[Gluster-devel] New Defects reported by Coverity Scan for gluster/glusterfs
scan-admin at coverity.com
scan-admin at coverity.com
Fri Nov 3 11:10:23 UTC 2017
Hi,
Please find the latest report on new defect(s) introduced to gluster/glusterfs found with Coverity Scan.
146 new defect(s) introduced to gluster/glusterfs found with Coverity Scan.
180 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 146 defect(s)
** CID 1382343: Incorrect expression (NO_EFFECT)
/xlators/cluster/dht/src/dht-common.c: 4962 in dht_dir_common_setxattr()
________________________________________________________________________________________________________
*** CID 1382343: Incorrect expression (NO_EFFECT)
/xlators/cluster/dht/src/dht-common.c: 4962 in dht_dir_common_setxattr()
4956
4957 conf = this->private;
4958 local = frame->local;
4959 call_cnt = conf->subvolume_cnt;
4960 local->flags = flags;
4961
>>> CID 1382343: Incorrect expression (NO_EFFECT)
>>> Comparing an array to null is not useful: "local->gfid", since the test will always evaluate as true.
4962 if (local->gfid)
4963 gf_uuid_unparse(local->gfid, gfid_local);
4964
4965 /* Check if any user xattr present in xattr
4966 */
4967 dict_foreach_fnmatch (xattr, "user*", dht_is_user_xattr,
** CID 1382342: Null pointer dereferences (FORWARD_NULL)
/rpc/rpc-transport/socket/src/socket.c: 2981 in socket_server_event_handler()
________________________________________________________________________________________________________
*** CID 1382342: Null pointer dereferences (FORWARD_NULL)
/rpc/rpc-transport/socket/src/socket.c: 2981 in socket_server_event_handler()
2975 * the new_trans since we've failed at everything so far
2976 */
2977 rpc_transport_unref (new_trans);
2978 }
2979 }
2980 out:
>>> CID 1382342: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "ctx".
2981 event_handled (ctx->event_pool, fd, idx, gen);
2982
2983 if (cname && (cname != this->ssl_name)) {
2984 GF_FREE(cname);
2985 }
2986 return ret;
** CID 1382341: Null pointer dereferences (FORWARD_NULL)
/libglusterfs/src/ctx.c: 50 in glusterfs_ctx_new()
________________________________________________________________________________________________________
*** CID 1382341: Null pointer dereferences (FORWARD_NULL)
/libglusterfs/src/ctx.c: 50 in glusterfs_ctx_new()
44 #endif
45
46 /* lock is never destroyed! */
47 ret = LOCK_INIT (&ctx->lock);
48 if (ret) {
49 free (ctx);
>>> CID 1382341: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "ctx" = "NULL".
50 ctx = NULL;
51 }
52
53 GF_ATOMIC_INIT (ctx->stats.max_dict_pairs, 0);
54 GF_ATOMIC_INIT (ctx->stats.total_pairs_used, 0);
55 GF_ATOMIC_INIT (ctx->stats.total_dicts_used, 0);
** CID 1325526: (USE_AFTER_FREE)
/xlators/storage/posix/src/posix.c: 6061 in _posix_handle_xattr_keyvalue_pair()
/xlators/storage/posix/src/posix.c: 6061 in _posix_handle_xattr_keyvalue_pair()
________________________________________________________________________________________________________
*** CID 1325526: (USE_AFTER_FREE)
/xlators/storage/posix/src/posix.c: 6061 in _posix_handle_xattr_keyvalue_pair()
6055
6056 out:
6057 if (op_ret < 0)
6058 filler->op_errno = op_errno;
6059
6060 if (array)
>>> CID 1325526: (USE_AFTER_FREE)
>>> Calling "__gf_free" frees pointer "array" which has already been freed.
6061 GF_FREE (array);
6062
6063 return op_ret;
6064 }
6065
6066 /**
/xlators/storage/posix/src/posix.c: 6061 in _posix_handle_xattr_keyvalue_pair()
6055
6056 out:
6057 if (op_ret < 0)
6058 filler->op_errno = op_errno;
6059
6060 if (array)
>>> CID 1325526: (USE_AFTER_FREE)
>>> Passing freed pointer "array" as an argument to "__gf_free".
