Hi,
Please find the latest report on new defect(s) introduced to ceph found with Coverity Scan.
11 new defect(s) introduced to ceph found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1411820: Integer handling issues (DIVIDE_BY_ZERO)
/home/brad/working/src/ceph/src/test/test_denc.cc: 618 in Legacy::encode_n(unsigned int, const std::vector<unsigned int, std::allocator<unsigned int>> &)()
________________________________________________________________________________________________________
*** CID 1411820: Integer handling issues (DIVIDE_BY_ZERO)
/home/brad/working/src/ceph/src/test/test_denc.cc: 618 in Legacy::encode_n(unsigned int, const std::vector<unsigned int, std::allocator<unsigned int>> &)()
612 bufferlist segmented;
613 auto p = bl.begin();
614
615 auto sum = std::accumulate(segments.begin(), segments.end(), 0u);
616 for (auto i : segments) {
617 buffer::ptr seg;
>>> CID 1411820: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "bl.length() * i / sum", division by expression "sum" which may be zero has undefined behavior.
618 p.copy_deep(bl.length() * i / sum, seg);
619 segmented.push_back(seg);
620 }
621 p.copy_all(segmented);
622 return segmented;
623 }
** CID 1411821: API usage errors (INVALIDATE_ITERATOR)
/home/brad/working/src/ceph/src/test/encoding/ceph_dencoder.cc: 147 in _ZN12DencoderBaseI15sstring_wrapperE16select_generatedB5cxx11Ej()
________________________________________________________________________________________________________
*** CID 1411821: API usage errors (INVALIDATE_ITERATOR)
/home/brad/working/src/ceph/src/test/encoding/ceph_dencoder.cc: 147 in _ZN12DencoderBaseI15sstring_wrapperE16select_generatedB5cxx11Ej()
141 if (i == 0)
142 i = m_list.size();
143 if ((i == 0) || (i > m_list.size()))
144 return "invalid id for generated object";
145 typename list<T*>::iterator p = m_list.begin();
146 for (i--; i > 0 && p != m_list.end(); ++p, --i) ;
>>> CID 1411821: API usage errors (INVALIDATE_ITERATOR)
>>> Dereferencing iterator "p" though it is already past the end of its container.
147 m_object = *p;
148 return string();
149 }
150
151 bool is_deterministic() override {
152 return !nondeterministic;
** CID 1411822: (NEGATIVE_RETURNS)
/home/brad/working/src/ceph/src/include/buffer.h: 661 in ceph::buffer::list::list(unsigned int)()
/home/brad/working/src/ceph/src/include/rados/buffer.h: 661 in ceph::buffer::list::list(unsigned int)()
________________________________________________________________________________________________________
*** CID 1411822: (NEGATIVE_RETURNS)
/home/brad/working/src/ceph/src/include/buffer.h: 661 in ceph::buffer::list::list(unsigned int)()
655 int zero_copy_to_fd(int fd) const;
656
657 public:
658 // cons/des
659 list() : _len(0), _memcopy_count(0), last_p(this) {}
660 // cppcheck-suppress noExplicitConstructor
>>> CID 1411822: (NEGATIVE_RETURNS)
>>> Assigning: "this->_mempool" = a negative value.
661 list(unsigned prealloc) : _len(0), _memcopy_count(0), last_p(this) {
662 reserve(prealloc);
663 }
664
665 list(const list& other) : _buffers(other._buffers), _len(other._len),
666 _memcopy_count(other._memcopy_count), last_p(this) {
/home/brad/working/src/ceph/src/include/rados/buffer.h: 661 in ceph::buffer::list::list(unsigned int)()
655 int zero_copy_to_fd(int fd) const;
656
657 public:
658 // cons/des
659 list() : _len(0), _memcopy_count(0), last_p(this) {}
660 // cppcheck-suppress noExplicitConstructor
>>> CID 1411822: (NEGATIVE_RETURNS)
>>> Assigning: "this->_mempool" = a negative value.
661 list(unsigned prealloc) : _len(0), _memcopy_count(0), last_p(this) {
662 reserve(prealloc);
663 }
664
665 list(const list& other) : _buffers(other._buffers), _len(other._len),
666 _memcopy_count(other._memcopy_count), last_p(this) {
** CID 1411823: Null pointer dereferences (NULL_RETURNS)
/home/brad/working/src/ceph/src/crush/CrushWrapper.cc: 1378 in CrushWrapper::bucket_add_item(crush_bucket *, int, int)()
________________________________________________________________________________________________________
*** CID 1411823: Null pointer dereferences (NULL_RETURNS)
/home/brad/working/src/ceph/src/crush/CrushWrapper.cc: 1378 in CrushWrapper::bucket_add_item(crush_bucket *, int, int)()
1372 crush_choose_arg_map arg_map = w.second;
1373 crush_choose_arg *arg = &arg_map.args[-1-bucket->id];
1374 for (__u32 j = 0; j < arg->weight_set_size; j++) {
1375 crush_weight_set *weight_set = &arg->weight_set[j];
1376 weight_set->weights = (__u32*)realloc(weight_set->weights, new_size * sizeof(__u32));
1377 assert(weight_set->size + 1 == new_size);
>>> CID 1411823: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a null pointer "weight_set->weights".
