[Gluster-devel] Fwd: New Defects reported by Coverity Scan for GlusterFS
Lalatendu Mohanty
lmohanty at redhat.com
Wed Mar 26 07:02:29 UTC 2014
FYI,
All new reported issues are from afr recent merge. I haven't gone
through them, but if anyone some time, please go through them.
-------- Original Message --------
Subject: New Defects reported by Coverity Scan for GlusterFS
Date: Tue, 25 Mar 2014 23:50:48 -0700
From: scan-admin at coverity.com
Hi,
Please find the latest report on new defect(s) introduced to GlusterFS found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 12 of 12 defect(s)
** CID 1194648: Dereference after null check (FORWARD_NULL)
/xlators/cluster/afr/src/afr-inode-write.c: 54 in __afr_inode_write_finalize()
** CID 1194647: Dereference after null check (FORWARD_NULL)
/xlators/cluster/afr/src/afr-dir-write.c: 1125 in afr_rename()
** CID 1194651: Data race condition (MISSING_LOCK)
/xlators/cluster/afr/src/afr-dir-write.c: 141 in __afr_dir_write_finalize()
** CID 1194650: Data race condition (MISSING_LOCK)
/xlators/cluster/afr/src/afr-inode-write.c: 96 in __afr_inode_write_finalize()
** CID 1194649: Data race condition (MISSING_LOCK)
/xlators/cluster/afr/src/afr-inode-write.c: 180 in afr_writev_copy_outvars()
** CID 1194652: Dereference null return value (NULL_RETURNS)
/xlators/cluster/afr/src/afr-inode-write.c: 670 in afr_ftruncate()
** CID 1194653: Resource leak (RESOURCE_LEAK)
/xlators/cluster/afr/src/afr-self-heal-entry.c: 191 in afr_selfheal_newentry_mark()
/xlators/cluster/afr/src/afr-self-heal-entry.c: 174 in afr_selfheal_newentry_mark()
** CID 1194643: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/afr/src/afr-common.c: 491 in afr_selfheal_enabled()
** CID 1194642: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/afr/src/afr-common.c: 467 in afr_refresh_selfheal_wrap()
** CID 1194644: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
/xlators/cluster/afr/src/afr-self-heald.c: 1138 in afr_xl_op()
** CID 1194645: Copy-paste error (COPY_PASTE_ERROR)
/xlators/cluster/afr/src/afr-common.c: 1629 in afr_discover_do()
** CID 1194646: Logically dead code (DEADCODE)
/xlators/cluster/afr/src/pump.c: 1448 in pump_getxattr()
________________________________________________________________________________________________________
*** CID 1194648: Dereference after null check (FORWARD_NULL)
/xlators/cluster/afr/src/afr-inode-write.c: 54 in __afr_inode_write_finalize()
48 int read_subvol = 0;
49 int i = 0;
50
51 local = frame->local;
52 priv = this->private;
53
>>> CID 1194648: Dereference after null check (FORWARD_NULL)
>>> Comparing "local->inode" to null implies that "local->inode" might be null.
54 if (local->inode) {
55 if (local->transaction.type == AFR_METADATA_TRANSACTION)
56 read_subvol = afr_metadata_subvol_get (local->inode, this,
57 NULL, NULL);
58 else
59 read_subvol = afr_data_subvol_get (local->inode, this,
________________________________________________________________________________________________________
*** CID 1194647: Dereference after null check (FORWARD_NULL)
/xlators/cluster/afr/src/afr-dir-write.c: 1125 in afr_rename()
1119 QUORUM_CHECK(rename,out);
1120
1121 transaction_frame = copy_frame (frame);
1122 if (!transaction_frame)
1123 op_errno = ENOMEM;
1124
>>> CID 1194647: Dereference after null check (FORWARD_NULL)
>>> Dereferencing null pointer "transaction_frame".
