[Gluster-devel] Fwd: New Defects reported by Coverity Scan for GlusterFS
Lalatendu Mohanty
lmohanty at redhat.com
Tue Jul 22 14:27:56 UTC 2014
To fix these Coverity issues , please check the below link for guidelines:
http://www.gluster.org/community/documentation/index.php/Fixing_Issues_Reported_By_Tools_For_Static_Code_Analysis#Coverity
Thanks,
Lala
-------- Original Message --------
Subject: New Defects reported by Coverity Scan for GlusterFS
Date: Tue, 22 Jul 2014 07:06:56 -0700
From: scan-admin at coverity.com
Hi,
Please find the latest report on new defect(s) introduced to GlusterFS found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)
** CID 1228599: Logically dead code (DEADCODE)
/xlators/mgmt/glusterd/src/glusterd-store.c: 4069 in glusterd_store_retrieve_peers()
** CID 1228598: Logically dead code (DEADCODE)
/xlators/mgmt/glusterd/src/glusterd-peer-utils.c: 531 in gd_add_friend_to_dict()
** CID 1228600: Data race condition (MISSING_LOCK)
/xlators/cluster/ec/src/ec-data.c: 155 in ec_fop_data_allocate()
** CID 1228601: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/features/snapview-server/src/snapview-server.c: 1660 in svs_add_xattrs_to_dict()
** CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
** CID 1228602: Use of untrusted scalar value (TAINTED_SCALAR)
/xlators/mount/fuse/src/fuse-bridge.c: 4805 in fuse_thread_proc()
** CID 1124682: Dereference null return value (NULL_RETURNS)
/rpc/rpc-lib/src/rpc-drc.c: 502 in rpcsvc_add_op_to_cache()
________________________________________________________________________________________________________
*** CID 1228599: Logically dead code (DEADCODE)
/xlators/mgmt/glusterd/src/glusterd-store.c: 4069 in glusterd_store_retrieve_peers()
4063 /* Set first hostname from peerinfo->hostnames to
4064 * peerinfo->hostname
4065 */
4066 address = list_entry (peerinfo->hostnames.next,
4067 glusterd_peer_hostname_t, hostname_list);
4068 if (!address) {
>>> CID 1228599: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "ret = -1;".
4069 ret = -1;
4070 goto out;
4071 }
4072 peerinfo->hostname = gf_strdup (address->hostname);
4073
4074 ret = glusterd_friend_add_from_peerinfo (peerinfo, 1, NULL);
________________________________________________________________________________________________________
*** CID 1228598: Logically dead code (DEADCODE)
/xlators/mgmt/glusterd/src/glusterd-peer-utils.c: 531 in gd_add_friend_to_dict()
525 */
526 memset (key, 0, sizeof (key));
527 snprintf (key, sizeof (key), "%s.hostname", prefix);
528 address = list_entry (&friend->hostnames, glusterd_peer_hostname_t,
529 hostname_list);
530 if (!address) {
>>> CID 1228598: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "ret = -1;".
531 ret = -1;
532 gf_log (this->name, GF_LOG_ERROR, "Could not retrieve first "
533 "address for peer");
534 goto out;
535 }
536 ret = dict_set_dynstr_with_alloc (dict, key, address->hostname);
________________________________________________________________________________________________________
*** CID 1228600: Data race condition (MISSING_LOCK)
/xlators/cluster/ec/src/ec-data.c: 155 in ec_fop_data_allocate()
149
150 mem_put(fop);
151
152 return NULL;
153 }
154 fop->id = id;
>>> CID 1228600: Data race condition (MISSING_LOCK)
>>> Accessing "fop->refs" without holding lock "_ec_fop_data.lock". Elsewhere, "fop->refs" is accessed with "_ec_fop_data.lock" held 7 out of 8 times.
