKED_RETURN)
/xlators/storage/posix/src/posix-handle.c: 492 in posix_handle_init()
** CID 1124342: Free of array-typed value (BAD_FREE)
/xlators/cluster/afr/src/afr-self-heal-metadata.c: 438 in afr_set_metadata_sh_info_str()
** CID 1124344: Free of array-typed value (BAD_FREE)
/xlators/mgmt/glusterd/src/glusterd-handler.c: 2571 in __glusterd_handle_mount()
** CID 1124343: Free of array-typed value (BAD_FREE)
/xlators/cluster/afr/src/afr-self-heal-data.c: 902 in afr_set_data_sh_info_str()
/xlators/cluster/afr/src/afr-self-heal-data.c: 906 in afr_set_data_sh_info_str()
** CID 1124341: Free of array-typed value (BAD_FREE)
/xlators/protocol/server/src/server-handshake.c: 164 in getspec_build_volfile_path()
** CID 1124340: Free of array-typed value (BAD_FREE)
/glusterfsd/src/glusterfsd.c: 1406 in parse_cmdline()
** CID 1124353: Unchecked return value (CHECKED_RETURN)
/api/src/glfs-resolve.c: 447 in glfs_resolve_at()
** CID 1124352: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/dht/src/dht-shared.c: 533 in dht_init()
** CID 1124351: Unchecked return value from library (CHECKED_RETURN)
/xlators/features/changelog/lib/src/gf-changelog-process.c: 438 in gf_changelog_decode()
** CID 1124348: Unchecked return value (CHECKED_RETURN)
/libglusterfs/src/timer.c: 213 in gf_timer_registry_init()
** CID 1124347: Unchecked return value from library (CHECKED_RETURN)
/libglusterfs/src/statedump.c: 804 in gf_proc_dump_info()
** CID 1059059: Unsigned compared against 0 (NO_EFFECT)
/xlators/performance/io-cache/src/io-cache.c: 1770 in init()
** CID 1124325: Value not atomically updated (ATOMICITY)
/xlators/performance/io-cache/src/io-cache.c: 1060 in ioc_dispatch_requests()
/xlators/performance/io-cache/src/io-cache.c: 1060 in ioc_dispatch_requests()
** CID 1124346: Truncated stdio return value (CHAR_IO)
/cli/src/cli-cmd-volume.c: 617 in cli_cmd_get_confirmation()
________________________________________________________________________________________________________
*** CID 11205: Time of check time of use (TOCTOU)
/libglusterfs/src/common-utils.c: 90 in mkdir_p()
84 i = (dir[0] == '/')? 1: 0;
85 do {
86 if (path[i] != '/' && path[i] != '\0')
87 continue;
88
89 dir[i] = '\0';
>>> CID 11205: Time of check time of use (TOCTOU)
>>> Calling function "mkdir(char const *, __mode_t)" that uses "dir" after a check function. This can cause a time-of-check, time-of-use race condition.
90 ret = mkdir (dir, mode);
91 if (ret && errno != EEXIST) {
92 gf_log ("", GF_LOG_ERROR, "Failed due to reason %s",
93 strerror (errno));
94 goto out;
95 }
________________________________________________________________________________________________________
*** CID 1124359: Unchecked return value (CHECKED_RETURN)
/xlators/protocol/client/src/client-rpc-fops.c: 2928 in client_fdctx_destroy()
2922 ret = 0;
2923
2924 if (fdctx->is_dir) {
2925 gfs3_releasedir_req req = {{0,},};
2926 req.fd = fdctx->remote_fd;
2927 gf_log (this->name, GF_LOG_TRACE, "sending releasedir on fd");
>>> CID 1124359: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "client_submit_request(this, &req, fr, &clnt3_3_fop_prog, 42, client3_3_releasedir_cbk(struct rpc_req *, struct iovec *, int, void *), NULL, NULL, 0, NULL, 0, NULL, (xdrproc_t)xdr_gfs3_releasedir_req(XDR *, gfs3_releasedir_req *))".
2928 client_submit_request (this, &req, fr, &clnt3_3_fop_prog,
2929 GFS3_OP_RELEASEDIR,
2930 client3_3_releasedir_cbk,
2931 NULL, NULL, 0, NULL, 0, NULL,
2932 (xdrproc_t)xdr_gfs3_releasedir_req);
2933 } else {
/xlators/protocol/client/src/client-rpc-fops.c: 2937 in client_fdctx_destroy()
2931 NULL, NULL, 0, NULL, 0, NULL,
2932 (xdrproc_t)xdr_gfs3_releasedir_req);
2933 } else {
2934 gfs3_release_req req = {{0,},};
2935 req.fd = fdctx->remote_fd;
2936 gf_log (this->name, GF_LOG_TRACE, "sending release on fd");
>>> CID 1124359: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "client_submit_request(this, &req, fr, &clnt3_3_fop_prog, 41, client3_3_release_cbk(struct rpc_req *, struct iovec *, int, void *), NULL, NULL, 0, NULL, 0, NULL, (xdrproc_t)xdr_gfs3_release_req(XDR *, gfs3_release_req *))".
2937 client_submit_request (this, &req, fr, &clnt3_3_fop_prog,
2938 GFS3_OP_RELEASE,
2939 client3_3_release_cbk, NULL,
2940 NULL, 0, NULL, 0, NULL,
2941 (xdrproc_t)xdr_gfs3_release_req);
2942 }
________________________________________________________________________________________________________
*** CID 1124364: Unchecked return value from library (CHECKED_RETURN)
/xlators/storage/posix/src/posix.c: 1502 in posix_rmdir()
1496 if (flags) {
1497 gfid_str = uuid_utoa (stbuf.ia_gfid);
1498 char *tmp_path = alloca (strlen (priv->trash_path) +
1499 strlen ("/") +
1500 strlen (gfid_str) + 1);
1501
>>> CID 1124364: Unchecked return value from library (CHECKED_RETURN)
>>> No check of the return value of "mkdir(priv->trash_path, 493U)".
1502 mkdir (priv->trash_path, 0755);
1503 sprintf (tmp_path, "%s/%s", priv->trash_path, gfid_str);
1504 op_ret = rename (real_path, tmp_path);
1505 } else {
1506 op_ret = rmdir (real_path);
1507 }
________________________________________________________________________________________________________
*** CID 1124360: Unchecked return value (CHECKED_RETURN)
/xlators/performance/write-behind/src/write-behind.c: 1794 in wb_release()
1788
1789 int
1790 wb_release (xlator_t *this, fd_t *fd)
1791 {
1792 uint64_t tmp = 0;
1793
>>> CID 1124360: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "fd_ctx_del(fd, this, &tmp)".
1794 fd_ctx_del (fd, this, &tmp);
1795
1796 return 0;
1797 }
1798
1799
________________________________________________________________________________________________________
*** CID 1124362: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/afr/src/afr-self-heal-common.c: 2137 in afr_sh_entrylk()
2131 int_lock->lk_basename = base_name;
2132 int_lock->lk_loc = loc;
2133 int_lock->lock_cbk = lock_cbk;
2134 int_lock->domain = this->name;
2135
2136 int_lock->lockee_count = 0;
>>> CID 1124362: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "afr_init_entry_lockee(&int_lock->lockee[0], local, loc, base_name, priv->child_count)".
2137 afr_init_entry_lockee (&int_lock->lockee[0], local, loc,
2138 base_name, priv->child_count);
2139 int_lock->lockee_count++;
2140 afr_nonblocking_entrylk (frame, this);
2141
2142 return 0;
________________________________________________________________________________________________________
*** CID 1124358: Unchecked return value (CHECKED_RETURN)
/xlators/protocol/client/src/client.c: 2446 in client_init_grace_timer()
2440 GF_VALIDATE_OR_GOTO (this->name, conf, out);
2441
2442 conf->lk_heal = _gf_false;
2443
2444 ret = dict_get_str (options, "lk-heal", &lk_heal);
2445 if (!ret)
>>> CID 1124358: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "gf_string2boolean(lk_heal, &conf->lk_heal)".