1125 local = AFR_FRAME_INIT (transaction_frame, op_errno);
1126 if (!local)
1127 goto out;
1128
1129 loc_copy (&local->loc, oldloc);
1130 loc_copy (&local->newloc, newloc);
________________________________________________________________________________________________________
*** CID 1194651: Data race condition (MISSING_LOCK)
/xlators/cluster/afr/src/afr-dir-write.c: 141 in __afr_dir_write_finalize()
135 local->replies[i].postparent;
136 local->cont.dir_fop.prenewparent =
137 local->replies[i].preparent2;
138 local->cont.dir_fop.postnewparent =
139 local->replies[i].postparent2;
140 if (local->replies[i].xdata)
>>> CID 1194651: Data race condition (MISSING_LOCK)
>>> Accessing "local->xdata_rsp" without holding lock "_call_frame_t.lock". Elsewhere, "local->xdata_rsp" is accessed with "_call_frame_t.lock" held 14 out of 18 times.
141 local->xdata_rsp =
142 dict_ref (local->replies[i].xdata);
143 continue;
144 }
145
146 if (i == inode_read_subvol) {
________________________________________________________________________________________________________
*** CID 1194650: Data race condition (MISSING_LOCK)
/xlators/cluster/afr/src/afr-inode-write.c: 96 in __afr_inode_write_finalize()
90 local->cont.inode_wfop.postbuf =
91 local->replies[i].poststat;
92
93 if (local->replies[i].xdata) {
94 if (local->xdata_rsp)
95 dict_unref (local->xdata_rsp);
>>> CID 1194650: Data race condition (MISSING_LOCK)
>>> Accessing "local->xdata_rsp" without holding lock "_call_frame_t.lock". Elsewhere, "local->xdata_rsp" is accessed with "_call_frame_t.lock" held 14 out of 18 times.
96 local->xdata_rsp =
97 dict_ref (local->replies[i].xdata);
98 }
99 }
100 }
101 }
________________________________________________________________________________________________________
*** CID 1194649: Data race condition (MISSING_LOCK)
/xlators/cluster/afr/src/afr-inode-write.c: 180 in afr_writev_copy_outvars()
174
175 dst_local->op_ret = src_local->op_ret;
176 dst_local->op_errno = src_local->op_errno;
177 dst_local->cont.inode_wfop.prebuf = src_local->cont.inode_wfop.prebuf;
178 dst_local->cont.inode_wfop.postbuf = src_local->cont.inode_wfop.postbuf;
179 if (src_local->xdata_rsp)
>>> CID 1194649: Data race condition (MISSING_LOCK)
>>> Accessing "dst_local->xdata_rsp" without holding lock "_call_frame_t.lock". Elsewhere, "dst_local->xdata_rsp" is accessed with "_call_frame_t.lock" held 14 out of 18 times.
180 dst_local->xdata_rsp = dict_ref (src_local->xdata_rsp);
181 }
182
183 void
184 afr_writev_unwind (call_frame_t *frame, xlator_t *this)
185 {
________________________________________________________________________________________________________
*** CID 1194652: Dereference null return value (NULL_RETURNS)
/xlators/cluster/afr/src/afr-inode-write.c: 670 in afr_ftruncate()
664 QUORUM_CHECK(ftruncate,out);
665
666 transaction_frame = copy_frame (frame);
667 if (!frame)
668 goto out;
669
>>> CID 1194652: Dereference null return value (NULL_RETURNS)
>>> Dereferencing a null pointer "transaction_frame".
670 local = AFR_FRAME_INIT (transaction_frame, op_errno);
671 if (!local)
672 goto out;
673
674 local->cont.ftruncate.offset = offset;
675 if (xdata)
________________________________________________________________________________________________________
*** CID 1194653: Resource leak (RESOURCE_LEAK)
/xlators/cluster/afr/src/afr-self-heal-entry.c: 191 in afr_selfheal_newentry_mark()
185 if (!sources[i])
186 continue;
187 afr_selfheal_post_op (frame, this, inode, i, xattr);
188 }
189
190 dict_unref (xattr);
>>> CID 1194653: Resource leak (RESOURCE_LEAK)
>>> Variable "changelog" going out of scope leaks the storage it points to.
