[Gluster-devel] Fwd: New Defects reported by Coverity Scan for GlusterFS

Lalatendu Mohanty lmohanty at redhat.com
Fri Nov 28 07:07:30 UTC 2014


Guideline for fixing Coverity issues :
http://www.gluster.org/community/documentation/index.php/Fixing_Issues_Reported_By_Tools_For_Static_Code_Analysis#Coverity

Thanks,
Lala

-------- Forwarded Message --------
Subject: 	New Defects reported by Coverity Scan for GlusterFS
Date: 	Thu, 27 Nov 2014 12:31:06 -0800
From: 	scan-admin at coverity.com
To: 	lala at redhat.com



Hi,

Please find the latest report on new defect(s) introduced to GlusterFS found with Coverity Scan.

13 new defect(s) introduced to GlusterFS found with Coverity Scan.
97 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)


** CID 1256178:  Logically dead code  (DEADCODE)
/api/src/glfs.c: 153 in glusterfs_ctx_defaults_init()

** CID 1256180:  Logically dead code  (DEADCODE)
/api/src/glfs.c: 161 in glusterfs_ctx_defaults_init()

** CID 1256176:  Logically dead code  (DEADCODE)
/glusterfsd/src/glusterfsd.c: 1426 in glusterfs_ctx_defaults_init()

** CID 1256179:  Dereference after null check  (FORWARD_NULL)
/xlators/nfs/server/src/mount3.c: 1082 in mnt3_readlink_cbk()

** CID 1256177:  Explicit null dereferenced  (FORWARD_NULL)
/api/src/glfs-fops.c: 702 in pub_glfs_preadv_async()

** CID 1256175:  Array compared against 0  (NO_EFFECT)
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()

** CID 1256173:  Thread deadlock  (ORDER_REVERSAL)
/xlators/cluster/ec/src/ec-common.c: 1335 in ec_unlock_timer_add()

** CID 1256174:  Copy into fixed size buffer  (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd.c: 287 in glusterd_dump_peer()

** CID 1256172:  Copy into fixed size buffer  (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd.c: 330 in glusterd_dump_peer_rpcstat()

** CID 1256171:  Copy into fixed size buffer  (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd-handshake.c: 279 in build_volfile_path()

** CID 1238183:  Missing break in switch  (MISSING_BREAK)
/xlators/mgmt/glusterd/src/glusterd-rebalance.c: 577 in glusterd_op_stage_rebalance()

** CID 1228602:  Use of untrusted scalar value  (TAINTED_SCALAR)
/xlators/mount/fuse/src/fuse-bridge.c: 4843 in fuse_thread_proc()

** CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()


________________________________________________________________________________________________________
*** CID 1256178:  Logically dead code  (DEADCODE)
/api/src/glfs.c: 153 in glusterfs_ctx_defaults_init()
147
148     	pthread_mutex_init (&(ctx->lock), NULL);
149
150     	ret = 0;
151     err:
152     	if (ret && pool) {
>>>     CID 1256178:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "if (pool->frame_mem_pool)
  ...".
153     		if (pool->frame_mem_pool)
154     			mem_pool_destroy (pool->frame_mem_pool);
155     		if (pool->stack_mem_pool)
156     			mem_pool_destroy (pool->stack_mem_pool);
157     		GF_FREE (pool);
158     	}

________________________________________________________________________________________________________
*** CID 1256180:  Logically dead code  (DEADCODE)
/api/src/glfs.c: 161 in glusterfs_ctx_defaults_init()
155     		if (pool->stack_mem_pool)
156     			mem_pool_destroy (pool->stack_mem_pool);
157     		GF_FREE (pool);
158     	}
159
160     	if (ret && ctx) {
>>>     CID 1256180:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "if (ctx->stub_mem_pool)
   m...".
161     		if (ctx->stub_mem_pool)
162     			mem_pool_destroy (ctx->stub_mem_pool);
163     		if (ctx->dict_pool)
164     			mem_pool_destroy (ctx->dict_pool);
165     		if (ctx->dict_data_pool)
166     			mem_pool_destroy (ctx->dict_data_pool);

________________________________________________________________________________________________________
*** CID 1256176:  Logically dead code  (DEADCODE)
/glusterfsd/src/glusterfsd.c: 1426 in glusterfs_ctx_defaults_init()
1420             lim.rlim_max = RLIM_INFINITY;
1421             setrlimit (RLIMIT_CORE, &lim);
1422
1423             ret = 0;
1424     out:
1425
>>>     CID 1256176:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this expression "ctx" inside statement "if (ret && ctx) {
   if (ctx...".
1426             if (ret && ctx) {
1427                     if (ctx->pool) {
1428                             mem_pool_destroy (ctx->pool->frame_mem_pool);
1429                             mem_pool_destroy (ctx->pool->stack_mem_pool);
1430                     }
1431                     GF_FREE (ctx->pool);

________________________________________________________________________________________________________
*** CID 1256179:  Dereference after null check  (FORWARD_NULL)
/xlators/nfs/server/src/mount3.c: 1082 in mnt3_readlink_cbk()
1076             GF_FREE (relative_path);
1077
1078             return ret;
1079
1080     mnterr:
1081             mntstat = mnt3svc_errno_to_mnterr (-ret);
>>>     CID 1256179:  Dereference after null check  (FORWARD_NULL)
>>>     Dereferencing null pointer "mres".
1082             mnt3svc_mnt_error_reply (mres->req, mntstat);
1083             if (absolute_path)
1084                     GF_FREE (absolute_path);
1085             if (parent_path)
1086                     GF_FREE (parent_path);
1087             if (relative_path)

________________________________________________________________________________________________________
*** CID 1256177:  Explicit null dereferenced  (FORWARD_NULL)
/api/src/glfs-fops.c: 702 in pub_glfs_preadv_async()
696                            void *data)
697     {
698     	struct glfs_io *gio = NULL;
699     	int             ret = 0;
700     	call_frame_t   *frame = NULL;
701     	xlator_t       *subvol = NULL;
>>>     CID 1256177:  Explicit null dereferenced  (FORWARD_NULL)
>>>     Assigning: "fs" = "NULL".
702     	glfs_t         *fs = NULL;
703     	fd_t           *fd = NULL;
704
705     	__glfs_entry_fd (glfd);
706
707     	subvol = priv_glfs_active_subvol (glfd->fs);

________________________________________________________________________________________________________
*** CID 1256175:  Array compared against 0  (NO_EFFECT)
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()
2427                             }
2428
2429                             continue;
2430                     }
2431
2432                     /* Check if the brick has a LV associated with it */
>>>     CID 1256175:  Array compared against 0  (NO_EFFECT)
>>>     Comparing an array to null is not useful: "!brickinfo->device_path".
2433                     if (!brickinfo->device_path) {
2434                             gf_log (this->name, GF_LOG_DEBUG,
2435                                     "Brick (%s:%s) does not have a LV "
2436                                     "associated with it. Removing the brick path",
2437                                     brickinfo->hostname, brickinfo->path);
2438                             goto remove_brick_path;
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()
2427                             }
2428
2429                             continue;
2430                     }
2431
2432                     /* Check if the brick has a LV associated with it */
>>>     CID 1256175:  Array compared against 0  (NO_EFFECT)
>>>     Comparing an array to null is not useful: "brickinfo->device_path".
2433                     if (!brickinfo->device_path) {
2434                             gf_log (this->name, GF_LOG_DEBUG,
2435                                     "Brick (%s:%s) does not have a LV "
2436                                     "associated with it. Removing the brick path",
2437                                     brickinfo->hostname, brickinfo->path);
2438                             goto remove_brick_path;

________________________________________________________________________________________________________
*** CID 1256173:  Thread deadlock  (ORDER_REVERSAL)
/xlators/cluster/ec/src/ec-common.c: 1335 in ec_unlock_timer_add()
1329         } else {
1330             ec_trace("UNLOCK_DELAY", fop, "lock=%p", lock);
1331
1332             delay.tv_sec = 1;
1333             delay.tv_nsec = 0;
1334
>>>     CID 1256173:  Thread deadlock  (ORDER_REVERSAL)
>>>     Calling "pthread_spin_lock(pthread_spinlock_t *)" acquires lock "_ec_fop_data.lock" while holding lock "_inode.lock" (count: 1 / 3).
1335             LOCK(&fop->lock);
1336
1337             fop->jobs++;
1338             fop->refs++;
1339
1340             UNLOCK(&fop->lock);

________________________________________________________________________________________________________
*** CID 1256174:  Copy into fixed size buffer  (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd.c: 287 in glusterd_dump_peer()
281     glusterd_dump_peer (glusterd_peerinfo_t *peerinfo, char *input_key, int index,
282                         gf_boolean_t xpeers)
283     {
284             char   subkey[50]               = {0,};
285             char   key[GF_DUMP_MAX_BUF_LEN] = {0,};
286
>>>     CID 1256174:  Copy into fixed size buffer  (STRING_OVERFLOW)
>>>     Note: This defect has an elevated risk because the source argument is a parameter of the current function.
287             strcpy (key, input_key);
288
289             snprintf (subkey, sizeof (subkey), "%s%d", key, index);
290
291             gf_proc_dump_build_key (key, subkey, "uuid");
292             gf_proc_dump_write (key, "%s",

________________________________________________________________________________________________________
*** CID 1256172:  Copy into fixed size buffer  (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd.c: 330 in glusterd_dump_peer_rpcstat()
324             int                    ret                                 = -1;
325             rpc_clnt_t            *rpc                                 = NULL;
326             char                   rpcsvc_peername[RPCSVC_PEER_STRLEN] = {0,};
327             char                   subkey[50]                          = {0,};
328             char                   key[GF_DUMP_MAX_BUF_LEN]            = {0,};
329
>>>     CID 1256172:  Copy into fixed size buffer  (STRING_OVERFLOW)
>>>     Note: This defect has an elevated risk because the source argument is a parameter of the current function.
330             strcpy (key, input_key);
331
332             /* Dump the rpc connection statistics */
333             rpc = peerinfo->rpc;
334             if (rpc) {
335                     conn = &rpc->conn;

________________________________________________________________________________________________________
*** CID 1256171:  Copy into fixed size buffer  (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd-handshake.c: 279 in build_volfile_path()
273             if (ret == -1)
274                     goto out;
275
276             ret = stat (path, &stbuf);
277
278             if ((ret == -1) && (errno == ENOENT)) {
>>>     CID 1256171:  Copy into fixed size buffer  (STRING_OVERFLOW)
>>>     You might overrun the 4096 byte fixed-size string "dup_volid" by copying "volid_ptr" without checking the length.
279                     strcpy (dup_volid, volid_ptr);
280                     if (!strchr (dup_volid, '.')) {
281                             switch (volinfo->transport_type) {
282                             case GF_TRANSPORT_TCP:
283                                     strcat (dup_volid, ".tcp");
284                                     break;

________________________________________________________________________________________________________
*** CID 1238183:  Missing break in switch  (MISSING_BREAK)
/xlators/mgmt/glusterd/src/glusterd-rebalance.c: 577 in glusterd_op_stage_rebalance()
571                                                "disconnect those clients before "
572                                                "attempting this command again.",
573                                                volname);
574                             goto out;
575                     }
576
>>>     CID 1238183:  Missing break in switch  (MISSING_BREAK)
>>>     The above case falls through to this one.
577             case GF_DEFRAG_CMD_START_FORCE:
578                     if (is_origin_glusterd (dict)) {
579                             op_ctx = glusterd_op_get_ctx ();
580                             if (!op_ctx) {
581                                     ret = -1;
582                                     gf_log (this->name, GF_LOG_ERROR,

________________________________________________________________________________________________________
*** CID 1228602:  Use of untrusted scalar value  (TAINTED_SCALAR)
/xlators/mount/fuse/src/fuse-bridge.c: 4843 in fuse_thread_proc()
4837                                     "short read on /dev/fuse");
4838                             fuse_log_eh (this, "glusterfs-fuse: short read on "
4839                                          "/dev/fuse");
4840                             break;
4841                     }
4842
>>>     CID 1228602:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "finh" = "(fuse_in_header_t *)iov_in[0].iov_base". Both are now tainted.
4843                     finh = (fuse_in_header_t *)iov_in[0].iov_base;
4844
4845                     if (res != finh->len
4846     #ifdef GF_DARWIN_HOST_OS
4847                         /* work around fuse4bsd/MacFUSE msg size miscalculation bug,
4848                          * that is, payload size is not taken into account for

________________________________________________________________________________________________________
*** CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
2125                                     lines = NULL;
2126                                     goto out;
2127                             }
2128                             lines = p;
2129                     }
2130
>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
2131                     lines[counter] = gf_strdup (buffer);
2132             }
2133
2134             lines[counter] = NULL;
2135             /* Reduce allocation to minimal size.  */
2136             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
2125                                     lines = NULL;
2126                                     goto out;
2127                             }
2128                             lines = p;
2129                     }
2130
>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
2131                     lines[counter] = gf_strdup (buffer);
2132             }
2133
2134             lines[counter] = NULL;
2135             /* Reduce allocation to minimal size.  */
2136             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
2125                                     lines = NULL;
2126                                     goto out;
2127                             }
2128                             lines = p;
2129                     }
2130
>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
2131                     lines[counter] = gf_strdup (buffer);
2132             }
2133
2134             lines[counter] = NULL;
2135             /* Reduce allocation to minimal size.  */
2136             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
2125                                     lines = NULL;
2126                                     goto out;
2127                             }
2128                             lines = p;
2129                     }
2130
>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
2131                     lines[counter] = gf_strdup (buffer);
2132             }
2133
2134             lines[counter] = NULL;
2135             /* Reduce allocation to minimal size.  */
2136             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/987?tab=overview

To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20141128/5251df31/attachment-0001.html>


More information about the Gluster-devel mailing list