2446 gf_string2boolean (lk_heal, &conf->lk_heal);
2447
2448 gf_log (this->name, GF_LOG_DEBUG, "lk-heal = %s",
2449 (conf->lk_heal) ? "on" : "off");
2450
2451 ret = dict_get_int32 (options, "grace-timeout", &grace_timeout);
________________________________________________________________________________________________________
*** CID 1124354: Unchecked return value from library (CHECKED_RETURN)
/xlators/storage/posix/src/posix-handle.c: 492 in posix_handle_init()
486 }
487 break;
488 default:
489 break;
490 }
491
>>> CID 1124354: Unchecked return value from library (CHECKED_RETURN)
>>> No check of the return value of "stat(handle_pfx, &priv->handledir)".
492 stat (handle_pfx, &priv->handledir);
493
494 len = posix_handle_path (this, gfid, NULL, NULL, 0);
495 rootstr = alloca (len);
496 posix_handle_path (this, gfid, NULL, rootstr, len);
497
________________________________________________________________________________________________________
*** CID 1124342: Free of array-typed value (BAD_FREE)
/xlators/cluster/afr/src/afr-self-heal-metadata.c: 438 in afr_set_metadata_sh_info_str()
432 priv = this->private;
433
434 pending_matrix_str = afr_get_pending_matrix_str (sh->pending_matrix,
435 this);
436
437 if (!pending_matrix_str)
>>> CID 1124342: Free of array-typed value (BAD_FREE)
>>> Assigning: "pending_matrix_str" = """".
438 pending_matrix_str = "";
439
440 len += snprintf (num, sizeof (num), "%s", string_msg);
441
442 for (i = 0; i < priv->child_count; i++) {
443 if ((sh->source == i) && (local->child_up[i] == 1)) {
________________________________________________________________________________________________________
*** CID 1124344: Free of array-typed value (BAD_FREE)
/xlators/mgmt/glusterd/src/glusterd-handler.c: 2571 in __glusterd_handle_mount()
2565 rsp.op_ret = glusterd_do_mount (mnt_req.label, dict,
2566 &rsp.path, &rsp.op_errno);
2567 synclock_lock (&priv->big_lock);
2568
2569 out:
2570 if (!rsp.path)
>>> CID 1124344: Free of array-typed value (BAD_FREE)
>>> Assigning: "rsp.path" = """".
2571 rsp.path = "";
2572
2573 glusterd_submit_reply (req, &rsp, NULL, 0, NULL,
2574 (xdrproc_t)xdr_gf1_cli_mount_rsp);
2575 ret = 0;
2576
________________________________________________________________________________________________________
*** CID 1124343: Free of array-typed value (BAD_FREE)
/xlators/cluster/afr/src/afr-self-heal-data.c: 902 in afr_set_data_sh_info_str()
896
897 priv = this->private;
898
899 pending_matrix_str = afr_get_pending_matrix_str (sh->pending_matrix,
900 this);
901 if (!pending_matrix_str)
>>> CID 1124343: Free of array-typed value (BAD_FREE)
>>> Assigning: "pending_matrix_str" = """".
902 pending_matrix_str = "";
903
904 sizes_str = afr_get_sizes_str (local, sh->buf, this);
905 if (!sizes_str)
906 sizes_str = "";
907
/xlators/cluster/afr/src/afr-self-heal-data.c: 906 in afr_set_data_sh_info_str()
900 this);
901 if (!pending_matrix_str)
902 pending_matrix_str = "";
903
904 sizes_str = afr_get_sizes_str (local, sh->buf, this);
905 if (!sizes_str)
>>> CID 1124343: Free of array-typed value (BAD_FREE)
>>> Assigning: "sizes_str" = """".
906 sizes_str = "";
907
908 sinks_str = afr_get_sinks_str (this, local, sh);
909 if (!sinks_str)
910 sinks_str = "";
911
________________________________________________________________________________________________________
*** CID 1124341: Free of array-typed value (BAD_FREE)
/xlators/protocol/server/src/server-handshake.c: 164 in getspec_build_volfile_path()
158 if (-1 == ret)
159 goto out;
160
161 free_filename = 1;
162 }
163 if (!filename)
>>> CID 1124341: Free of array-typed value (BAD_FREE)
>>> Assigning: "filename" = ""/usr/local/etc/glusterfs/glusterfs.vol"".
164 filename = DEFAULT_VOLUME_FILE_PATH;
165
166 ret = -1;
167
168 if ((filename) && (path_len > strlen (filename))) {
169 strcpy (path, filename);
________________________________________________________________________________________________________
*** CID 1124340: Free of array-typed value (BAD_FREE)
/glusterfsd/src/glusterfsd.c: 1406 in parse_cmdline()
1400 cmd_args = &ctx->cmd_args;
1401
1402 argp_parse (&argp, argc, argv, ARGP_IN_ORDER, NULL, cmd_args);
1403
1404 if (ENABLE_DEBUG_MODE == cmd_args->debug_mode) {
1405 cmd_args->log_level = GF_LOG_DEBUG;
>>> CID 1124340: Free of array-typed value (BAD_FREE)
>>> Assigning: "cmd_args->log_file" = ""/dev/stderr"".
1406 cmd_args->log_file = "/dev/stderr";
1407 cmd_args->no_daemon_mode = ENABLE_NO_DAEMON_MODE;
1408 }
1409
1410 process_mode = gf_get_process_mode (argv[0]);
1411 ctx->process_mode = process_mode;
________________________________________________________________________________________________________
*** CID 1124353: Unchecked return value (CHECKED_RETURN)
/api/src/glfs-resolve.c: 447 in glfs_resolve_at()
441 uuid_copy (loc->gfid, inode->gfid);
442 if (iatt)
443 *iatt = ciatt;
444 ret = 0;
445 }
446
>>> CID 1124353: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "glfs_loc_touchup(loc)".
447 glfs_loc_touchup (loc);
448 out:
449 GF_FREE (path);
450
451 /* do NOT loc_wipe here as only last component might be missing */
452
________________________________________________________________________________________________________
*** CID 1124352: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/dht/src/dht-shared.c: 533 in dht_init()
527 }
528
529 conf->search_unhashed = GF_DHT_LOOKUP_UNHASHED_ON;
530 if (dict_get_str (this->options, "lookup-unhashed", &temp_str) == 0) {
531 /* If option is not "auto", other options _should_ be boolean */
532 if (strcasecmp (temp_str, "auto"))
>>> CID 1124352: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "gf_string2boolean(temp_str, &conf->search_unhashed)".
533 gf_string2boolean (temp_str, &conf->search_unhashed);
534 else
535 conf->search_unhashed = GF_DHT_LOOKUP_UNHASHED_AUTO;
536 }
537
538 GF_OPTION_INIT ("unhashed-sticky-bit", conf->unhashed_sticky_bit, bool,
________________________________________________________________________________________________________
*** CID 1124351: Unchecked return value from library (CHECKED_RETURN)
/xlators/features/changelog/lib/src/gf-changelog-process.c: 438 in gf_changelog_decode()
432 goto out;
433 }
434
435 /**
436 * start processing after the header
437 */
>>> CID 1124351: Unchecked return value from library (CHECKED_RETURN)
>>> No check of the return value of "lseek(from_fd, elen, 0)".
438 lseek (from_fd, elen, SEEK_SET);
439
440 switch (encoding) {
441 case CHANGELOG_ENCODE_BINARY:
442 /**
443 * this ideally should have been a part of changelog-encoders.c
________________________________________________________________________________________________________
*** CID 1124348: Unchecked return value (CHECKED_RETURN)
/libglusterfs/src/timer.c: 213 in gf_timer_registry_init()
207 reg->active.next = ®->active;
208 reg->active.prev = ®->active;
209 reg->stale.next = ®->stale;
210 reg->stale.prev = ®->stale;
211
212 ctx->timer = reg;
>>> CID 1124348: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "gf_thread_create(®->th, NULL, gf_timer_proc(void *), ctx)".
