Re: Fwd: New Defects reported by Coverity Scan for GlusterFS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 12/01/2014 12:31 PM, Vijay Bellur wrote:
> Hi All,
> 
> Shall we set a goal for ourselves to be Coverity Scan clean by GlusterFS
> 3.7?
> 
> I think fixing problems reported in the incremental reports here would
> be a good way of keeping the number of static analysis defects in
> control. It would be great if developers who checked in code recently to
> the files mentioned in these reports pay attention to the results.
+1
> 
> Thanks,
> Vijay
> 
> On 11/28/2014 12:37 PM, Lalatendu Mohanty wrote:
>>
>> Guideline for fixing Coverity issues :
>> http://www.gluster.org/community/documentation/index.php/Fixing_Issues_Reported_By_Tools_For_Static_Code_Analysis#Coverity
>>
>>
>> Thanks,
>> Lala
>>
>> -------- Forwarded Message --------
>> Subject:     New Defects reported by Coverity Scan for GlusterFS
>> Date:     Thu, 27 Nov 2014 12:31:06 -0800
>> From:     scan-admin@xxxxxxxxxxxx
>> To:     lala@xxxxxxxxxx
>>
>>
>>
>> Hi,
>>
>> Please find the latest report on new defect(s) introduced to GlusterFS
>> found with Coverity Scan.
>>
>> 13 new defect(s) introduced to GlusterFS found with Coverity Scan.
>> 97 defect(s), reported by Coverity Scan earlier, were marked fixed in
>> the recent build analyzed by Coverity Scan.
>>
>> New defect(s) Reported-by: Coverity Scan
>> Showing 13 of 13 defect(s)
>>
>>
>> ** CID 1256178:  Logically dead code  (DEADCODE)
>> /api/src/glfs.c: 153 in glusterfs_ctx_defaults_init()
>>
>> ** CID 1256180:  Logically dead code  (DEADCODE)
>> /api/src/glfs.c: 161 in glusterfs_ctx_defaults_init()
>>
>> ** CID 1256176:  Logically dead code  (DEADCODE)
>> /glusterfsd/src/glusterfsd.c: 1426 in glusterfs_ctx_defaults_init()
>>
>> ** CID 1256179:  Dereference after null check  (FORWARD_NULL)
>> /xlators/nfs/server/src/mount3.c: 1082 in mnt3_readlink_cbk()
>>
>> ** CID 1256177:  Explicit null dereferenced  (FORWARD_NULL)
>> /api/src/glfs-fops.c: 702 in pub_glfs_preadv_async()
>>
>> ** CID 1256175:  Array compared against 0  (NO_EFFECT)
>> /xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in
>> glusterd_lvm_snapshot_remove()
>> /xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in
>> glusterd_lvm_snapshot_remove()
>>
>> ** CID 1256173:  Thread deadlock  (ORDER_REVERSAL)
>> /xlators/cluster/ec/src/ec-common.c: 1335 in ec_unlock_timer_add()
>>
>> ** CID 1256174:  Copy into fixed size buffer  (STRING_OVERFLOW)
>> /xlators/mgmt/glusterd/src/glusterd.c: 287 in glusterd_dump_peer()
>>
>> ** CID 1256172:  Copy into fixed size buffer  (STRING_OVERFLOW)
>> /xlators/mgmt/glusterd/src/glusterd.c: 330 in
>> glusterd_dump_peer_rpcstat()
>>
>> ** CID 1256171:  Copy into fixed size buffer  (STRING_OVERFLOW)
>> /xlators/mgmt/glusterd/src/glusterd-handshake.c: 279 in
>> build_volfile_path()
>>
>> ** CID 1238183:  Missing break in switch  (MISSING_BREAK)
>> /xlators/mgmt/glusterd/src/glusterd-rebalance.c: 577 in
>> glusterd_op_stage_rebalance()
>>
>> ** CID 1228602:  Use of untrusted scalar value  (TAINTED_SCALAR)
>> /xlators/mount/fuse/src/fuse-bridge.c: 4843 in fuse_thread_proc()
>>
>> ** CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in
>> glusterd_readin_file()
>> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in
>> glusterd_readin_file()
>> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in
>> glusterd_readin_file()
>> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in
>> glusterd_readin_file()
>>
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1256178:  Logically dead code  (DEADCODE)
>> /api/src/glfs.c: 153 in glusterfs_ctx_defaults_init()
>> 147
>> 148         pthread_mutex_init (&(ctx->lock), NULL);
>> 149
>> 150         ret = 0;
>> 151     err:
>> 152         if (ret && pool) {
>>>>>     CID 1256178:  Logically dead code  (DEADCODE)
>>>>>     Execution cannot reach this statement "if (pool->frame_mem_pool)
>>   ...".
