[Gluster-devel] New Defects reported by Coverity Scan for gluster/glusterfs
scan-admin at coverity.com
scan-admin at coverity.com
Tue Jun 14 15:47:15 UTC 2016
Hi,
Please find the latest report on new defect(s) introduced to gluster/glusterfs found with Coverity Scan.
125 new defect(s) introduced to gluster/glusterfs found with Coverity Scan.
95 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 125 defect(s)
** CID 1356589: Memory - illegal accesses (USE_AFTER_FREE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/common.c: 492 in new_posix_lock()
________________________________________________________________________________________________________
*** CID 1356589: Memory - illegal accesses (USE_AFTER_FREE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/common.c: 492 in new_posix_lock()
486
487 lock->blocking = blocking;
488
489 INIT_LIST_HEAD (&lock->list);
490
491 out:
>>> CID 1356589: Memory - illegal accesses (USE_AFTER_FREE)
>>> Using freed pointer "lock".
492 return lock;
493 }
494
495
496 /* Delete a lock from the inode's lock list */
497 void
** CID 1356588: Memory - illegal accesses (USE_AFTER_FREE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/protocol/client/src/client-rpc-fops.c: 6164 in client3_3_compound()
________________________________________________________________________________________________________
*** CID 1356588: Memory - illegal accesses (USE_AFTER_FREE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/protocol/client/src/client-rpc-fops.c: 6164 in client3_3_compound()
6158 goto unwind;
6159 }
6160
6161 iobref_add (rsphdr_iobref, rsphdr_iobuf);
6162 iobuf_unref (rsphdr_iobuf);
6163 rsphdr = &vector[0];
>>> CID 1356588: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "rsphdr_iobuf".
6164 rsphdr->iov_base = iobuf_ptr (rsphdr_iobuf);
6165 rsphdr->iov_len = iobuf_pagesize (rsphdr_iobuf);
6166 rsphdr_count = 1;
6167 local->iobref = rsp_iobref;
6168 rsphdr_iobuf = NULL;
6169 rsphdr_iobref = NULL;
** CID 1356587: Memory - illegal accesses (USE_AFTER_FREE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/protocol/client/src/client-helpers.c: 1264 in client_handle_fop_requirements()
________________________________________________________________________________________________________
*** CID 1356587: Memory - illegal accesses (USE_AFTER_FREE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/protocol/client/src/client-helpers.c: 1264 in client_handle_fop_requirements()
1258 iobuf_unref (rsp_iobuf);
1259
1260 if (*rsp_count + 1 >= MAX_IOVEC) {
1261 op_errno = ENOMEM;
1262 goto out;
1263 }
>>> CID 1356587: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "rsp_iobuf".
1264 rsp_vector[*rsp_count].iov_base = iobuf_ptr (rsp_iobuf);
1265 rsp_vector[*rsp_count].iov_len = iobuf_pagesize (rsp_iobuf);
1266 rsp_iobuf = NULL;
1267 if (args->size > rsp_vector[*rsp_count].iov_len) {
1268 gf_msg (this->name, GF_LOG_WARNING, ENOMEM,
1269 PC_MSG_NO_MEMORY,
** CID 1356586: Memory - illegal accesses (USE_AFTER_FREE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 2857 in new_meta_lock()
________________________________________________________________________________________________________
*** CID 1356586: Memory - illegal accesses (USE_AFTER_FREE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 2857 in new_meta_lock()
2851 GF_FREE (lock);
2852 goto out;
2853 }
2854
2855 __pl_metalk_ref (lock);
2856 out:
>>> CID 1356586: Memory - illegal accesses (USE_AFTER_FREE)
>>> Using freed pointer "lock".
2857 return lock;
2858 }
2859
2860 int
2861 pl_insert_metalk (pl_inode_t *pl_inode, pl_ctx_t *ctx, pl_meta_lock_t *lock)
2862 {
** CID 1356585: Memory - illegal accesses (USE_AFTER_FREE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 3796 in gf_lkmig_info_to_posix_lock()
________________________________________________________________________________________________________
*** CID 1356585: Memory - illegal accesses (USE_AFTER_FREE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 3796 in gf_lkmig_info_to_posix_lock()
3790 lock->client_pid = lmi->flock.l_pid;
3791 lock->owner = lmi->flock.l_owner;
3792
3793 INIT_LIST_HEAD (&lock->list);
3794
3795 out:
>>> CID 1356585: Memory - illegal accesses (USE_AFTER_FREE)
>>> Using freed pointer "lock".