213 gf_thread_create (®->th, NULL, gf_timer_proc, ctx);
214 }
215 out:
216 return ctx->timer;
________________________________________________________________________________________________________
*** CID 1124347: Unchecked return value from library (CHECKED_RETURN)
/libglusterfs/src/statedump.c: 804 in gf_proc_dump_info()
798 timestr);
799 ret = write (gf_dump_fd, sign_string, strlen (sign_string));
800
801 out:
802 if (gf_dump_fd != -1)
803 gf_proc_dump_close ();
>>> CID 1124347: Unchecked return value from library (CHECKED_RETURN)
>>> No check of the return value of "rename(tmp_dump_name, path)".
804 rename (tmp_dump_name, path);
805 GF_FREE (dump_options.dump_path);
806 dump_options.dump_path = NULL;
807 gf_proc_dump_unlock ();
808
809 return;
________________________________________________________________________________________________________
*** CID 1059059: Unsigned compared against 0 (NO_EFFECT)
/xlators/performance/io-cache/src/io-cache.c: 1770 in init()
1764 }
1765 }
1766 table->max_pri ++;
1767
1768 INIT_LIST_HEAD (&table->inodes);
1769
>>> CID 1059059: Unsigned compared against 0 (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "table->max_file_size >= 0UL".
1770 if ((table->max_file_size >= 0)
1771 && (table->min_file_size > table->max_file_size)) {
1772 gf_log ("io-cache", GF_LOG_ERROR, "minimum size (%"
1773 PRIu64") of a file that can be cached is "
1774 "greater than maximum size (%"PRIu64")",
1775 table->min_file_size, table->max_file_size);
________________________________________________________________________________________________________
*** CID 1124325: Value not atomically updated (ATOMICITY)
/xlators/performance/io-cache/src/io-cache.c: 1060 in ioc_dispatch_requests()
1054 "inode(%s) at offset=%"PRId64"",
1055 uuid_utoa (fd->inode->gfid), trav_offset);
1056 ret = ioc_cache_validate (frame, ioc_inode, fd, trav);
1057 if (ret == -1) {
1058 ioc_inode_lock (ioc_inode);
1059 {
>>> CID 1124325: Value not atomically updated (ATOMICITY)
>>> Using an unreliable value of "trav" inside the second locked section. If the data that "trav" depends on was changed by another thread, this use might be incorrect.
1060 waitq = __ioc_page_wakeup (trav,
1061 trav->op_errno);
1062 }
1063 ioc_inode_unlock (ioc_inode);
1064
1065 ioc_waitq_return (waitq);
/xlators/performance/io-cache/src/io-cache.c: 1060 in ioc_dispatch_requests()
1054 "inode(%s) at offset=%"PRId64"",
1055 uuid_utoa (fd->inode->gfid), trav_offset);
1056 ret = ioc_cache_validate (frame, ioc_inode, fd, trav);
1057 if (ret == -1) {
1058 ioc_inode_lock (ioc_inode);
1059 {
>>> CID 1124325: Value not atomically updated (ATOMICITY)
>>> Using an unreliable value of "trav" inside the second locked section. If the data that "trav" depends on was changed by another thread, this use might be incorrect.
1060 waitq = __ioc_page_wakeup (trav,
1061 trav->op_errno);
1062 }
1063 ioc_inode_unlock (ioc_inode);
1064
1065 ioc_waitq_return (waitq);
________________________________________________________________________________________________________
*** CID 1124346: Truncated stdio return value (CHAR_IO)
/cli/src/cli-cmd-volume.c: 617 in cli_cmd_get_confirmation()
611 len = strlen (answer);
612
613 if (len && answer [len - 1] == '\n'){
614 answer [--len] = '\0';
615 } else {
616 do{
>>> CID 1124346: Truncated stdio return value (CHAR_IO)
>>> Assigning the return value of "getchar(void)" to char "flush" truncates its value.
617 flush = getchar ();
618 }while (flush != '\n');
619 }
620
621 if (len > 3)
622 goto out;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/987?tab=Overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140117/7a982b02/attachment-0001.html>
More information about the Gluster-devel
mailing list