6061 GF_FREE (array);
6062
6063 return op_ret;
6064 }
6065
6066 /**
** CID 1292646: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1292646: Insecure data handling (TAINTED_SCALAR)
/libglusterfs/src/store.c: 611 in gf_store_iter_get_next()
605 store_errno = GD_STORE_ENOMEM;
606 goto out;
607 }
608 ret = 0;
609
610 out:
>>> CID 1292646: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "scan_str" to a tainted sink.
611 GF_FREE (scan_str);
612 if (ret) {
613 GF_FREE (*key);
614 GF_FREE (*value);
615 *key = NULL;
616 *value = NULL;
** CID 1291750: (STRING_OVERFLOW)
/xlators/features/changetimerecorder/src/ctr-helper.c: 139 in fill_db_record_for_wind()
/xlators/features/changetimerecorder/src/ctr-helper.c: 146 in fill_db_record_for_wind()
________________________________________________________________________________________________________
*** CID 1291750: (STRING_OVERFLOW)
/xlators/features/changetimerecorder/src/ctr-helper.c: 139 in fill_db_record_for_wind()
133 /*Hard Links*/
134 if (isdentryfop(ctr_inode_cx->fop_type)) {
135 /*new link fop*/
136 if (NEW_LINK_CX(ctr_inode_cx)) {
137 gf_uuid_copy (CTR_DB_REC(ctr_local).pargfid,
138 *((NEW_LINK_CX(ctr_inode_cx))->pargfid));
>>> CID 1291750: (STRING_OVERFLOW)
>>> You might overrun the 256-character fixed-size string "ctr_local->gfdb_db_record.file_name" by copying "ctr_inode_cx->new_link_cx->basename" without checking the length.
139 strcpy (CTR_DB_REC(ctr_local).file_name,
140 NEW_LINK_CX(ctr_inode_cx)->basename);
141 }
142 /*rename fop*/
143 if (OLD_LINK_CX(ctr_inode_cx)) {
144 gf_uuid_copy (CTR_DB_REC(ctr_local).old_pargfid,
/xlators/features/changetimerecorder/src/ctr-helper.c: 146 in fill_db_record_for_wind()
140 NEW_LINK_CX(ctr_inode_cx)->basename);
141 }
142 /*rename fop*/
143 if (OLD_LINK_CX(ctr_inode_cx)) {
144 gf_uuid_copy (CTR_DB_REC(ctr_local).old_pargfid,
145 *((OLD_LINK_CX(ctr_inode_cx))->pargfid));
>>> CID 1291750: (STRING_OVERFLOW)
>>> You might overrun the 256-character fixed-size string "ctr_local->gfdb_db_record.old_file_name" by copying "ctr_inode_cx->old_link_cx->basename" without checking the length.
146 strcpy (CTR_DB_REC(ctr_local).old_file_name,
147 OLD_LINK_CX(ctr_inode_cx)->basename);
148 }
149 }
150
151 ret = 0;
** CID 1288789: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-handshake.c: 1781 in glusterd_event_connected_inject()
________________________________________________________________________________________________________
*** CID 1288789: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-handshake.c: 1781 in glusterd_event_connected_inject()
1775 "EVENT_CONNECTED ret = %d", ret);
1776 unlock:
1777 rcu_read_unlock ();
1778
1779 out:
1780 gf_msg_debug ("glusterd", 0, "returning %d", ret);
>>> CID 1288789: Resource leaks (RESOURCE_LEAK)
>>> Variable "ctx" going out of scope leaks the storage it points to.
1781 return ret;
1782 }
1783
1784
1785 int
1786 gd_validate_peer_op_version (xlator_t *this, glusterd_peerinfo_t *peerinfo,
** CID 1288095: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 13002 in glusterd_get_default_val_for_volopt()
________________________________________________________________________________________________________
*** CID 1288095: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 13002 in glusterd_get_default_val_for_volopt()
12996 if (ret && !all_opts && !key_found) {
12997 snprintf (err_str, sizeof (err_str),
12998 "option %s does not exist", orig_key);
12999 *op_errstr = gf_strdup (err_str);
13000 }
13001 gf_msg_debug (this->name, 0, "Returning %d", ret);
>>> CID 1288095: Resource leaks (RESOURCE_LEAK)
>>> Variable "def_val" going out of scope leaks the storage it points to.
13002 return ret;
13003 }
13004
13005 int
13006 glusterd_get_volopt_content (dict_t * ctx, gf_boolean_t xml_out)
13007 {
** CID 1274236: Control flow issues (DEADCODE)
/xlators/cluster/dht/src/dht-rename.c: 587 in dht_rename_dir()
________________________________________________________________________________________________________
*** CID 1274236: Control flow issues (DEADCODE)
/xlators/cluster/dht/src/dht-rename.c: 587 in dht_rename_dir()
581 goto err;
582 }
583
584 return 0;
585
586 err:
>>> CID 1274236: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "*__errno_location()" inside this statement: "op_errno = ((op_errno == -1...".
587 op_errno = (op_errno == -1) ? errno : op_errno;
588 DHT_STACK_UNWIND (rename, frame, -1, op_errno, NULL, NULL, NULL, NULL,
589 NULL, NULL);
590 return 0;
591 }
592
** CID 1274185: Security best practices violations (STRING_OVERFLOW)
/xlators/features/locks/src/posix.c: 1096 in pl_getxattr()
________________________________________________________________________________________________________
*** CID 1274185: Security best practices violations (STRING_OVERFLOW)
/xlators/features/locks/src/posix.c: 1096 in pl_getxattr()
1090 bcount, gcount) == -1) {
1091 op_ret = -1;
1092 op_errno = ENOMEM;
1093 goto out;
1094 }
1095
>>> CID 1274185: Security best practices violations (STRING_OVERFLOW)
>>> Note: This defect has an elevated risk because the source argument is a parameter of the current function.
1096 strncpy (key, name, strlen (name));
1097 if (dict_set_dynstr (dict, key, lk_summary)) {
1098 op_ret = -1;
1099 op_errno = ENOMEM;
1100 goto out;
1101 }
** CID 1274126: (FORWARD_NULL)
/xlators/mgmt/glusterd/src/glusterd-rpc-ops.c: 2379 in glusterd_brick_op()
/xlators/mgmt/glusterd/src/glusterd-rpc-ops.c: 2379 in glusterd_brick_op()
________________________________________________________________________________________________________
*** CID 1274126: (FORWARD_NULL)
/xlators/mgmt/glusterd/src/glusterd-rpc-ops.c: 2379 in glusterd_brick_op()
2373 gf_msg (this->name, GF_LOG_ERROR, 0,
2374 GD_MSG_RPC_FAILURE, "Brick Op failed "
2375 "due to rpc failure.");
2376 goto out;
2377 }
2378
>>> CID 1274126: (FORWARD_NULL)
>>> Dereferencing null pointer "req".
2379 ret = glusterd_submit_request (rpc, req, dummy_frame,
2380 priv->gfs_mgmt,
2381 req->op, NULL,
2382 this, glusterd_brick_op_cbk,
2383 (xdrproc_t)xdr_gd1_mgmt_brick_op_req);
2384 if (req) {
/xlators/mgmt/glusterd/src/glusterd-rpc-ops.c: 2379 in glusterd_brick_op()
2373 gf_msg (this->name, GF_LOG_ERROR, 0,
2374 GD_MSG_RPC_FAILURE, "Brick Op failed "
2375 "due to rpc failure.");
2376 goto out;
2377 }
2378
>>> CID 1274126: (FORWARD_NULL)
>>> Dereferencing null pointer "req".
2379 ret = glusterd_submit_request (rpc, req, dummy_frame,
2380 priv->gfs_mgmt,
2381 req->op, NULL,
2382 this, glusterd_brick_op_cbk,
2383 (xdrproc_t)xdr_gd1_mgmt_brick_op_req);
2384 if (req) {
** CID 1241482: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 6293 in _local_gsyncd_start()
________________________________________________________________________________________________________
*** CID 1241482: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 6293 in _local_gsyncd_start()
6287 }
6288 }
6289
6290 GF_FREE (path_list);
6291 GF_FREE (op_errstr);
6292
>>> CID 1241482: Resource leaks (RESOURCE_LEAK)
>>> Variable "slave_url" going out of scope leaks the storage it points to.
6293 return ret;
6294 }
6295
6296 int
6297 glusterd_volume_restart_gsyncds (glusterd_volinfo_t *volinfo)
6298 {
** CID 1223043: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 2075 in _get_slave_status()
________________________________________________________________________________________________________
*** CID 1223043: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 2075 in _get_slave_status()
2069 conf_path[ret] = '\0';
2070
2071 ret = is_geo_rep_active (param->volinfo,slave, conf_path,
2072 ¶m->is_active);
2073 out:
2074 GF_FREE(errmsg);
>>> CID 1223043: Resource leaks (RESOURCE_LEAK)
>>> Variable "slave_url" going out of scope leaks the storage it points to.