155 fop->refs = 1;
156
157 fop->flags = flags;
158 fop->minimum = minimum;
159 fop->mask = target;
160
________________________________________________________________________________________________________
*** CID 1228601: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/features/snapview-server/src/snapview-server.c: 1660 in svs_add_xattrs_to_dict()
1654 GF_VALIDATE_OR_GOTO (this->name, dict, out);
1655 GF_VALIDATE_OR_GOTO (this->name, list, out);
1656
1657 remaining_size = size;
1658 list_offset = 0;
1659 while (remaining_size > 0) {
>>> CID 1228601: Copy into fixed size buffer (STRING_OVERFLOW)
>>> You might overrun the 4096 byte fixed-size string "keybuffer" by copying "list + list_offset" without checking the length.
1660 strcpy (keybuffer, list + list_offset);
1661 #ifdef GF_DARWIN_HOST_OS
1662 /* The protocol expect namespace for now */
1663 char *newkey = NULL;
1664 gf_add_prefix (XATTR_USER_PREFIX, keybuffer, &newkey);
1665 strcpy (keybuffer, newkey);
________________________________________________________________________________________________________
*** CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
1981 lines = NULL;
1982 goto out;
1983 }
1984 lines = p;
1985 }
1986
>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
1987 lines[counter] = gf_strdup (buffer);
1988 }
1989
1990 lines[counter] = NULL;
1991 /* Reduce allocation to minimal size. */
1992 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
1981 lines = NULL;
1982 goto out;
1983 }
1984 lines = p;
1985 }
1986
>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
1987 lines[counter] = gf_strdup (buffer);
1988 }
1989
1990 lines[counter] = NULL;
1991 /* Reduce allocation to minimal size. */
1992 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
1981 lines = NULL;
1982 goto out;
1983 }
1984 lines = p;
1985 }
1986
>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
1987 lines[counter] = gf_strdup (buffer);
1988 }
1989
1990 lines[counter] = NULL;
1991 /* Reduce allocation to minimal size. */
1992 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
1981 lines = NULL;
1982 goto out;
1983 }
1984 lines = p;
1985 }
1986
>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
1987 lines[counter] = gf_strdup (buffer);
1988 }
1989
1990 lines[counter] = NULL;
1991 /* Reduce allocation to minimal size. */
1992 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
________________________________________________________________________________________________________
*** CID 1228602: Use of untrusted scalar value (TAINTED_SCALAR)
/xlators/mount/fuse/src/fuse-bridge.c: 4805 in fuse_thread_proc()
4799 "short read on /dev/fuse");
4800 fuse_log_eh (this, "glusterfs-fuse: short read on "
4801 "/dev/fuse");
4802 break;
4803 }
4804
>>> CID 1228602: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "finh" = "(fuse_in_header_t *)iov_in[0].iov_base". Both are now tainted.
4805 finh = (fuse_in_header_t *)iov_in[0].iov_base;
4806
4807 if (res != finh->len
4808 #ifdef GF_DARWIN_HOST_OS
4809 /* work around fuse4bsd/MacFUSE msg size miscalculation bug,
4810 * that is, payload size is not taken into account for
________________________________________________________________________________________________________
*** CID 1124682: Dereference null return value (NULL_RETURNS)
/rpc/rpc-lib/src/rpc-drc.c: 502 in rpcsvc_add_op_to_cache()
496
497 /* cache is full, free up some space */
498 if (drc->op_count >= drc->global_cache_size)
499 rpcsvc_vacate_drc_entries (drc);
500
501 tmp_reply = (drc_cached_op_t **)rb_probe (client->rbtree, reply);
>>> CID 1124682: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "tmp_reply".
502 if (*tmp_reply != reply) {
503 /* should never happen */
504 gf_log (GF_RPCSVC, GF_LOG_ERROR,
505 "DRC failed to detect duplicates");
506 return -1;
507 } else if (*tmp_reply == NULL) {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/987?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140722/b3402435/attachment-0001.html>
More information about the Gluster-devel
mailing list