3796 return lock;
3797 }
3798
3799 /* This function is supposed to write the active locks from the source brick(in
3800 * rebalance context) and write here. Hence, will add the locks directly to the
3801 * pl_inode->ext_list*/
** CID 1356584: (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/heal/src/glfs-heal.c: 167 in glfsh_xml_end()
/home/vijay/workspace/glusterfs/glusterfs/heal/src/glfs-heal.c: 163 in glfsh_xml_end()
________________________________________________________________________________________________________
*** CID 1356584: (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/heal/src/glfs-heal.c: 167 in glfsh_xml_end()
161
162 if (op_errstr)
163 ret = xmlTextWriterWriteFormatElement (glfsh_writer,
164 (xmlChar *)"opErrstr",
165 "%s", op_errstr);
166 else
>>> CID 1356584: (UNUSED_VALUE)
>>> Assigning value from "xmlTextWriterWriteFormatElement(glfsh_writer, (xmlChar *)"opErrstr", "%s", "")" to "ret" here, but that stored value is overwritten before it can be used.
167 ret = xmlTextWriterWriteFormatElement (glfsh_writer,
168 (xmlChar *)"opErrstr",
169 "%s", "");
170 ret = xmlTextWriterEndDocument (glfsh_writer);
171 XML_RET_CHECK_AND_GOTO (ret, xml_out);
172
/home/vijay/workspace/glusterfs/glusterfs/heal/src/glfs-heal.c: 163 in glfsh_xml_end()
157 ret = xmlTextWriterWriteFormatElement (glfsh_writer,
158 (xmlChar *)"opErrno",
159 "%d", op_errno);
160 XML_RET_CHECK_AND_GOTO (ret, xml_out);
161
162 if (op_errstr)
>>> CID 1356584: (UNUSED_VALUE)
>>> Assigning value from "xmlTextWriterWriteFormatElement(glfsh_writer, (xmlChar *)"opErrstr", "%s", op_errstr)" to "ret" here, but that stored value is overwritten before it can be used.
163 ret = xmlTextWriterWriteFormatElement (glfsh_writer,
164 (xmlChar *)"opErrstr",
165 "%s", op_errstr);
166 else
167 ret = xmlTextWriterWriteFormatElement (glfsh_writer,
168 (xmlChar *)"opErrstr",
** CID 1356583: Code maintainability issues (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 316 in pl_posixlk_xattr_fill()
________________________________________________________________________________________________________
*** CID 1356583: Code maintainability issues (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 316 in pl_posixlk_xattr_fill()
310 {
311 int32_t count = 0;
312 int32_t maxcount = -1;
313 int ret = -1;
314
315 if (keep_max) {
>>> CID 1356583: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "dict_get_int32(dict, "glusterfs.posixlk-count", &maxcount)" to "ret" here, but that stored value is overwritten before it can be used.
316 ret = dict_get_int32 (dict, GLUSTERFS_POSIXLK_COUNT, &maxcount);
317 }
318 count = get_posixlk_count (this, inode);
319 if (maxcount >= count)
320 return;
321
** CID 1356582: Code maintainability issues (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 247 in pl_parent_entrylk_xattr_fill()
________________________________________________________________________________________________________
*** CID 1356582: Code maintainability issues (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 247 in pl_parent_entrylk_xattr_fill()
241 int32_t maxcount = -1;
242 int ret = -1;
243
244 if (!parent || !basename || !strlen (basename))
245 goto out;
246 if (keep_max) {
>>> CID 1356582: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "dict_get_int32(dict, "glusterfs.parent-entrylk", &maxcount)" to "ret" here, but that stored value is overwritten before it can be used.
247 ret = dict_get_int32 (dict, GLUSTERFS_PARENT_ENTRYLK, &maxcount);
248 }
249 entrylk = check_entrylk_on_basename (this, parent, basename);
250 if (maxcount >= entrylk)
251 return;
252 out:
** CID 1356581: Code maintainability issues (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 292 in pl_inodelk_xattr_fill()
________________________________________________________________________________________________________
*** CID 1356581: Code maintainability issues (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 292 in pl_inodelk_xattr_fill()
286 {
287 int32_t count = 0;
288 int32_t maxcount = -1;
289 int ret = -1;
290
291 if (keep_max) {
>>> CID 1356581: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "dict_get_int32(dict, "glusterfs.inodelk-count", &maxcount)" to "ret" here, but that stored value is overwritten before it can be used.
292 ret = dict_get_int32 (dict, GLUSTERFS_INODELK_COUNT, &maxcount);
293 }
294 count = get_inodelk_count (this, inode, domname);
295 if (maxcount >= count)
296 return;
297
** CID 1356580: Code maintainability issues (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 269 in pl_entrylk_xattr_fill()
________________________________________________________________________________________________________
*** CID 1356580: Code maintainability issues (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/locks/src/posix.c: 269 in pl_entrylk_xattr_fill()
263 {
264 int32_t count = 0;
265 int32_t maxcount = -1;
266 int ret = -1;
267
268 if (keep_max) {
>>> CID 1356580: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "dict_get_int32(dict, "glusterfs.entrylk-count", &maxcount)" to "ret" here, but that stored value is overwritten before it can be used.
269 ret = dict_get_int32 (dict, GLUSTERFS_ENTRYLK_COUNT, &maxcount);
270 }
271 count = get_entrylk_count (this, inode);
272 if (maxcount >= count)
273 return;
274
** CID 1356579: Code maintainability issues (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c: 1453 in posix_mkdir()
________________________________________________________________________________________________________
*** CID 1356579: Code maintainability issues (UNUSED_VALUE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/storage/posix/src/posix.c: 1453 in posix_mkdir()
1447
1448 op_ret = posix_pstat (this, NULL, real_path, &stbuf);
1449
1450 SET_FS_ID (frame->root->uid, gid);
1451
1452 if (xdata)
>>> CID 1356579: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "dict_get_ptr(xdata, "gfid-req", &uuid_req)" to "op_ret" here, but that stored value is overwritten before it can be used.
1453 op_ret = dict_get_ptr (xdata, "gfid-req", &uuid_req);
1454 if (uuid_req && !gf_uuid_is_null (uuid_req)) {
1455 op_ret = posix_istat (this, uuid_req, NULL, &stbuf);
1456 if ((op_ret == 0) && IA_ISDIR (stbuf.ia_type)) {
1457 size = posix_handle_path (this, uuid_req, NULL, NULL,
1458 0);
** CID 1356578: Control flow issues (UNREACHABLE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/cluster/dht/src/dht-rename.c: 389 in dht_rename_dir()
________________________________________________________________________________________________________
*** CID 1356578: Control flow issues (UNREACHABLE)
/home/vijay/workspace/glusterfs/glusterfs/xlators/cluster/dht/src/dht-rename.c: 389 in dht_rename_dir()
383 /* If the dst exists, we are going to replace dst layout range with
384 * that of src. This will lead to anomalies in dst layout until the
385 * rename completes. To avoid a lookup selfheal to change dst layout
386 * during this interval we take a lock on one subvol of dst.
387 */
388 for (j = 0; dst_layout && (j < dst_layout->cnt) &&
>>> CID 1356578: Control flow issues (UNREACHABLE)
>>> Since the loop increment "j++;" is unreachable, the loop body will never execute more than once.
389 (dst_layout->list[j].err == 0); j++) {
390
391 first_subvol = dst_layout->list[j].xlator;
392 if (local->loc2.inode) {
393 lk_array[i] = dht_lock_new (frame->this, first_subvol,
394 &local->loc2, F_WRLCK,
** CID 1356577: Security best practices violations (STRING_OVERFLOW)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/index/src/index.c: 1409 in index_lookup_wrapper()
________________________________________________________________________________________________________
*** CID 1356577: Security best practices violations (STRING_OVERFLOW)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/index/src/index.c: 1409 in index_lookup_wrapper()
1403 ret = index_inode_path (this, loc->parent, path, sizeof (path));
1404 if (ret < 0) {
1405 op_errno = -ret;
1406 goto done;
1407 }
1408 strcat (path, "/");
>>> CID 1356577: Security best practices violations (STRING_OVERFLOW)
>>> Note: This defect has an elevated risk because the source argument is a parameter of the current function.
1409 strcat (path, (char *)loc->name);
1410 } else if (index_is_virtual_gfid (priv, loc->gfid)) {
1411 subdir = index_get_subdir_from_vgfid (priv, loc->gfid);
1412 make_index_dir_path (priv->index_basepath, subdir,
1413 path, sizeof (path));
1414 is_dir = _gf_true;
** CID 1356576: Security best practices violations (STRING_OVERFLOW)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/trash/src/trash.c: 1767 in trash_truncate()
________________________________________________________________________________________________________
*** CID 1356576: Security best practices violations (STRING_OVERFLOW)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/trash/src/trash.c: 1767 in trash_truncate()
1761 TRASH_STACK_UNWIND (truncate, frame, -1, ENOMEM, NULL, NULL,
1762 xdata);
1763 ret = ENOMEM;
1764 goto out;
1765 }
1766
>>> CID 1356576: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 4096 byte fixed-size string "local->origpath" by copying "pathbuf" without checking the length.
1767 strcpy (local->origpath, pathbuf);
1768
1769 loc_copy (&local->loc, loc);
1770 local->loc.path = pathbuf;
1771 local->fop_offset = offset;
1772
** CID 1356575: Security best practices violations (STRING_OVERFLOW)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/trash/src/trash.c: 1863 in trash_ftruncate()
________________________________________________________________________________________________________
*** CID 1356575: Security best practices violations (STRING_OVERFLOW)
/home/vijay/workspace/glusterfs/glusterfs/xlators/features/trash/src/trash.c: 1863 in trash_ftruncate()
1857 TRASH_STACK_UNWIND (ftruncate, frame, -1, ENOMEM, NULL,
1858 NULL, xdata);
1859 ret = -1;
1860 goto out;
1861 }
1862
>>> CID 1356575: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 4096 byte fixed-size string "local->origpath" by copying "pathbuf" without checking the length.
1863 strcpy (local->origpath, pathbuf);
1864
1865 /* To convert fd to location */
1866 frame->local=local;
1867
1868 local->loc.path = pathbuf;
** CID 1356574: Incorrect expression (SIZEOF_MISMATCH)
/home/vijay/workspace/glusterfs/glusterfs/libglusterfs/src/compound-fop-utils.c: 21 in compound_fop_alloc()
________________________________________________________________________________________________________
*** CID 1356574: Incorrect expression (SIZEOF_MISMATCH)
/home/vijay/workspace/glusterfs/glusterfs/libglusterfs/src/compound-fop-utils.c: 21 in compound_fop_alloc()
15
16 compound_args_t*
17 compound_fop_alloc (int length, glusterfs_compound_fop_t fop, dict_t *xdata)
18 {
19 compound_args_t *args = NULL;
20
>>> CID 1356574: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "8UL /* sizeof (args) */" to function "__gf_calloc" and then casting the return value to "compound_args_t *" is suspicious.
21 args = GF_CALLOC (1, sizeof (args), gf_mt_compound_req_t);
22
23 if (!args)
24 return NULL;
25
26 /* fop_enum can be used by xlators to see which fops are
** CID 1356573: Incorrect expression (SIZEOF_MISMATCH)
/home/vijay/workspace/glusterfs/glusterfs/xlators/performance/decompounder/src/decompounder.c: 868 in dc_compound()
________________________________________________________________________________________________________
*** CID 1356573: Incorrect expression (SIZEOF_MISMATCH)
/home/vijay/workspace/glusterfs/glusterfs/xlators/performance/decompounder/src/decompounder.c: 868 in dc_compound()
862 local = mem_get0 (this->local_pool);
863 if (!local)
864 goto out;
865
866 frame->local = local;
867
>>> CID 1356573: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "8UL /* sizeof (local->compound_rsp) */" to function "__gf_calloc" and then casting the return value to "compound_args_cbk_t *" is suspicious.
868 local->compound_rsp = GF_CALLOC (1, sizeof (local->compound_rsp),
869 gf_dc_mt_rsp_t);
870 if (!local->compound_rsp)
871 goto out;
872
873 compound_rsp = local->compound_rsp;
** CID 1356572: Null pointer dereferences (REVERSE_INULL)
/home/vijay/workspace/glusterfs/glusterfs/xlators/protocol/client/src/client-rpc-fops.c: 6132 in client3_3_compound()
________________________________________________________________________________________________________
*** CID 1356572: Null pointer dereferences (REVERSE_INULL)
/home/vijay/workspace/glusterfs/glusterfs/xlators/protocol/client/src/client-rpc-fops.c: 6132 in client3_3_compound()
6126 int req_count = 0;
6127 int index = 0;
6128 dict_t *xdata = c_args->xdata;
6129
6130 GF_ASSERT (frame);
6131
>>> CID 1356572: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "data" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
6132 if (!this || !data)
6133 goto unwind;
6134
6135 memset (req_vector, 0, sizeof (req_vector));
6136 memset (rsp_vector, 0, sizeof (rsp_vector));
6137
** CID 1356571: (REVERSE_INULL)
/home/vijay/workspace/glusterfs/glusterfs/api/src/glfs-fops.c: 1428 in glfs_fsync_async_common()
/home/vijay/workspace/glusterfs/glusterfs/api/src/glfs-fops.c: 1428 in glfs_fsync_async_common()
________________________________________________________________________________________________________
*** CID 1356571: (REVERSE_INULL)
/home/vijay/workspace/glusterfs/glusterfs/api/src/glfs-fops.c: 1428 in glfs_fsync_async_common()
1422
1423 STACK_WIND_COOKIE (frame, glfs_fsync_async_cbk, subvol, subvol,
1424 subvol->fops->fsync, fd, dataonly, NULL);
1425
1426 out:
1427 if (ret) {
>>> CID 1356571: (REVERSE_INULL)
>>> Null-checking "glfd" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1428 if (glfd)
1429 GF_REF_PUT (glfd);
1430 GF_FREE (gio);
1431 if (frame)
1432 STACK_DESTROY (frame->root);
1433 glfs_subvol_done (glfd->fs, subvol);
/home/vijay/workspace/glusterfs/glusterfs/api/src/glfs-fops.c: 1428 in glfs_fsync_async_common()
1422
1423 STACK_WIND_COOKIE (frame, glfs_fsync_async_cbk, subvol, subvol,
1424 subvol->fops->fsync, fd, dataonly, NULL);
1425
1426 out:
1427 if (ret) {
>>> CID 1356571: (REVERSE_INULL)
>>> Null-checking "glfd" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1428 if (glfd)
1429 GF_REF_PUT (glfd);
1430 GF_FREE (gio);
1431 if (frame)
1432 STACK_DESTROY (frame->root);
1433 glfs_subvol_done (glfd->fs, subvol);
** CID 1356570: Null pointer dereferences (REVERSE_INULL)
/home/vijay/workspace/glusterfs/glusterfs/xlators/cluster/afr/src/afr-self-heal-common.c: 1961 in afr_refresh_heal_done()
________________________________________________________________________________________________________
*** CID 1356570: Null pointer dereferences (REVERSE_INULL)
/home/vijay/workspace/glusterfs/glusterfs/xlators/cluster/afr/src/afr-self-heal-common.c: 1961 in afr_refresh_heal_done()
1955 priv->healers--;
1956 GF_ASSERT (priv->healers >= 0);
1957 local = __afr_dequeue_heals (priv);
1958 }
1959 UNLOCK (&priv->lock);
1960
>>> CID 1356570: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "heal_frame" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1961 if (heal_frame)
1962 AFR_STACK_DESTROY (heal_frame);
1963
1964 if (local)
1965 afr_heal_synctask (this, local);
1966 return 0;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/gluster-glusterfs?tab=overview
To manage Coverity Scan email notifications for "gluster-devel at gluster.org", click https://scan.coverity.com/subscriptions/edit?email=gluster-devel%40gluster.org&token=7dffab14bc5a7180e75b0d047539f148
More information about the Gluster-devel
mailing list