191 return ret;
192 }
193
194
195 static int
196 __afr_selfheal_heal_dirent (call_frame_t *frame, xlator_t *this, fd_t *fd,
/xlators/cluster/afr/src/afr-self-heal-entry.c: 174 in afr_selfheal_newentry_mark()
168 uuid_copy (inode->gfid, replies[source].poststat.ia_gfid);
169
170 changelog = afr_matrix_create (priv->child_count, AFR_NUM_CHANGE_LOGS);
171
172 xattr = dict_new();
173 if (!xattr)
>>> CID 1194653: Resource leak (RESOURCE_LEAK)
>>> Variable "changelog" going out of scope leaks the storage it points to.
174 return -ENOMEM;
175
176 for (i = 0; i < priv->child_count; i++) {
177 if (!newentry[i])
178 continue;
179 changelog[i][idx] = hton32(1);
________________________________________________________________________________________________________
*** CID 1194643: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/afr/src/afr-common.c: 491 in afr_selfheal_enabled()
485 {
486 afr_private_t *priv = NULL;
487 gf_boolean_t data = _gf_false;
488
489 priv = this->private;
490
>>> CID 1194643: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "gf_string2boolean(priv->data_self_heal, &data)".
491 gf_string2boolean (priv->data_self_heal, &data);
492
493 return data || priv->metadata_self_heal || priv->entry_self_heal;
494 }
495
496
________________________________________________________________________________________________________
*** CID 1194642: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/afr/src/afr-common.c: 467 in afr_refresh_selfheal_wrap()
461
462 local = frame->local;
463 this = frame->this;
464
465 afr_selfheal (frame->this, local->refreshinode->gfid);
466
>>> CID 1194642: Unchecked return value (CHECKED_RETURN)
>>> No check of the return value of "afr_selfheal_unlocked_discover(frame, local->refreshinode, local->refreshinode->gfid, local->replies)".
467 afr_selfheal_unlocked_discover (frame, local->refreshinode,
468 local->refreshinode->gfid,
469 local->replies);
470
471 afr_replies_interpret (frame, this, local->refreshinode);
472
________________________________________________________________________________________________________
*** CID 1194644: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
/xlators/cluster/afr/src/afr-self-heald.c: 1138 in afr_xl_op()
1132 int64_t cnt = 0;
1133
1134 priv = this->private;
1135 shd = &priv->shd;
1136
1137 for (i = 0; i < priv->child_count; i++)
>>> CID 1194644: Operands don't affect result (CONSTANT_EXPRESSION_RESULT)
>>> "priv->child_up[i] == -1" is always false regardless of the values of its operands. This occurs as the logical operand of if.
1138 if (priv->child_up[i] == -1)
1139 goto out;
1140
1141 ret = dict_get_int32 (input, "xl-op", (int32_t*)&op);
1142 if (ret)
1143 goto out;
________________________________________________________________________________________________________
*** CID 1194645: Copy-paste error (COPY_PASTE_ERROR)
/xlators/cluster/afr/src/afr-common.c: 1629 in afr_discover_do()
1623
1624 local = frame->local;
1625 priv = this->private;
1626
1627 if (err) {
1628 local->op_errno = -err;
>>> CID 1194645: Copy-paste error (COPY_PASTE_ERROR)
>>> "ret" in "ret = -1" looks like a copy-paste error. Should it say "err" instead?
1629 ret = -1;
1630 goto out;
1631 }
1632
1633 call_count = local->call_count = AFR_COUNT (local->child_up,
1634 priv->child_count);
________________________________________________________________________________________________________
*** CID 1194646: Logically dead code (DEADCODE)
/xlators/cluster/afr/src/pump.c: 1448 in pump_getxattr()
1442
1443 afr_getxattr (frame, this, loc, name, xdata);
1444
1445 ret = 0;
1446 out:
1447 if (ret < 0)
>>> CID 1194646: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "do {
afr_local_t *__loca...".
1448 AFR_STACK_UNWIND (getxattr, frame, -1, op_errno, NULL, NULL);
1449 return 0;
1450 }
1451
1452 int
1453 pump_command_reply (call_frame_t *frame, xlator_t *this)
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/987?tab=Overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140326/aa59f6ae/attachment-0001.html>
More information about the Gluster-devel
mailing list