[Gluster-devel] Fwd: New Defects reported by Coverity Scan for gluster/glusterfs
Atin Mukherjee
amukherj at redhat.com
Thu Jul 21 08:44:20 UTC 2016
On Thu, Jul 21, 2016 at 10:12 AM, Atin Mukherjee <atin.mukherjee83 at gmail.com
> wrote:
>
>
>
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to
> gluster/glusterfs found with Coverity Scan.
>
> 22 new defect(s) introduced to gluster/glusterfs found with Coverity Scan.
> 27 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan Showing 20 of 22 defect(s)
>
> ** CID 1357876: Memory – illegal accesses (USE_AFTER_FREE)
> /home/vijay/workspace/glusterfs/glusterfs/rpc/rpc-lib/src/rpc-transport.c:
> 680 in rpc_transport_inet_options_build()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357876: Memory – illegal accesses (USE_AFTER_FREE)
> /home/vijay/workspace/glusterfs/glusterfs/rpc/rpc-lib/src/rpc-transport.c:
> 680 in rpc_transport_inet_options_build() 674 goto out; 675 } 676 677 ret =
> dict_set_dynstr (dict, “remote-host”, host); 678 if (ret) { 679 GF_FREE
> (host);
>
> CID 1357876: Memory – illegal accesses (USE_AFTER_FREE) Passing freed
> pointer “host” as an argument to “_gf_log”.
>
> 680 gf_log (THIS->name, GF_LOG_WARNING, 681 “failed to set remote-host
> with %s”, host); 682 goto out; 683 } 684 685 ret = dict_set_int32 (dict,
> “remote-port”, port);
>
> ** CID 1357875: Code maintainability issues (UNUSED_VALUE)
> /xlators/experimental/jbr-server/src/jbr-cg.c: 667 in
> jbr_lk_perform_local_op()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357875: Code maintainability issues (UNUSED_VALUE)
> /xlators/experimental/jbr-server/src/jbr-cg.c: 667 in
> jbr_lk_perform_local_op() 661 goto out; 662 } else { 663
> list_add_tail(&local->qlinks, &ictx->aqueue); 664 ++(ictx->active); 665 }
> 666 UNLOCK(&ictx->lock);
>
> CID 1357875: Code maintainability issues (UNUSED_VALUE) Assigning value
> from “jbr_perform_lk_on_leader(frame, this, fd, cmd, flock, xdata)” to
> “ret” here, but that stored value is overwritten before it can be used.
>
> 667 ret = jbr_perform_lk_on_leader (frame, this, fd, cmd, 668 flock,
> xdata); 669 } 670 671 ret = 0; 672 out:
>
> ** CID 1357874: Insecure data handling (TAINTED_SCALAR)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-geo-rep.c:
> 819 in _fcbk_statustostruct()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357874: Insecure data handling (TAINTED_SCALAR)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-geo-rep.c:
> 819 in _fcbk_statustostruct() 813 while (isspace (*v)) 814 v++; 815 v =
> gf_strdup (v); 816 if (!v) 817 return -1; 818
>
> CID 1357874: Insecure data handling (TAINTED_SCALAR) Assigning: “k” =
> “gf_strdup”, which taints “k”.
>
> 819 k = gf_strdup (resbuf); 820 if (!k) { 821 GF_FREE (v); 822 return -1;
> 823 } 824
>
> ** CID 1357873: Security best practices violations (STRING_OVERFLOW)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-volume-ops.c:
> 2159 in glusterd_op_create_volume()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357873: Security best practices violations (STRING_OVERFLOW)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-volume-ops.c:
> 2159 in glusterd_op_create_volume() 2153 if (ret) { 2154 gf_msg
> (this->name, GF_LOG_ERROR, 0, 2155 GD_MSG_DICT_GET_FAILED, "Unable to get
> volume name"); 2156 goto out; 2157 } 2158
>
> CID 1357873: Security best practices violations (STRING_OVERFLOW) You
> might overrun the 261 byte fixed-size string “volinfo->volname” by copying
> “volname” without checking the length.