1378 weight_set->weights[weight_set->size] = weight;
1379 weight_set->size = new_size;
1380 }
1381 if (arg->ids_size) {
1382 arg->ids = (int*)realloc(arg->ids, new_size * sizeof(int));
1383 assert(arg->ids_size + 1 == new_size);
** CID 1411824: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1411824: Memory - corruptions (OVERRUN)
/home/brad/working/src/ceph/src/osd/osd_types.cc: 4933 in object_manifest_t::encode(ceph::buffer::list &) const()
4927 }
4928
4929 // -- object_manifest_t --
4930
4931 void object_manifest_t::encode(bufferlist& bl) const
4932 {
>>> CID 1411824: Memory - corruptions (OVERRUN)
>>> Overrunning struct type ceph_le32 of 4 bytes by passing it to a function which accesses it at byte offset 7.
4933 ENCODE_START(1, 1, bl);
4934 ::encode(type, bl);
4935 switch (type) {
4936 case TYPE_NONE: break;
4937 case TYPE_REDIRECT:
4938 ::encode(redirect_target, bl);
** CID 1411825: (OVERRUN)
/home/brad/working/src/ceph/src/crush/CrushWrapper.cc: 1378 in CrushWrapper::bucket_add_item(crush_bucket *, int, int)()
/home/brad/working/src/ceph/src/crush/CrushWrapper.cc: 1378 in CrushWrapper::bucket_add_item(crush_bucket *, int, int)()
________________________________________________________________________________________________________
*** CID 1411825: (OVERRUN)
/home/brad/working/src/ceph/src/crush/CrushWrapper.cc: 1378 in CrushWrapper::bucket_add_item(crush_bucket *, int, int)()
1372 crush_choose_arg_map arg_map = w.second;
1373 crush_choose_arg *arg = &arg_map.args[-1-bucket->id];
1374 for (__u32 j = 0; j < arg->weight_set_size; j++) {
1375 crush_weight_set *weight_set = &arg->weight_set[j];
1376 weight_set->weights = (__u32*)realloc(weight_set->weights, new_size * sizeof(__u32));
1377 assert(weight_set->size + 1 == new_size);
>>> CID 1411825: (OVERRUN)
>>> Overrunning dynamic array "weight_set->weights" at offset corresponding to index variable "weight_set->size".
1378 weight_set->weights[weight_set->size] = weight;
1379 weight_set->size = new_size;
1380 }
1381 if (arg->ids_size) {
1382 arg->ids = (int*)realloc(arg->ids, new_size * sizeof(int));
1383 assert(arg->ids_size + 1 == new_size);
/home/brad/working/src/ceph/src/crush/CrushWrapper.cc: 1378 in CrushWrapper::bucket_add_item(crush_bucket *, int, int)()
1372 crush_choose_arg_map arg_map = w.second;
1373 crush_choose_arg *arg = &arg_map.args[-1-bucket->id];
1374 for (__u32 j = 0; j < arg->weight_set_size; j++) {
1375 crush_weight_set *weight_set = &arg->weight_set[j];
1376 weight_set->weights = (__u32*)realloc(weight_set->weights, new_size * sizeof(__u32));
1377 assert(weight_set->size + 1 == new_size);
>>> CID 1411825: (OVERRUN)
>>> Overrunning dynamic array "weight_set->weights" at offset corresponding to index variable "weight_set->size".
1378 weight_set->weights[weight_set->size] = weight;
1379 weight_set->size = new_size;
1380 }
1381 if (arg->ids_size) {
1382 arg->ids = (int*)realloc(arg->ids, new_size * sizeof(int));
1383 assert(arg->ids_size + 1 == new_size);
** CID 1411826: (OVERRUN)
/home/brad/working/src/ceph/src/crush/CrushWrapper.cc: 1384 in CrushWrapper::bucket_add_item(crush_bucket *, int, int)()
/home/brad/working/src/ceph/src/crush/CrushWrapper.cc: 1384 in CrushWrapper::bucket_add_item(crush_bucket *, int, int)()
________________________________________________________________________________________________________
*** CID 1411826: (OVERRUN)
/home/brad/working/src/ceph/src/crush/CrushWrapper.cc: 1384 in CrushWrapper::bucket_add_item(crush_bucket *, int, int)()
1378 weight_set->weights[weight_set->size] = weight;
1379 weight_set->size = new_size;
1380 }
1381 if (arg->ids_size) {
1382 arg->ids = (int*)realloc(arg->ids, new_size * sizeof(int));
1383 assert(arg->ids_size + 1 == new_size);
>>> CID 1411826: (OVERRUN)
>>> Overrunning dynamic array "arg->ids" at offset corresponding to index variable "arg->ids_size".
1384 arg->ids[arg->ids_size] = item;
1385 arg->ids_size = new_size;
1386 }
1387 }
1388 return crush_bucket_add_item(crush, bucket, item, weight);
1389 }
/home/brad/working/src/ceph/src/crush/CrushWrapper.cc: 1384 in CrushWrapper::bucket_add_item(crush_bucket *, int, int)()
1378 weight_set->weights[weight_set->size] = weight;
1379 weight_set->size = new_size;
1380 }
1381 if (arg->ids_size) {
1382 arg->ids = (int*)realloc(arg->ids, new_size * sizeof(int));
1383 assert(arg->ids_size + 1 == new_size);
>>> CID 1411826: (OVERRUN)
>>> Overrunning dynamic array "arg->ids" at offset corresponding to index variable "arg->ids_size".
1384 arg->ids[arg->ids_size] = item;
1385 arg->ids_size = new_size;
1386 }
1387 }
1388 return crush_bucket_add_item(crush, bucket, item, weight);
1389 }
** CID 1411827: (RESOURCE_LEAK)
/home/brad/working/src/ceph/src/test/librados/tier.cc: 5494 in LibRadosTwoPoolsECPP_SetRedirectRead_Test::TestBody()()
/home/brad/working/src/ceph/src/test/librados/tier.cc: 5492 in LibRadosTwoPoolsECPP_SetRedirectRead_Test::TestBody()()
________________________________________________________________________________________________________
*** CID 1411827: (RESOURCE_LEAK)
/home/brad/working/src/ceph/src/test/librados/tier.cc: 5494 in LibRadosTwoPoolsECPP_SetRedirectRead_Test::TestBody()()
5488 {
5489 ObjectWriteOperation op;
5490 op.set_redirect("bar", cache_ioctx, 0);
5491 librados::AioCompletion *completion = cluster.aio_create_completion();
5492 ASSERT_EQ(0, ioctx.aio_operate("foo", completion, &op));
5493 completion->wait_for_safe();
>>> CID 1411827: (RESOURCE_LEAK)
>>> Variable "completion" going out of scope leaks the storage it points to.
5494 ASSERT_EQ(0, completion->get_return_value());
5495 completion->release();
5496 }
5497 // read and verify the object
5498 {
5499 bufferlist bl;
/home/brad/working/src/ceph/src/test/librados/tier.cc: 5492 in LibRadosTwoPoolsECPP_SetRedirectRead_Test::TestBody()()
5486 cluster.wait_for_latest_osdmap();
5487
5488 {
5489 ObjectWriteOperation op;
5490 op.set_redirect("bar", cache_ioctx, 0);
5491 librados::AioCompletion *completion = cluster.aio_create_completion();
>>> CID 1411827: (RESOURCE_LEAK)
>>> Variable "completion" going out of scope leaks the storage it points to.
5492 ASSERT_EQ(0, ioctx.aio_operate("foo", completion, &op));
5493 completion->wait_for_safe();
5494 ASSERT_EQ(0, completion->get_return_value());
5495 completion->release();
5496 }
5497 // read and verify the object
** CID 1411828: (RESOURCE_LEAK)
/home/brad/working/src/ceph/src/test/librados/tier.cc: 2795 in LibRadosTwoPoolsPP_SetRedirectRead_Test::TestBody()()
/home/brad/working/src/ceph/src/test/librados/tier.cc: 2793 in LibRadosTwoPoolsPP_SetRedirectRead_Test::TestBody()()
________________________________________________________________________________________________________
*** CID 1411828: (RESOURCE_LEAK)
/home/brad/working/src/ceph/src/test/librados/tier.cc: 2795 in LibRadosTwoPoolsPP_SetRedirectRead_Test::TestBody()()
2789 {
2790 ObjectWriteOperation op;
2791 op.set_redirect("bar", cache_ioctx, 0);
2792 librados::AioCompletion *completion = cluster.aio_create_completion();
2793 ASSERT_EQ(0, ioctx.aio_operate("foo", completion, &op));
2794 completion->wait_for_safe();
>>> CID 1411828: (RESOURCE_LEAK)
>>> Variable "completion" going out of scope leaks the storage it points to.
2795 ASSERT_EQ(0, completion->get_return_value());
2796 completion->release();
2797 }
2798 // read and verify the object
2799 {
2800 bufferlist bl;
/home/brad/working/src/ceph/src/test/librados/tier.cc: 2793 in LibRadosTwoPoolsPP_SetRedirectRead_Test::TestBody()()
2787 cluster.wait_for_latest_osdmap();
2788
2789 {
2790 ObjectWriteOperation op;
2791 op.set_redirect("bar", cache_ioctx, 0);
2792 librados::AioCompletion *completion = cluster.aio_create_completion();
>>> CID 1411828: (RESOURCE_LEAK)
>>> Variable "completion" going out of scope leaks the storage it points to.
2793 ASSERT_EQ(0, ioctx.aio_operate("foo", completion, &op));
2794 completion->wait_for_safe();
2795 ASSERT_EQ(0, completion->get_return_value());
2796 completion->release();
2797 }
2798 // read and verify the object
** CID 1411829: Uninitialized members (UNINIT_CTOR)
/home/brad/working/src/ceph/src/test/osd/TestRados.cc: 55 in WeightedTestGenerator::WeightedTestGenerator(int, int, std::map<TestOpType, unsigned int, std::less<TestOpType>, std::allocator<std::pair<const TestOpType, unsigned int>>>, TestOpStat *, int, bool, bool, bool)()
________________________________________________________________________________________________________
*** CID 1411829: Uninitialized members (UNINIT_CTOR)
/home/brad/working/src/ceph/src/test/osd/TestRados.cc: 55 in WeightedTestGenerator::WeightedTestGenerator(int, int, std::map<TestOpType, unsigned int, std::less<TestOpType>, std::allocator<std::pair<const TestOpType, unsigned int>>>, TestOpStat *, int, bool, bool, bool)()
49 if (m_set_redirect) {
50 /* create redirect objects + set-redirect*/
51 m_redirect_objects = objects*2; // for copy_from + set-redirect test
52 m_initial_redirected_objects = objects;
53 m_ops = ops+m_redirect_objects+m_initial_redirected_objects;
54 }
>>> CID 1411829: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "m_initial_redirected_objects" is not initialized in this constructor nor in any functions that it calls.
55 }
56
57 TestOp *next(RadosTestContext &context) override
58 {
59 TestOp *retval = NULL;
60
** CID 1411830: Uninitialized members (UNINIT_CTOR)
/home/brad/working/src/ceph/src/test/osd/RadosModel.h: 2126 in UnsetRedirectOp::UnsetRedirectOp(int, RadosTestContext *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, TestOpStat *)()
________________________________________________________________________________________________________
*** CID 1411830: Uninitialized members (UNINIT_CTOR)
/home/brad/working/src/ceph/src/test/osd/RadosModel.h: 2126 in UnsetRedirectOp::UnsetRedirectOp(int, RadosTestContext *, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, TestOpStat *)()
2120
2121 UnsetRedirectOp(int n,
2122 RadosTestContext *context,
2123 const string &oid,
2124 TestOpStat *stat = 0)
2125 : TestOp(n, context, stat), oid(oid)
>>> CID 1411830: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "comp" is not initialized in this constructor nor in any functions that it calls.
2126 {}
2127
2128 void _begin() override
2129 {
2130 context->state_lock.Lock();
2131 if (context->get_watch_context(oid)) {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRaGCnxtQO9E3gxlB2GxVsWFENryh7bC5hIb-2FQBVM85YLQ-3D-3D_2sw0G7ICm9mxCh1lYW1t9y1lfDrIerWzLwB67LZ-2Bn8G5OiOArS4mvucljpKkZw44xl0QoIr8EpGQt1P0w1oaffl7nxw8VV-2FfL-2BSHVBEVO6LCmn0hI3U0Gj4IBjBpEHsBqkyG32oG7OM07i90czclrUn8ZHIPd7o0COMiw9vRPoQvv9Qjc4bhBMPPuVAfW-2Fp-2Fl68O2kkGS5yLflkFKEpdvr57J6B1ycB-2BZ93t-2Fb-2BrHkw-3D
To manage Coverity Scan email notifications for "ceph-devel@xxxxxxxxxxxxxxx", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4Bco8jcmzhh7FSyvoR0E3-2BDgRcBCQ6OuthHBtaTCGNq9OVG2ZVnjrgThgf5hX3GVEkIxvBX-2BorwRZfOftSp7HPfCifRGGak1MlgNFVd3IIPA-3D_2sw0G7ICm9mxCh1lYW1t9y1lfDrIerWzLwB67LZ-2Bn8G5OiOArS4mvucljpKkZw44xl0QoIr8EpGQt1P0w1oafXCIZ8tHMljtYMd-2Fvesxn1V8hxDdwW85wJWMZSoNgAEHWwSeYpAfDcwI4c-2FwCOmfWTElzRdAYV-2FwKXoRzvooUS1exKyuJU-2FEzJqVabH9jj4h26-2BepOn998l-2FejVNhKELgNj8j2nQHqQTsEd6D0fWZnc-3D
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
