Fwd: New Defects reported by Coverity Scan for GlusterFS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





To fix these Coverity issues , please check the below link for guidelines:
http://www.gluster.org/community/documentation/index.php/Fixing_Issues_Reported_By_Tools_For_Static_Code_Analysis#Coverity

Thanks,
Lala

-------- Original Message --------
Subject: New Defects reported by Coverity Scan for GlusterFS
Date: Tue, 22 Jul 2014 07:06:56 -0700
From: scan-admin@xxxxxxxxxxxx


Hi,


Please find the latest report on new defect(s) introduced to GlusterFS found with Coverity Scan.

Defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 1228599:  Logically dead code  (DEADCODE)
/xlators/mgmt/glusterd/src/glusterd-store.c: 4069 in glusterd_store_retrieve_peers()

** CID 1228598:  Logically dead code  (DEADCODE)
/xlators/mgmt/glusterd/src/glusterd-peer-utils.c: 531 in gd_add_friend_to_dict()

** CID 1228600:  Data race condition  (MISSING_LOCK)
/xlators/cluster/ec/src/ec-data.c: 155 in ec_fop_data_allocate()

** CID 1228601:  Copy into fixed size buffer  (STRING_OVERFLOW)
/xlators/features/snapview-server/src/snapview-server.c: 1660 in svs_add_xattrs_to_dict()

** CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()

** CID 1228602:  Use of untrusted scalar value  (TAINTED_SCALAR)
/xlators/mount/fuse/src/fuse-bridge.c: 4805 in fuse_thread_proc()

** CID 1124682:  Dereference null return value  (NULL_RETURNS)
/rpc/rpc-lib/src/rpc-drc.c: 502 in rpcsvc_add_op_to_cache()


________________________________________________________________________________________________________
*** CID 1228599:  Logically dead code  (DEADCODE)
/xlators/mgmt/glusterd/src/glusterd-store.c: 4069 in glusterd_store_retrieve_peers()
4063                     /* Set first hostname from peerinfo->hostnames to
4064                      * peerinfo->hostname
4065                      */
4066                     address = list_entry (peerinfo->hostnames.next,
4067                                           glusterd_peer_hostname_t, hostname_list);
4068                     if (!address) {
>>>     CID 1228599:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "ret = -1;".
4069                             ret = -1;
4070                             goto out;
4071                     }
4072                     peerinfo->hostname = gf_strdup (address->hostname);
4073     
4074                     ret = glusterd_friend_add_from_peerinfo (peerinfo, 1, NULL);

________________________________________________________________________________________________________
*** CID 1228598:  Logically dead code  (DEADCODE)
/xlators/mgmt/glusterd/src/glusterd-peer-utils.c: 531 in gd_add_friend_to_dict()
525              */
526             memset (key, 0, sizeof (key));
527             snprintf (key, sizeof (key), "%s.hostname", prefix);
528             address = list_entry (&friend->hostnames, glusterd_peer_hostname_t,
529                                   hostname_list);
530             if (!address) {
>>>     CID 1228598:  Logically dead code  (DEADCODE)
>>>     Execution cannot reach this statement "ret = -1;".
531                     ret = -1;
532                     gf_log (this->name, GF_LOG_ERROR, "Could not retrieve first "
533                             "address for peer");
534                     goto out;
535             }
536             ret = dict_set_dynstr_with_alloc (dict, key, address->hostname);

________________________________________________________________________________________________________
*** CID 1228600:  Data race condition  (MISSING_LOCK)
/xlators/cluster/ec/src/ec-data.c: 155 in ec_fop_data_allocate()
149     
150             mem_put(fop);
151     
152             return NULL;
153         }
154         fop->id = id;
>>>     CID 1228600:  Data race condition  (MISSING_LOCK)
>>>     Accessing "fop->refs" without holding lock "_ec_fop_data.lock". Elsewhere, "fop->refs" is accessed with "_ec_fop_data.lock" held 7 out of 8 times.
155         fop->refs = 1;
156     
157         fop->flags = flags;
158         fop->minimum = minimum;
159         fop->mask = target;
160     