>
> 2159 strncpy (volinfo->volname, volname, strlen (volname)); 2160 GF_ASSERT
> (volinfo->volname); 2161 2162 ret = dict_get_int32 (dict, “type”,
> &volinfo->type); 2163 if (ret) { 2164 gf_msg (this->name, GF_LOG_ERROR, 0,
>
> ** CID 1357872: Security best practices violations (STRING_OVERFLOW)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-utils.c:
> 3454 in glusterd_import_volinfo()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357872: Security best practices violations (STRING_OVERFLOW)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-utils.c:
> 3454 in glusterd_import_volinfo() 3448 goto out; 3449 } 3450 3451 ret =
> glusterd_volinfo_new (&new_volinfo); 3452 if (ret) 3453 goto out;
>
> CID 1357872: Security best practices violations (STRING_OVERFLOW) You
> might overrun the 261 byte fixed-size string “new_volinfo->volname” by
> copying “volname” without checking the length.
>
> 3454 strncpy (new_volinfo->volname, volname, strlen (volname)); 3455 3456
> memset (key, 0, sizeof (key)); 3457 snprintf (key, sizeof (key),
> “%s%d.type”, prefix, count); 3458 ret = dict_get_int32 (peer_data, key,
> &new_volinfo->type); 3459 if (ret) {
>
> ** CID 1357871: (RESOURCE_LEAK)
> /xlators/experimental/jbr-server/src/jbr-cg.c: 10664 in jbr_open_term()
> /xlators/experimental/jbr-server/src/jbr-cg.c: 10668 in jbr_open_term()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357871: (RESOURCE_LEAK)
> /xlators/experimental/jbr-server/src/jbr-cg.c: 10664 in jbr_open_term()
> 10658 goto err; 10659 } 10660 priv->term_read = 0; 10661 10662 /* Success!
> */ 10663 STACK_UNWIND_STRICT (ipc, frame, 0, 0, NULL);
>
> CID 1357871: (RESOURCE_LEAK) Variable “path” going out of scope leaks the
> storage it points to.
>
> 10664 return; 10665 10666 err: 10667 STACK_UNWIND_STRICT (ipc, frame, -1,
> op_errno, NULL); 10668 } 10669
> /xlators/experimental/jbr-server/src/jbr-cg.c: 10668 in jbr_open_term()
> 10662 /* Success! */ 10663 STACK_UNWIND_STRICT (ipc, frame, 0, 0, NULL);
> 10664 return; 10665 10666 err: 10667 STACK_UNWIND_STRICT (ipc, frame, -1,
> op_errno, NULL);
>
> CID 1357871: (RESOURCE_LEAK) Variable “path” going out of scope leaks the
> storage it points to.
>
> 10668 } 10669 10670 10671 void 10672 jbr_next_entry (call_frame_t *frame,
> xlator_t *this) 10673 {
>
> ** CID 1357870: Resource leaks (RESOURCE_LEAK)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-handler.c:
> 2490 in __glusterd_handle_cluster_unlock()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357870: Resource leaks (RESOURCE_LEAK)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-handler.c:
> 2490 in __glusterd_handle_cluster_unlock() 2484 ret =
> glusterd_op_sm_inject_event (GD_OP_EVENT_UNLOCK, txn_id, ctx); 2485 2486
> out: 2487 glusterd_friend_sm (); 2488 glusterd_op_sm (); 2489
>
> CID 1357870: Resource leaks (RESOURCE_LEAK) Variable “ctx” going out of
> scope leaks the storage it points to.
>
> 2490 return ret; 2491 } 2492 2493 int 2494 glusterd_handle_cluster_unlock
> (rpcsvc_request_t *req) 2495 {
>
> ** CID 1357869: Resource leaks (RESOURCE_LEAK)
> /xlators/experimental/jbr-server/src/jbr-cg.c: 10568 in jbr_get_terms()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357869: Resource leaks (RESOURCE_LEAK)
> /xlators/experimental/jbr-server/src/jbr-cg.c: 10568 in jbr_get_terms()
> 10562 (void) sys_closedir (fp); 10563 } 10564 if (my_xdata) { 10565
> dict_unref(my_xdata); 10566 } 10567 STACK_UNWIND_STRICT (ipc, frame, -1,
> op_errno, NULL);
>
> CID 1357869: Resource leaks (RESOURCE_LEAK) Variable “probe_str” going out
> of scope leaks the storage it points to.