>> 153             if (pool->frame_mem_pool)
>> 154                 mem_pool_destroy (pool->frame_mem_pool);
>> 155             if (pool->stack_mem_pool)
>> 156                 mem_pool_destroy (pool->stack_mem_pool);
>> 157             GF_FREE (pool);
>> 158         }
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1256180:  Logically dead code  (DEADCODE)
>> /api/src/glfs.c: 161 in glusterfs_ctx_defaults_init()
>> 155             if (pool->stack_mem_pool)
>> 156                 mem_pool_destroy (pool->stack_mem_pool);
>> 157             GF_FREE (pool);
>> 158         }
>> 159
>> 160         if (ret && ctx) {
>>>>>     CID 1256180:  Logically dead code  (DEADCODE)
>>>>>     Execution cannot reach this statement "if (ctx->stub_mem_pool)
>>    m...".
>> 161             if (ctx->stub_mem_pool)
>> 162                 mem_pool_destroy (ctx->stub_mem_pool);
>> 163             if (ctx->dict_pool)
>> 164                 mem_pool_destroy (ctx->dict_pool);
>> 165             if (ctx->dict_data_pool)
>> 166                 mem_pool_destroy (ctx->dict_data_pool);
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1256176:  Logically dead code  (DEADCODE)
>> /glusterfsd/src/glusterfsd.c: 1426 in glusterfs_ctx_defaults_init()
>> 1420             lim.rlim_max = RLIM_INFINITY;
>> 1421             setrlimit (RLIMIT_CORE, &lim);
>> 1422
>> 1423             ret = 0;
>> 1424     out:
>> 1425
>>>>>     CID 1256176:  Logically dead code  (DEADCODE)
>>>>>     Execution cannot reach this expression "ctx" inside statement
>>>>> "if (ret && ctx) {
>>    if (ctx...".
>> 1426             if (ret && ctx) {
>> 1427                     if (ctx->pool) {
>> 1428                             mem_pool_destroy
>> (ctx->pool->frame_mem_pool);
>> 1429                             mem_pool_destroy
>> (ctx->pool->stack_mem_pool);
>> 1430                     }
>> 1431                     GF_FREE (ctx->pool);
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1256179:  Dereference after null check  (FORWARD_NULL)
>> /xlators/nfs/server/src/mount3.c: 1082 in mnt3_readlink_cbk()
>> 1076             GF_FREE (relative_path);
>> 1077
>> 1078             return ret;
>> 1079
>> 1080     mnterr:
>> 1081             mntstat = mnt3svc_errno_to_mnterr (-ret);
>>>>>     CID 1256179:  Dereference after null check  (FORWARD_NULL)
>>>>>     Dereferencing null pointer "mres".
>> 1082             mnt3svc_mnt_error_reply (mres->req, mntstat);
>> 1083             if (absolute_path)
>> 1084                     GF_FREE (absolute_path);
>> 1085             if (parent_path)
>> 1086                     GF_FREE (parent_path);
>> 1087             if (relative_path)
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1256177:  Explicit null dereferenced  (FORWARD_NULL)
>> /api/src/glfs-fops.c: 702 in pub_glfs_preadv_async()
>> 696                            void *data)
>> 697     {
>> 698         struct glfs_io *gio = NULL;
>> 699         int             ret = 0;
>> 700         call_frame_t   *frame = NULL;
>> 701         xlator_t       *subvol = NULL;
>>>>>     CID 1256177:  Explicit null dereferenced  (FORWARD_NULL)
>>>>>     Assigning: "fs" = "NULL".
>> 702         glfs_t         *fs = NULL;
>> 703         fd_t           *fd = NULL;
>> 704
>> 705         __glfs_entry_fd (glfd);
>> 706
>> 707         subvol = priv_glfs_active_subvol (glfd->fs);
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1256175:  Array compared against 0  (NO_EFFECT)
>> /xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in
>> glusterd_lvm_snapshot_remove()
>> 2427                             }
>> 2428
>> 2429                             continue;
>> 2430                     }
>> 2431
>> 2432                     /* Check if the brick has a LV associated
>> with it */
>>>>>     CID 1256175:  Array compared against 0  (NO_EFFECT)
>>>>>     Comparing an array to null is not useful:
>>>>> "!brickinfo->device_path".
>> 2433                     if (!brickinfo->device_path) {
>> 2434                             gf_log (this->name, GF_LOG_DEBUG,
>> 2435                                     "Brick (%s:%s) does not have
>> a LV "
>> 2436                                     "associated with it. Removing
>> the brick path",
>> 2437                                     brickinfo->hostname,
>> brickinfo->path);
>> 2438                             goto remove_brick_path;
>> /xlators/mgmt/glusterd/src/glusterd-snapshot.c: 2433 in
>> glusterd_lvm_snapshot_remove()
>> 2427                             }
>> 2428
>> 2429                             continue;
>> 2430                     }
>> 2431
>> 2432                     /* Check if the brick has a LV associated
>> with it */
>>>>>     CID 1256175:  Array compared against 0  (NO_EFFECT)
>>>>>     Comparing an array to null is not useful:
>>>>> "brickinfo->device_path".
>> 2433                     if (!brickinfo->device_path) {
>> 2434                             gf_log (this->name, GF_LOG_DEBUG,
>> 2435                                     "Brick (%s:%s) does not have
>> a LV "
>> 2436                                     "associated with it. Removing
>> the brick path",
>> 2437                                     brickinfo->hostname,
>> brickinfo->path);
>> 2438                             goto remove_brick_path;
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1256173:  Thread deadlock  (ORDER_REVERSAL)
>> /xlators/cluster/ec/src/ec-common.c: 1335 in ec_unlock_timer_add()
>> 1329         } else {
>> 1330             ec_trace("UNLOCK_DELAY", fop, "lock=%p", lock);
>> 1331
>> 1332             delay.tv_sec = 1;
>> 1333             delay.tv_nsec = 0;
>> 1334
>>>>>     CID 1256173:  Thread deadlock  (ORDER_REVERSAL)
>>>>>     Calling "pthread_spin_lock(pthread_spinlock_t *)" acquires lock
>>>>> "_ec_fop_data.lock" while holding lock "_inode.lock" (count: 1 / 3).
>> 1335             LOCK(&fop->lock);
>> 1336
>> 1337             fop->jobs++;
>> 1338             fop->refs++;
>> 1339
>> 1340             UNLOCK(&fop->lock);
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1256174:  Copy into fixed size buffer  (STRING_OVERFLOW)
>> /xlators/mgmt/glusterd/src/glusterd.c: 287 in glusterd_dump_peer()
>> 281     glusterd_dump_peer (glusterd_peerinfo_t *peerinfo, char
>> *input_key, int index,
>> 282                         gf_boolean_t xpeers)
>> 283     {
>> 284             char   subkey[50]               = {0,};
>> 285             char   key[GF_DUMP_MAX_BUF_LEN] = {0,};
>> 286
>>>>>     CID 1256174:  Copy into fixed size buffer  (STRING_OVERFLOW)
>>>>>     Note: This defect has an elevated risk because the source
>>>>> argument is a parameter of the current function.
>> 287             strcpy (key, input_key);
>> 288
>> 289             snprintf (subkey, sizeof (subkey), "%s%d", key, index);
>> 290
>> 291             gf_proc_dump_build_key (key, subkey, "uuid");
>> 292             gf_proc_dump_write (key, "%s",
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1256172:  Copy into fixed size buffer  (STRING_OVERFLOW)
>> /xlators/mgmt/glusterd/src/glusterd.c: 330 in
>> glusterd_dump_peer_rpcstat()
>> 324             int                   
>> ret                                 = -1;
>> 325             rpc_clnt_t           
>> *rpc                                 = NULL;
>> 326             char                  
>> rpcsvc_peername[RPCSVC_PEER_STRLEN] = {0,};
>> 327             char                  
>> subkey[50]                          = {0,};
>> 328             char                  
>> key[GF_DUMP_MAX_BUF_LEN]            = {0,};
>> 329
>>>>>     CID 1256172:  Copy into fixed size buffer  (STRING_OVERFLOW)
>>>>>     Note: This defect has an elevated risk because the source
>>>>> argument is a parameter of the current function.
>> 330             strcpy (key, input_key);
>> 331
>> 332             /* Dump the rpc connection statistics */
>> 333             rpc = peerinfo->rpc;
>> 334             if (rpc) {
>> 335                     conn = &rpc->conn;
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1256171:  Copy into fixed size buffer  (STRING_OVERFLOW)
>> /xlators/mgmt/glusterd/src/glusterd-handshake.c: 279 in
>> build_volfile_path()
>> 273             if (ret == -1)
>> 274                     goto out;
>> 275
>> 276             ret = stat (path, &stbuf);
>> 277
>> 278             if ((ret == -1) && (errno == ENOENT)) {
>>>>>     CID 1256171:  Copy into fixed size buffer  (STRING_OVERFLOW)
>>>>>     You might overrun the 4096 byte fixed-size string "dup_volid"
>>>>> by copying "volid_ptr" without checking the length.