________________________________________________________________________________________________________
*** CID 1228601:  Copy into fixed size buffer  (STRING_OVERFLOW)
/xlators/features/snapview-server/src/snapview-server.c: 1660 in svs_add_xattrs_to_dict()
1654             GF_VALIDATE_OR_GOTO (this->name, dict, out);
1655             GF_VALIDATE_OR_GOTO (this->name, list, out);
1656     
1657             remaining_size = size;
1658             list_offset = 0;
1659             while (remaining_size > 0) {
>>>     CID 1228601:  Copy into fixed size buffer  (STRING_OVERFLOW)
>>>     You might overrun the 4096 byte fixed-size string "keybuffer" by copying "list + list_offset" without checking the length.
1660                     strcpy (keybuffer, list + list_offset);
1661     #ifdef GF_DARWIN_HOST_OS
1662                     /* The protocol expect namespace for now */
1663                     char *newkey = NULL;
1664                     gf_add_prefix (XATTR_USER_PREFIX, keybuffer, &newkey);
1665                     strcpy (keybuffer, newkey);

________________________________________________________________________________________________________
*** CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
1981                                     lines = NULL;
1982                                     goto out;
1983                             }
1984                             lines = p;
1985                     }
1986     
>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
1987                     lines[counter] = gf_strdup (buffer);
1988             }
1989     
1990             lines[counter] = NULL;
1991             /* Reduce allocation to minimal size.  */
1992             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
1981                                     lines = NULL;
1982                                     goto out;
1983                             }
1984                             lines = p;
1985                     }
1986     
>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
1987                     lines[counter] = gf_strdup (buffer);
1988             }
1989     
1990             lines[counter] = NULL;
1991             /* Reduce allocation to minimal size.  */
1992             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
1981                                     lines = NULL;
1982                                     goto out;
1983                             }
1984                             lines = p;
1985                     }
1986     
>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
1987                     lines[counter] = gf_strdup (buffer);
1988             }
1989     
1990             lines[counter] = NULL;
1991             /* Reduce allocation to minimal size.  */
1992             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
/xlators/mgmt/glusterd/src/glusterd-utils.c: 1987 in glusterd_readin_file()
1981                                     lines = NULL;
1982                                     goto out;
1983                             }
1984                             lines = p;
1985                     }
1986     
>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which taints "lines[counter]".
1987                     lines[counter] = gf_strdup (buffer);
1988             }
1989     
1990             lines[counter] = NULL;
1991             /* Reduce allocation to minimal size.  */
1992             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));

________________________________________________________________________________________________________
*** CID 1228602:  Use of untrusted scalar value  (TAINTED_SCALAR)
/xlators/mount/fuse/src/fuse-bridge.c: 4805 in fuse_thread_proc()
4799                                     "short read on /dev/fuse");
4800                             fuse_log_eh (this, "glusterfs-fuse: short read on "
4801                                          "/dev/fuse");
4802                             break;
4803                     }
4804     
>>>     CID 1228602:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Assigning: "finh" = "(fuse_in_header_t *)iov_in[0].iov_base". Both are now tainted.
4805                     finh = (fuse_in_header_t *)iov_in[0].iov_base;
4806     
4807                     if (res != finh->len
4808     #ifdef GF_DARWIN_HOST_OS
4809                         /* work around fuse4bsd/MacFUSE msg size miscalculation bug,
4810                          * that is, payload size is not taken into account for

________________________________________________________________________________________________________
*** CID 1124682:  Dereference null return value  (NULL_RETURNS)
/rpc/rpc-lib/src/rpc-drc.c: 502 in rpcsvc_add_op_to_cache()
496     
497             /* cache is full, free up some space */
498             if (drc->op_count >= drc->global_cache_size)
499                     rpcsvc_vacate_drc_entries (drc);
500     
501             tmp_reply = (drc_cached_op_t **)rb_probe (client->rbtree, reply);
>>>     CID 1124682:  Dereference null return value  (NULL_RETURNS)
>>>     Dereferencing a null pointer "tmp_reply".
502             if (*tmp_reply != reply) {
503                     /* should never happen */
504                     gf_log (GF_RPCSVC, GF_LOG_ERROR,
505                             "DRC failed to detect duplicates");
506                     return -1;
507             } else if (*tmp_reply == NULL) {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/987?tab=overview

To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py





_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://supercolony.gluster.org/mailman/listinfo/gluster-devel

[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux