On Thursday 21 December 2017 07:24 AM, scan-admin@xxxxxxxxxxxx wrote:
Hi,
Please find the latest report on new defect(s) introduced to ceph found with Coverity Scan.
3 new defect(s) introduced to ceph found with Coverity Scan.
11 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1426746: Null pointer dereferences (REVERSE_INULL)
/home/brad/working/src/ceph/src/mds/MDBalancer.cc: 1270 in MDBalancer::dump_loads(ceph::Formatter *)()
________________________________________________________________________________________________________
*** CID 1426746: Null pointer dereferences (REVERSE_INULL)
/home/brad/working/src/ceph/src/mds/MDBalancer.cc: 1270 in MDBalancer::dump_loads(ceph::Formatter *)()
1264
1265 f->open_array_section("dirfrags");
1266 while (!dfs.empty()) {
1267 CDir *dir = dfs.front();
1268 dfs.pop_front();
1269
CID 1426746: Null pointer dereferences (REVERSE_INULL)
Null-checking "f" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1270 if (f) {
1271 f->open_object_section("dir");
1272 dir->dump_load(f, now, decayrate);
1273 f->close_section();
1274 }
1275
** CID 1426747: Null pointer dereferences (FORWARD_NULL)
/home/brad/working/src/ceph/src/mds/MDBalancer.cc: 1290 in MDBalancer::dump_loads(ceph::Formatter *)()
There is a possibility that `f` might be NULL. But it is not NULL.
Please see:
https://github.com/ceph/ceph/blob/f33ab7e03a13e18c8c883284033d511f1b43df12/src/mds/MDSDaemon.cc#L135
________________________________________________________________________________________________________
*** CID 1426747: Null pointer dereferences (FORWARD_NULL)
/home/brad/working/src/ceph/src/mds/MDBalancer.cc: 1290 in MDBalancer::dump_loads(ceph::Formatter *)()
1284 if (subdir->pop_nested.meta_load() < .001)
1285 continue;
1286 dfs.push_back(subdir);
1287 }
1288 }
1289 }
CID 1426747: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "f" to "close_section", which dereferences it. (The dereference happens because this is a virtual function call.)
1290 f->close_section(); // dirfrags array
1291
1292 f->open_object_section("mds_load");
1293 {
1294
1295 auto dump_mds_load = [this, f, now](mds_load_t& load) {
** CID 1426748: Uninitialized members (UNINIT_CTOR)
/home/brad/working/src/ceph/src/osd/ECBackend.h: 511 in ECBackend::Op::Op()()
--
To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html