>
> 10568 } 10569 10570 10571 long 10572 get_entry_count (xlator_t *this, int
> fd) 10573 {
>
> ** CID 1357868: Null pointer dereferences (NULL_RETURNS)
> /home/vijay/workspace/glusterfs/glusterfs/libglusterfs/src/iobuf.c: 704 in
> iobuf_get_page_aligned()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357868: Null pointer dereferences (NULL_RETURNS)
> /home/vijay/workspace/glusterfs/glusterfs/libglusterfs/src/iobuf.c: 704 in
> iobuf_get_page_aligned() 698 * arenas, then we use iobuf->free_ptr to store
> the original 699 * pointer to the offset into the mmap'd block of memory
> and in turn 700 * reuse iobuf->ptr to hold the page-aligned address. And
> finally, in 701 * iobuf_put(), we copy iobuf->free_ptr into iobuf->ptr –
> back to where 702 * it was originally when __iobuf_get() returned this
> iobuf. 703 */
>
> CID 1357868: Null pointer dereferences (NULL_RETURNS) Dereferencing a null
> pointer “iobuf”.
>
> 704 if (!iobuf->free_ptr) 705 iobuf->free_ptr = iobuf->ptr; 706 iobuf->ptr
> = GF_ALIGN_BUF (iobuf->ptr, align_size); 707 708 return iobuf; 709 }
>
> ** CID 1357867: Control flow issues (NESTING_INDENT_MISMATCH)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/performance/md-cache/src/md-cache.c:
> 2568 in notify()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357867: Control flow issues (NESTING_INDENT_MISMATCH)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/performance/md-cache/src/md-cache.c:
> 2568 in notify() 2562 mdc_update_child_down_time (this, &now); 2563 ret =
> default_notify (this, event, data); 2564 break; 2565 case GF_EVENT_UPCALL:
> 2566 if (conf->mdc_invalidation) 2567 ret = mdc_invalidate (this, data);
>
> CID 1357867: Control flow issues (NESTING_INDENT_MISMATCH) This ‘if’
> statement is indented to column 25, as if it were nested within the
> preceding parent statement, but it is not.
>
> 2568 if (default_notify (this, event, data) != 0) 2569 ret = -1; 2570
> break; 2571 default: 2572 ret = default_notify (this, event, data); 2573
> break;
>
> ** CID 1357866: Control flow issues (DEADCODE)
> /home/vijay/workspace/glusterfs/glusterfs/rpc/xdr/src/glusterfs3.h: 375 in
> gf_proto_cache_invalidation_from_upcall()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357866: Control flow issues (DEADCODE)
> /home/vijay/workspace/glusterfs/glusterfs/rpc/xdr/src/glusterfs3.h: 375 in
> gf_proto_cache_invalidation_from_upcall() 369 gf_stat_from_iatt
> (&gf_c_req->oldparent_stat, &gf_c_data->oldp_stat); 370 371 ret = 0; 372
> GF_PROTOCOL_DICT_SERIALIZE (this, gf_c_data->dict,
> &(gf_c_req->xdata).xdata_val, 373 (gf_c_req->xdata).xdata_len, ret, out);
> 374 if (ret > 0)
>
> CID 1357866: Control flow issues (DEADCODE) Execution cannot reach this
> statement: “ret = -ret;”.
>
> 375 ret = -ret; 376 out: 377 return ret; 378 } 379 380 static inline int
>
> ** CID 1357865: Control flow issues (DEADCODE)
> /home/vijay/workspace/glusterfs/glusterfs/cli/src/cli-cmd-parser.c: 2712 in
> cli_cmd_gsync_set_parse()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357865: Control flow issues (DEADCODE)
> /home/vijay/workspace/glusterfs/glusterfs/cli/src/cli-cmd-parser.c: 2712 in
> cli_cmd_gsync_set_parse() 2706 !strcmp ((char *)words[wordcount-1],
> "reset-sync-time")) { 2707 if (strcmp ((char *)words[wordcount-2],
> "delete")) { 2708 ret = -1; 2709 goto out; 2710 } 2711 if (!slavei ||
> !masteri) {
>
> CID 1357865: Control flow issues (DEADCODE) Execution cannot reach this
> statement: “ret = -1;”.
>
> 2712 ret = -1; 2713 goto out; 2714 } 2715 ret = dict_set_uint32 (dict,
> “reset-sync-time”, _gf_true); 2716 if (ret) 2717 goto out;
>
> ** CID 1357864: Security best practices violations (DC.WEAK_CRYPTO)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/common.c:
> 1131 in pl_does_monkey_want_stuck_lock()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357864: Security best practices violations (DC.WEAK_CRYPTO)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/common.c:
> 1131 in pl_does_monkey_want_stuck_lock() 1125 gf_boolean_t 1126
> pl_does_monkey_want_stuck_lock() 1127 { 1128 long int monkey_unlock_rand =
> 0; 1129 long int monkey_unlock_rand_rem = 0; 1130
>
> CID 1357864: Security best practices violations (DC.WEAK_CRYPTO) “random”
> should not be used for security related applications, as linear
> congruential algorithms are too easy to break.
>
> 1131 monkey_unlock_rand = random (); 1132 monkey_unlock_rand_rem =
> monkey_unlock_rand % 100; 1133 if (monkey_unlock_rand_rem == 0) 1134 return
> _gf_true; 1135 return _gf_false;
>
> ** CID 1357863: Memory – illegal accesses (BUFFER_SIZE_WARNING)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/features/changetimerecorder/src/changetimerecorder.c:
> 129 in ctr_lookup_wind()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357863: Memory – illegal accesses (BUFFER_SIZE_WARNING)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/features/changetimerecorder/src/changetimerecorder.c:
> 129 in ctr_lookup_wind() 123 CTR_DB_REC(ctr_local).gfdb_fop_path =
> ctr_inode_cx->fop_path; 124 CTR_DB_REC(ctr_local).gfdb_fop_type =
> ctr_inode_cx->fop_type; 125 126 /* Copy hard link info*/ 127 gf_uuid_copy
> (CTR_DB_REC(ctr_local).pargfid, 128
> *((NEW_LINK_CX(ctr_inode_cx))->pargfid));
>
> CID 1357863: Memory – illegal accesses (BUFFER_SIZE_WARNING) Calling
> strncpy with a maximum size argument of 256 bytes on destination array
> “ctr_local->gfdb_db_record.file_name” of size 256 bytes might leave the
> destination string unterminated.
>
> 129 strncpy (CTR_DB_REC(ctr_local).file_name, 130
> NEW_LINK_CX(ctr_inode_cx)->basename, 131
> sizeof(CTR_DB_REC(ctr_local).file_name)); 132 133 /* Since we are in lookup
> we can ignore errors while 134 * Inserting in the DB, because there may be
> many
>
> ** CID 1357862: Error handling issues (CHECKED_RETURN)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/performance/io-cache/src/io-cache.c:
> 218 in ioc_lookup_cbk()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357862: Error handling issues (CHECKED_RETURN)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/performance/io-cache/src/io-cache.c:
> 218 in ioc_lookup_cbk() 212 if (!ioc_inode) { 213 weight = ioc_get_priority
> (table, path); 214 215 ioc_inode = ioc_inode_update (table, inode, 216
> weight); 217
>
> CID 1357862: Error handling issues (CHECKED_RETURN) Calling
> “__inode_ctx_put” without checking return value (as is done elsewhere 7 out
> of 8 times).
>
> 218 __inode_ctx_put (inode, this, 219 (uint64_t)(long)ioc_inode); 220 }
> 221 } 222 UNLOCK (&inode->lock); 223
>
> ** CID 1357861: (BUFFER_SIZE_WARNING)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c:
> 4172 in posix_get_ancestry_non_directory()
> /home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c:
> 4179 in posix_get_ancestry_non_directory()
> /home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c:
> 4154 in posix_get_ancestry_non_directory()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357861: (BUFFER_SIZE_WARNING)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c:
> 4172 in posix_get_ancestry_non_directory() 4166 "%s: key = %s ", leaf_path,
> key); 4167 goto out; 4168 } 4169 4170 nlink_samepgfid = ntoh32
> (nlink_samepgfid); 4171
>
> CID 1357861: (BUFFER_SIZE_WARNING) Calling strncpy with a maximum size
> argument of 37 bytes on destination array “pgfidstr” of size 37 bytes might
> leave the destination string unterminated.
>
> 4172 strncpy (pgfidstr, key + strlen(PGFID_XATTR_KEY_PREFIX), 4173
> sizeof(pgfidstr)); 4174 gf_uuid_parse (pgfidstr, pgfid); 4175 4176
> handle_size = POSIX_GFID_HANDLE_SIZE(priv->base_path_length); 4177
> /home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c:
> 4179 in posix_get_ancestry_non_directory() 4173 sizeof(pgfidstr)); 4174
> gf_uuid_parse (pgfidstr, pgfid); 4175 4176 handle_size =
> POSIX_GFID_HANDLE_SIZE(priv->base_path_length); 4177 4178 /* constructing
> the absolute real path of parent dir */
>
> CID 1357861: (BUFFER_SIZE_WARNING) Calling strncpy with a maximum size
> argument of 4096 bytes on destination array “dirpath” of size 4096 bytes
> might leave the destination string unterminated.
>
> 4179 strncpy (dirpath, priv->base_path, sizeof(dirpath)); 4180 pathlen =
> PATH_MAX + 1 – priv->base_path_length; 4181 4182 op_ret =
> posix_make_ancestryfromgfid (this, 4183 dirpath + priv->base_path_length,
> 4184 pathlen,
> /home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c:
> 4154 in posix_get_ancestry_non_directory() 4148 gf_msg (this->name,
> GF_LOG_WARNING, errno, P_MSG_LSTAT_FAILED, 4149 “lstat failed on %s”,
> leaf_path); 4150 goto out; 4151 } 4152 4153 while (remaining_size > 0) {
>
> CID 1357861: (BUFFER_SIZE_WARNING) Calling strncpy with a maximum size
> argument of 4096 bytes on destination array “key” of size 4096 bytes might
> leave the destination string unterminated.
>
> 4154 strncpy (key, list + list_offset, sizeof(key)); 4155 if (strncmp
> (key, PGFID_XATTR_KEY_PREFIX, 4156 strlen (PGFID_XATTR_KEY_PREFIX)) != 0)
> 4157 goto next; 4158 4159 op_ret = sys_lgetxattr (leaf_path, key,
>
> ** CID 1357860: Memory – illegal accesses (BUFFER_SIZE_WARNING)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-geo-rep.c:
> 1829 in glusterd_op_verify_gsync_start_options()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357860: Memory – illegal accesses (BUFFER_SIZE_WARNING)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-geo-rep.c:
> 1829 in glusterd_op_verify_gsync_start_options() 1823 “before “GEOREP”
> start”, volinfo->volname); 1824 goto out; 1825 } 1826 1827 /* check session
> directory as statefile may not present 1828 * during upgrade */
>
> CID 1357860: Memory – illegal accesses (BUFFER_SIZE_WARNING) Calling
> strncpy with a maximum size argument of 4096 bytes on destination array
> “statefiledir” of size 4096 bytes might leave the destination string
> unterminated.
>
> 1829 strncpy (statefiledir, statefile, sizeof(statefiledir)); 1830
> statedir = dirname (statefiledir); 1831 1832 ret = sys_lstat (statedir,
> &stbuf); 1833 if (ret) { 1834 snprintf (msg, sizeof (msg), “Session between
> %s and %s has”
>
> ** CID 1357859: (BUFFER_SIZE_WARNING)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c:
> 4501 in posix_getxattr()
> /home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c:
> 4605 in posix_getxattr()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357859: (BUFFER_SIZE_WARNING)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c:
> 4501 in posix_getxattr() 4495 } 4496 4497 goto done; 4498 } 4499 4500 if
> (name) {
>
> CID 1357859: (BUFFER_SIZE_WARNING) Calling strncpy with a maximum size
> argument of 4096 bytes on destination array “keybuffer” of size 4096 bytes
> might leave the destination string unterminated.
>
> 4501 strncpy (keybuffer, name, sizeof(keybuffer)); 4502 char *key =
> keybuffer; 4503 #if defined(GF_DARWIN_HOST_OS_DISABLED) 4504 if
> (priv->xattr_user_namespace == XATTR_STRIP) { 4505 if (strncmp(key,
> "user.",5) == 0) { 4506 key += 5;
> /home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c:
> 4605 in posix_getxattr() 4599 goto out; 4600 } 4601 4602 remaining_size =
> size; 4603 list_offset = 0; 4604 while (remaining_size > 0) {
>
> CID 1357859: (BUFFER_SIZE_WARNING) Calling strncpy with a maximum size
> argument of 4096 bytes on destination array “keybuffer” of size 4096 bytes
> might leave the destination string unterminated.
>
> 4605 strncpy (keybuffer, list + list_offset, sizeof(keybuffer)); 4606 if
> (frame->root->pid != GF_CLIENT_PID_GSYNCD && 4607 fnmatch
> ("*.glusterfs.*.stime", keybuffer, FNM_PERIOD) == 0) 4608 goto ignore; 4609
> 4610 size = sys_lgetxattr (real_path, keybuffer, NULL, 0);
>
> ** CID 1357858: Memory – corruptions (BUFFER_SIZE)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-volgen.c:
> 3731 in volume_volgen_graph_build_clusters()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1357858: Memory – corruptions (BUFFER_SIZE)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-volgen.c:
> 3731 in volume_volgen_graph_build_clusters() 3725 dist_count =
> volinfo->brick_count / volinfo->dist_leaf_count; 3726 if (!dist_count) {
> 3727 ret = -1; 3728 goto out; 3729 } 3730 if
> (volinfo->tier_info.hot_brick_count) {
>
> CID 1357858: Memory – corruptions (BUFFER_SIZE) You might overrun the 256
> byte destination string “tmp_volname” by writing the maximum 260 bytes from
> “volinfo->volname”.
>
> 3731 strncpy (tmp_volname, volinfo->volname, 3732 strlen
> (volinfo->volname)); 3733 if (volinfo->tier_info.cur_tier_hot) 3734 strcat
> (volinfo->volname, "-hot"); 3735 else 3736 strcat (volinfo->volname,
> "-cold");
>
> ** CID 1351683: Resource leaks (RESOURCE_LEAK)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-volgen.c:
> 3563 in set_afr_pending_xattrs_option()
>
>
> *_____________________________________________________________________________________________________*_
> *** CID 1351683: Resource leaks (RESOURCE_LEAK)
> /home/vijay/workspace/glusterfs/glusterfs/xlators/mgmt/glusterd/src/glusterd-volgen.c:
> 3563 in set_afr_pending_xattrs_option() 3557 strncat (ptr, brick->brick_id,
> strlen(brick->brick_id)); 3558 if (i == volinfo->replica_count) { 3559 ret
> = xlator_set_option (afr_xlators_list[index++], 3560 “afr-pending-xattr”,
> 3561 afr_xattrs_list); 3562 if (ret)
>
> CID 1351683: Resource leaks (RESOURCE_LEAK) Variable “afr_xlators_list”
> going out of scope leaks the storage it points to.
>
> 3563 return ret; 3564 memset (afr_xattrs_list, 0, list_size); 3565 ptr =
> afr_xattrs_list; 3566 i = 1; 3567 continue; 3568 }
>
Anuradha,
Can you take a look at the above two defects?
>
> *_____________________________________________________________________________________________________*_
> To view the defects in Coverity Scan visit,
> https://scan.coverity.com/projects/gluster-glusterfs?tab=overview
> <https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBK54bFWohdObZ6wlkeK264nDC24cnLwH4MTOSDXRjQcO27-2F6DmQXPB4g4Mz-2BEJJ0-3D_MGdSxOtVesORpvKsy8XkEUz8gK23WuwInCh-2FVRcDCRGBE-2F3TR3IOKi8oYByYaJKFWH29l24rf2-2Bt9oJ0-2BSGes9zIlWtqOEFQxHndbblS9YkMRU7DhD5fjEd9SfzVzR0ytt5-2B1Oe2zAYFWEWs2TpA7r7hhAvcZBTgecfyfkLbQCWue4TI159MKdJrXKuQK8DHpBVSyX4uxXIJVPNkFMLq8-2FXztFS7n2mjR1EiYjz-2BFgo-3D>
>
> To manage Coverity Scan email notifications for “
> atin.mukherjee83 at gmail.com”, click
> https://scan.coverity.com/subscriptions/edit?email=atin.mukherjee83%40gmail.com&token=24e0fdee18fec699fd7c10fcd0d2a27e
> <https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4F4Na18V6TzekbRgLfnxbftCtNrSI0AdVE2H7Oze59ZO0QossEy3LBj8V8EoFBmLcCGWfAfPSpkvjpvSyEnHW4SE-2Fd5u6fIUaVdSUke9RseU-3D_MGdSxOtVesORpvKsy8XkEUz8gK23WuwInCh-2FVRcDCRGBE-2F3TR3IOKi8oYByYaJKFWH29l24rf2-2Bt9oJ0-2BSGesxcG8qOHhREVqSn8S4O-2B0w53NuXhPDnom46-2BCg2Z0OnXewRHaru1sN8I-2FdHYO7RrUnyR2ORbAOutoWyPtuqEZWeTXEvG-2BxR1o61yxmZ56j0dv6uA8A7oqSMDLLJqRr9YamypQny-2BGOm7k64flahA8RM-3D>
>
>
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-devel
>
--
--Atin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.gluster.org/pipermail/gluster-devel/attachments/20160721/d763e812/attachment-0001.html>
More information about the Gluster-devel
mailing list