2075 return ret;
2076 }
2077
2078 /* glusterd_check_geo_rep_running:
2079 * Checks if any geo-rep session is running for the volume.
2080 *
** CID 1223042: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 1333 in _get_status_mst_slv()
________________________________________________________________________________________________________
*** CID 1223042: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 1333 in _get_status_mst_slv()
1327 GF_FREE (errmsg);
1328
1329 if (slave_buf)
1330 GF_FREE(slave_buf);
1331
1332 gf_msg_debug (this->name, 0, "Returning %d.", ret);
>>> CID 1223042: Resource leaks (RESOURCE_LEAK)
>>> Variable "slave_url" going out of scope leaks the storage it points to.
1333 return ret;
1334 }
1335
1336
1337 static int
1338 _get_max_gsync_slave_num (dict_t *dict, char *key, data_t *value, void *data)
** CID 1214629: (STRING_NULL)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 3402 in gd_pause_resume_validation()
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 3410 in gd_pause_resume_validation()
________________________________________________________________________________________________________
*** CID 1214629: (STRING_NULL)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 3402 in gd_pause_resume_validation()
3396 snprintf (errmsg, sizeof(errmsg), "Pause check Failed:"
3397 " Geo-rep session is not setup");
3398 ret = -1;
3399 goto out;
3400 }
3401
>>> CID 1214629: (STRING_NULL)
>>> Passing unterminated string "monitor_status" to "strstr", which expects a null-terminated string.
3402 if ( type == GF_GSYNC_OPTION_TYPE_PAUSE &&
3403 strstr (monitor_status, "Paused")) {
3404 snprintf (errmsg, sizeof(errmsg), "Geo-replication"
3405 " session between %s and %s already Paused.",
3406 volinfo->volname, slave);
3407 ret = -1;
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 3410 in gd_pause_resume_validation()
3404 snprintf (errmsg, sizeof(errmsg), "Geo-replication"
3405 " session between %s and %s already Paused.",
3406 volinfo->volname, slave);
3407 ret = -1;
3408 goto out;
3409 }
>>> CID 1214629: (STRING_NULL)
>>> Passing unterminated string "monitor_status" to "strstr", which expects a null-terminated string.
3410 if ( type == GF_GSYNC_OPTION_TYPE_RESUME &&
3411 !strstr (monitor_status, "Paused")) {
3412 snprintf (errmsg, sizeof(errmsg), "Geo-replication"
3413 " session between %s and %s is not Paused.",
3414 volinfo->volname, slave);
3415 ret = -1;
** CID 1210989: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 4727 in glusterd_check_restart_gsync_session()
________________________________________________________________________________________________________
*** CID 1210989: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 4727 in glusterd_check_restart_gsync_session()
4721 }
4722 }
4723 }
4724
4725 out:
4726 gf_msg_debug (this->name, 0, "Returning %d", ret);
>>> CID 1210989: Resource leaks (RESOURCE_LEAK)
>>> Variable "op_errstr" going out of scope leaks the storage it points to.
4727 return ret;
4728 }
4729
4730 static int32_t
4731 glusterd_marker_changelog_create_volfile (glusterd_volinfo_t *volinfo)
4732 {
** CID 1175018: (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 6293 in _local_gsyncd_start()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 6293 in _local_gsyncd_start()
________________________________________________________________________________________________________
*** CID 1175018: (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 6293 in _local_gsyncd_start()
6287 }
6288 }
6289
6290 GF_FREE (path_list);
6291 GF_FREE (op_errstr);
6292
>>> CID 1175018: (RESOURCE_LEAK)
>>> Variable "slave_vol" going out of scope leaks the storage it points to.
6293 return ret;
6294 }
6295
6296 int
6297 glusterd_volume_restart_gsyncds (glusterd_volinfo_t *volinfo)
6298 {
/xlators/mgmt/glusterd/src/glusterd-utils.c: 6293 in _local_gsyncd_start()
6287 }
6288 }
6289
6290 GF_FREE (path_list);
6291 GF_FREE (op_errstr);
6292
>>> CID 1175018: (RESOURCE_LEAK)
>>> Variable "slave_vol" going out of scope leaks the storage it points to.
6293 return ret;
6294 }
6295
6296 int
6297 glusterd_volume_restart_gsyncds (glusterd_volinfo_t *volinfo)
6298 {
** CID 1175017: Resource leaks (RESOURCE_LEAK)
/cli/src/cli-cmd-parser.c: 766 in cli_cmd_volume_create_parse()
________________________________________________________________________________________________________
*** CID 1175017: Resource leaks (RESOURCE_LEAK)
/cli/src/cli-cmd-parser.c: 766 in cli_cmd_volume_create_parse()
760 if (dict)
761 dict_unref (dict);
762 }
763
764 GF_FREE (trans_type);
765
>>> CID 1175017: Resource leaks (RESOURCE_LEAK)
>>> Variable "bricks" going out of scope leaks the storage it points to.
766 return ret;
767 }
768
769 int32_t
770 cli_cmd_volume_reset_parse (const char **words, int wordcount, dict_t **options)
771 {
** CID 1175014: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 2075 in _get_slave_status()
________________________________________________________________________________________________________
*** CID 1175014: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 2075 in _get_slave_status()
2069 conf_path[ret] = '\0';
2070
2071 ret = is_geo_rep_active (param->volinfo,slave, conf_path,
2072 ¶m->is_active);
2073 out:
2074 GF_FREE(errmsg);
>>> CID 1175014: Resource leaks (RESOURCE_LEAK)
>>> Variable "slave_vol" going out of scope leaks the storage it points to.
2075 return ret;
2076 }
2077
2078 /* glusterd_check_geo_rep_running:
2079 * Checks if any geo-rep session is running for the volume.
2080 *
** CID 1175012: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 1333 in _get_status_mst_slv()
________________________________________________________________________________________________________
*** CID 1175012: Resource leaks (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-geo-rep.c: 1333 in _get_status_mst_slv()
1327 GF_FREE (errmsg);
1328
1329 if (slave_buf)
1330 GF_FREE(slave_buf);
1331
1332 gf_msg_debug (this->name, 0, "Returning %d.", ret);
>>> CID 1175012: Resource leaks (RESOURCE_LEAK)
>>> Variable "slave_vol" going out of scope leaks the storage it points to.
1333 return ret;
1334 }
1335
1336
1337 static int
1338 _get_max_gsync_slave_num (dict_t *dict, char *key, data_t *value, void *data)
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBK54bFWohdObZ6wlkeK264nDC24cnLwH4MTOSDXRjQcO27-2F6DmQXPB4g4Mz-2BEJJ0-3D_pIB5qNyu3krz5eLOmjwFZkKK-2FJ3CPgtiU1pdCCu-2Bpheki9OB8KHNWAtjtP5Xze9lhZrIwQ25WNT6kcn1GFOx6rdJPxhI-2FSjZ-2BhTNw24yOToR5wLIh62LzLerrVxoz360kLAj9ezC5r5vZJWYvYG-2FnjiFnKhEm1Lvz-2FXBjpjFqlCHuMeSRDliFSvohG04fO3FB8TWeGfvpYcv1osk0eUMRfdMRP7R-2F1hhvWVQO21-2FlkU-3D
To manage Coverity Scan email notifications for "gluster-devel at gluster.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq48r9wNv8-2BLR0R-2BBlXm7ottYIbnE5UU-2F0Z00EseY5i5N2c1DtvQJ8Cp-2BSp5bYUPGR1MbiG-2F6KsJiGF2zIdiuCrkCwl5z0BqidHVuHFKKiyVZo-3D_pIB5qNyu3krz5eLOmjwFZkKK-2FJ3CPgtiU1pdCCu-2Bpheki9OB8KHNWAtjtP5Xze9lhZrIwQ25WNT6kcn1GFOx6oMNzDBuqwRah601cwe4dbPUA6aj3dCUMYScnWFyMXP5ZjebfoJgp-2Fey0SoVkYXCKrw27ImLyH-2FTIJ1APDPnXKJ7WktV6nNdfX8OuYu6NFFbZxQ3PS7LhRGIUjc6mepgAAlT592N0Yaee9RPLEUeDrw-3D
More information about the Gluster-devel
mailing list