[Gluster-devel] Fwd: New Defects reported by Coverity Scan for GlusterFS
Lalatendu Mohanty
lmohanty at redhat.com
Fri Nov 28 07:07:30 UTC 2014
Guideline for fixing Coverity issues :
http://www.gluster.org/community/documentation/index.php/Fixing_Issues_Reported_By_Tools_For_Static_Code_Analysis#Coverity
Thanks,
Lala
-------- Forwarded Message --------
Subject: New Defects reported by Coverity Scan for GlusterFS
Date: Thu, 27 Nov 2014 12:31:06 -0800
From: scan-admin at coverity.com
To: lala at redhat.com
Hi,
Please find the latest report on new defect(s) introduced to GlusterFS found with Coverity Scan.
13 new defect(s) introduced to GlusterFS found with Coverity Scan.
97 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)
** CID 1256178: Logically dead code (DEADCODE)
/api/src/glfs.c: 153 in glusterfs_ctx_defaults_init()
** CID 1256180: Logically dead code (DEADCODE)
/api/src/glfs.c: 161 in glusterfs_ctx_defaults_init()
** CID 1256176: Logically dead code (DEADCODE)
/glusterfsd/src/glusterfsd.c: 1426 in glusterfs_ctx_defaults_init()
** CID 1256179: Dereference after null check (FORWARD_NULL)
/xlators/nfs/server/src/mount3.c: 1082 in mnt3_readlink_cbk()
** CID 1256177: Explicit null dereferenced (FORWARD_NULL)
/api/src/glfs-fops.c: 702 in pub_glfs_preadv_async()
** CID 1256175: Array compared against 0 (NO_EFFECT)
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()
** CID 1256173: Thread deadlock (ORDER_REVERSAL)
/xlators/cluster/ec/src/ec-common.c: 1335 in ec_unlock_timer_add()
** CID 1256174: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd.c: 287 in glusterd_dump_peer()
** CID 1256172: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd.c: 330 in glusterd_dump_peer_rpcstat()
** CID 1256171: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd-handshake.c: 279 in build_volfile_path()
** CID 1238183: Missing break in switch (MISSING_BREAK)
/xlators/mgmt/glusterd/src/glusterd-rebalance.c: 577 in glusterd_op_stage_rebalance()
** CID 1228602: Use of untrusted scalar value (TAINTED_SCALAR)
/xlators/mount/fuse/src/fuse-bridge.c: 4843 in fuse_thread_proc()
** CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
________________________________________________________________________________________________________
*** CID 1256178: Logically dead code (DEADCODE)
/api/src/glfs.c: 153 in glusterfs_ctx_defaults_init()
147
148 pthread_mutex_init (&(ctx->lock), NULL);
149
150 ret = 0;
151 err:
152 if (ret && pool) {
>>> CID 1256178: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "if (pool->frame_mem_pool)
...".
153 if (pool->frame_mem_pool)
154 mem_pool_destroy (pool->frame_mem_pool);
155 if (pool->stack_mem_pool)
156 mem_pool_destroy (pool->stack_mem_pool);
157 GF_FREE (pool);
158 }
________________________________________________________________________________________________________
*** CID 1256180: Logically dead code (DEADCODE)
/api/src/glfs.c: 161 in glusterfs_ctx_defaults_init()
155 if (pool->stack_mem_pool)
156 mem_pool_destroy (pool->stack_mem_pool);
157 GF_FREE (pool);
158 }
159
160 if (ret && ctx) {
>>> CID 1256180: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement "if (ctx->stub_mem_pool)
m...".
161 if (ctx->stub_mem_pool)
162 mem_pool_destroy (ctx->stub_mem_pool);
163 if (ctx->dict_pool)
164 mem_pool_destroy (ctx->dict_pool);
165 if (ctx->dict_data_pool)
166 mem_pool_destroy (ctx->dict_data_pool);
________________________________________________________________________________________________________
*** CID 1256176: Logically dead code (DEADCODE)
/glusterfsd/src/glusterfsd.c: 1426 in glusterfs_ctx_defaults_init()
1420 lim.rlim_max = RLIM_INFINITY;
1421 setrlimit (RLIMIT_CORE, &lim);
1422
1423 ret = 0;
1424 out:
1425
>>> CID 1256176: Logically dead code (DEADCODE)
>>> Execution cannot reach this expression "ctx" inside statement "if (ret && ctx) {
if (ctx...".
1426 if (ret && ctx) {
1427 if (ctx->pool) {
1428 mem_pool_destroy (ctx->pool->frame_mem_pool);
1429 mem_pool_destroy (ctx->pool->stack_mem_pool);
1430 }
1431 GF_FREE (ctx->pool);
________________________________________________________________________________________________________
*** CID 1256179: Dereference after null check (FORWARD_NULL)
/xlators/nfs/server/src/mount3.c: 1082 in mnt3_readlink_cbk()
1076 GF_FREE (relative_path);
1077
1078 return ret;
1079
1080 mnterr:
1081 mntstat = mnt3svc_errno_to_mnterr (-ret);
>>> CID 1256179: Dereference after null check (FORWARD_NULL)
>>> Dereferencing null pointer "mres".
1082 mnt3svc_mnt_error_reply (mres->req, mntstat);
1083 if (absolute_path)
1084 GF_FREE (absolute_path);
1085 if (parent_path)
1086 GF_FREE (parent_path);
1087 if (relative_path)
________________________________________________________________________________________________________
*** CID 1256177: Explicit null dereferenced (FORWARD_NULL)
/api/src/glfs-fops.c: 702 in pub_glfs_preadv_async()
696 void *data)
697 {
698 struct glfs_io *gio = NULL;
699 int ret = 0;
700 call_frame_t *frame = NULL;
701 xlator_t *subvol = NULL;
>>> CID 1256177: Explicit null dereferenced (FORWARD_NULL)
>>> Assigning: "fs" = "NULL".
702 glfs_t *fs = NULL;
703 fd_t *fd = NULL;
704
705 __glfs_entry_fd (glfd);
706
707 subvol = priv_glfs_active_subvol (glfd->fs);
________________________________________________________________________________________________________
*** CID 1256175: Array compared against 0 (NO_EFFECT)
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()
2427 }
2428
2429 continue;
2430 }
2431
2432 /* Check if the brick has a LV associated with it */
>>> CID 1256175: Array compared against 0 (NO_EFFECT)
>>> Comparing an array to null is not useful: "!brickinfo->device_path".
2433 if (!brickinfo->device_path) {
2434 gf_log (this->name, GF_LOG_DEBUG,
2435 "Brick (%s:%s) does not have a LV "
2436 "associated with it. Removing the brick path",
2437 brickinfo->hostname, brickinfo->path);
2438 goto remove_brick_path;
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in glusterd_lvm_snapshot_remove()
2427 }
2428
2429 continue;
2430 }
2431
2432 /* Check if the brick has a LV associated with it */
>>> CID 1256175: Array compared against 0 (NO_EFFECT)
>>> Comparing an array to null is not useful: "brickinfo->device_path".
2433 if (!brickinfo->device_path) {
2434 gf_log (this->name, GF_LOG_DEBUG,
2435 "Brick (%s:%s) does not have a LV "
2436 "associated with it. Removing the brick path",
2437 brickinfo->hostname, brickinfo->path);
2438 goto remove_brick_path;
________________________________________________________________________________________________________
*** CID 1256173: Thread deadlock (ORDER_REVERSAL)
/xlators/cluster/ec/src/ec-common.c: 1335 in ec_unlock_timer_add()
1329 } else {
1330 ec_trace("UNLOCK_DELAY", fop, "lock=%p", lock);
1331
1332 delay.tv_sec = 1;
1333 delay.tv_nsec = 0;
1334
>>> CID 1256173: Thread deadlock (ORDER_REVERSAL)
>>> Calling "pthread_spin_lock(pthread_spinlock_t *)" acquires lock "_ec_fop_data.lock" while holding lock "_inode.lock" (count: 1 / 3).
1335 LOCK(&fop->lock);
1336
1337 fop->jobs++;
1338 fop->refs++;
1339
1340 UNLOCK(&fop->lock);
________________________________________________________________________________________________________
*** CID 1256174: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd.c: 287 in glusterd_dump_peer()
281 glusterd_dump_peer (glusterd_peerinfo_t *peerinfo, char *input_key, int index,
282 gf_boolean_t xpeers)
283 {
284 char subkey[50] = {0,};
285 char key[GF_DUMP_MAX_BUF_LEN] = {0,};
286
>>> CID 1256174: Copy into fixed size buffer (STRING_OVERFLOW)
>>> Note: This defect has an elevated risk because the source argument is a parameter of the current function.
287 strcpy (key, input_key);
288
289 snprintf (subkey, sizeof (subkey), "%s%d", key, index);
290
291 gf_proc_dump_build_key (key, subkey, "uuid");
292 gf_proc_dump_write (key, "%s",
________________________________________________________________________________________________________
*** CID 1256172: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd.c: 330 in glusterd_dump_peer_rpcstat()
324 int ret = -1;
325 rpc_clnt_t *rpc = NULL;
326 char rpcsvc_peername[RPCSVC_PEER_STRLEN] = {0,};
327 char subkey[50] = {0,};
328 char key[GF_DUMP_MAX_BUF_LEN] = {0,};
329
>>> CID 1256172: Copy into fixed size buffer (STRING_OVERFLOW)
>>> Note: This defect has an elevated risk because the source argument is a parameter of the current function.
330 strcpy (key, input_key);
331
332 /* Dump the rpc connection statistics */
333 rpc = peerinfo->rpc;
334 if (rpc) {
335 conn = &rpc->conn;
________________________________________________________________________________________________________
*** CID 1256171: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd-handshake.c: 279 in build_volfile_path()
273 if (ret == -1)
274 goto out;
275
276 ret = stat (path, &stbuf);
277
278 if ((ret == -1) && (errno == ENOENT)) {
>>> CID 1256171: Copy into fixed size buffer (STRING_OVERFLOW)
>>> You might overrun the 4096 byte fixed-size string "dup_volid" by copying "volid_ptr" without checking the length.
279 strcpy (dup_volid, volid_ptr);
280 if (!strchr (dup_volid, '.')) {
281 switch (volinfo->transport_type) {
282 case GF_TRANSPORT_TCP:
283 strcat (dup_volid, ".tcp");
284 break;
________________________________________________________________________________________________________
*** CID 1238183: Missing break in switch (MISSING_BREAK)
/xlators/mgmt/glusterd/src/glusterd-rebalance.c: 577 in glusterd_op_stage_rebalance()
571 "disconnect those clients before "
572 "attempting this command again.",
573 volname);
574 goto out;
575 }
576
>>> CID 1238183: Missing break in switch (MISSING_BREAK)
>>> The above case falls through to this one.
577 case GF_DEFRAG_CMD_START_FORCE:
578 if (is_origin_glusterd (dict)) {
579 op_ctx = glusterd_op_get_ctx ();
580 if (!op_ctx) {
581 ret = -1;
582 gf_log (this->name, GF_LOG_ERROR,
________________________________________________________________________________________________________
*** CID 1228602: Use of untrusted scalar value (TAINTED_SCALAR)
/xlators/mount/fuse/src/fuse-bridge.c: 4843 in fuse_thread_proc()
4837 "short read on /dev/fuse");
4838 fuse_log_eh (this, "glusterfs-fuse: short read on "
4839 "/dev/fuse");
4840 break;
4841 }
4842
>>> CID 1228602: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "finh" = "(fuse_in_header_t *)iov_in[0].iov_base". Both are now tainted.
4843 finh = (fuse_in_header_t *)iov_in[0].iov_base;
4844
4845 if (res != finh->len
4846 #ifdef GF_DARWIN_HOST_OS
4847 /* work around fuse4bsd/MacFUSE msg size miscalculation bug,
4848 * that is, payload size is not taken into account for
________________________________________________________________________________________________________
*** CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
2125 lines = NULL;
2126 goto out;
2127 }
2128 lines = p;
2129 }
2130
>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
2131 lines[counter] = gf_strdup (buffer);
2132 }
2133
2134 lines[counter] = NULL;
2135 /* Reduce allocation to minimal size. */
2136 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
2125 lines = NULL;
2126 goto out;
2127 }
2128 lines = p;
2129 }
2130
>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
2131 lines[counter] = gf_strdup (buffer);
2132 }
2133
2134 lines[counter] = NULL;
2135 /* Reduce allocation to minimal size. */
2136 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
2125 lines = NULL;
2126 goto out;
2127 }
2128 lines = p;
2129 }
2130
>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
2131 lines[counter] = gf_strdup (buffer);
2132 }
2133
2134 lines[counter] = NULL;
2135 /* Reduce allocation to minimal size. */
2136 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in glusterd_readin_file()
2125 lines = NULL;
2126 goto out;
2127 }
2128 lines = p;
2129 }
2130
>>> CID 1228603: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
2131 lines[counter] = gf_strdup (buffer);
2132 }
2133
2134 lines[counter] = NULL;
2135 /* Reduce allocation to minimal size. */
2136 p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/987?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20141128/5251df31/attachment-0001.html>
More information about the Gluster-devel
mailing list