>> 279                     strcpy (dup_volid, volid_ptr);
>> 280                     if (!strchr (dup_volid, '.')) {
>> 281                             switch (volinfo->transport_type) {
>> 282                             case GF_TRANSPORT_TCP:
>> 283                                     strcat (dup_volid, ".tcp");
>> 284                                     break;
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1238183:  Missing break in switch  (MISSING_BREAK)
>> /xlators/mgmt/glusterd/src/glusterd-rebalance.c: 577 in
>> glusterd_op_stage_rebalance()
>> 571                                                "disconnect those
>> clients before "
>> 572                                                "attempting this
>> command again.",
>> 573                                                volname);
>> 574                             goto out;
>> 575                     }
>> 576
>>>>>     CID 1238183:  Missing break in switch  (MISSING_BREAK)
>>>>>     The above case falls through to this one.
>> 577             case GF_DEFRAG_CMD_START_FORCE:
>> 578                     if (is_origin_glusterd (dict)) {
>> 579                             op_ctx = glusterd_op_get_ctx ();
>> 580                             if (!op_ctx) {
>> 581                                     ret = -1;
>> 582                                     gf_log (this->name, GF_LOG_ERROR,
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1228602:  Use of untrusted scalar value  (TAINTED_SCALAR)
>> /xlators/mount/fuse/src/fuse-bridge.c: 4843 in fuse_thread_proc()
>> 4837                                     "short read on /dev/fuse");
>> 4838                             fuse_log_eh (this, "glusterfs-fuse:
>> short read on "
>> 4839                                          "/dev/fuse");
>> 4840                             break;
>> 4841                     }
>> 4842
>>>>>     CID 1228602:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>>>     Assigning: "finh" = "(fuse_in_header_t *)iov_in[0].iov_base".
>>>>> Both are now tainted.
>> 4843                     finh = (fuse_in_header_t *)iov_in[0].iov_base;
>> 4844
>> 4845                     if (res != finh->len
>> 4846     #ifdef GF_DARWIN_HOST_OS
>> 4847                         /* work around fuse4bsd/MacFUSE msg size
>> miscalculation bug,
>> 4848                          * that is, payload size is not taken
>> into account for
>>
>> ________________________________________________________________________________________________________
>>
>> *** CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in
>> glusterd_readin_file()
>> 2125                                     lines = NULL;
>> 2126                                     goto out;
>> 2127                             }
>> 2128                             lines = p;
>> 2129                     }
>> 2130
>>>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which
>>>>> taints "lines[counter]".
>> 2131                     lines[counter] = gf_strdup (buffer);
>> 2132             }
>> 2133
>> 2134             lines[counter] = NULL;
>> 2135             /* Reduce allocation to minimal size.  */
>> 2136             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
>> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in
>> glusterd_readin_file()
>> 2125                                     lines = NULL;
>> 2126                                     goto out;
>> 2127                             }
>> 2128                             lines = p;
>> 2129                     }
>> 2130
>>>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which
>>>>> taints "lines[counter]".
>> 2131                     lines[counter] = gf_strdup (buffer);
>> 2132             }
>> 2133
>> 2134             lines[counter] = NULL;
>> 2135             /* Reduce allocation to minimal size.  */
>> 2136             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
>> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in
>> glusterd_readin_file()
>> 2125                                     lines = NULL;
>> 2126                                     goto out;
>> 2127                             }
>> 2128                             lines = p;
>> 2129                     }
>> 2130
>>>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which
>>>>> taints "lines[counter]".
>> 2131                     lines[counter] = gf_strdup (buffer);
>> 2132             }
>> 2133
>> 2134             lines[counter] = NULL;
>> 2135             /* Reduce allocation to minimal size.  */
>> 2136             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
>> /xlators/mgmt/glusterd/src/glusterd-utils.c: 2131 in
>> glusterd_readin_file()
>> 2125                                     lines = NULL;
>> 2126                                     goto out;
>> 2127                             }
>> 2128                             lines = p;
>> 2129                     }
>> 2130
>>>>>     CID 1228603:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>>>     Assigning: "lines[counter]" = "gf_strdup(char const *)", which
>>>>> taints "lines[counter]".
>> 2131                     lines[counter] = gf_strdup (buffer);
>> 2132             }
>> 2133
>> 2134             lines[counter] = NULL;
>> 2135             /* Reduce allocation to minimal size.  */
>> 2136             p = GF_REALLOC (lines, (counter + 1) * sizeof (char *));
>>
>>
>> ________________________________________________________________________________________________________
>>
>> To view the defects in Coverity Scan
>> visit,http://scan.coverity.com/projects/987?tab=overview
>>
>> To unsubscribe from the email notification for new
>> defects,http://scan5.coverity.com/cgi-bin/unsubscribe.py
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Gluster-devel mailing list
>> Gluster-devel@xxxxxxxxxxx
>> http://supercolony.gluster.org/mailman/listinfo/gluster-devel
>>
> 
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel@xxxxxxxxxxx
> http://supercolony.gluster.org/mailman/listinfo/gluster-devel
_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://supercolony.gluster.org/mailman/listinfo/gluster-devel




[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux