Hi,
Please find the latest report on new defect(s) introduced to Apache-Qpid found
with Coverity Scan.
7 new defect(s) introduced to Apache-Qpid found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)
** CID 400915: Resource leak in object (CTOR_DTOR_LEAK)
/qpidbuilds/trunk/qpid/cpp/src/qpid/sys/Shlib.h: 39 in
qpid::sys::Shlib::Shlib(const char *)()
** CID 400954: Dereference after null check (FORWARD_NULL)
/qpidbuilds/trunk/qpid/cpp/src/qpid/xml/XmlExchange.cpp: 150 in
qpid::broker::XmlExchange::bind(boost::shared_ptr<qpid::broker::Queue>, const
std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, const
qpid::framing::FieldTable *)()
/qpidbuilds/trunk/qpid/cpp/src/qpid/xml/XmlExchange.cpp: 150 in
qpid::broker::XmlExchange::bind(boost::shared_ptr<qpid::broker::Queue>, const
std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, const
qpid::framing::FieldTable *)()
** CID 400955: Unchecked dynamic_cast (FORWARD_NULL)
/qpidbuilds/trunk/qpid/cpp/src/tests/logging.cpp: 445 in
qpid::tests::testQuoteNonPrintable()()
** CID 401229: Uncaught exception (UNCAUGHT_EXCEPT)
/qpidbuilds/trunk/qpid/cpp/src/posix/QpiddBroker.cpp: 221 in main()
** CID 401297: Uninitialized scalar field (UNINIT_CTOR)
/qpidbuilds/trunk/qpid/cpp/src/tests/TimerTest.cpp: 64 in
qpid::tests::TestTask::TestTask(qpid::sys::Duration, qpid::tests::Counter &)()
** CID 1033539: Uninitialized pointer field (UNINIT_CTOR)
/qpidbuilds/trunk/qpid/cpp/src/qpidd.h: 55 in
qpid::broker::QpiddOptionsPrivate::QpiddOptionsPrivate()()
** CID 1127840: Use of untrusted string value (TAINTED_STRING)
________________________________________________________________________________________________________
*** CID 400915: Resource leak in object (CTOR_DTOR_LEAK)
/qpidbuilds/trunk/qpid/cpp/src/qpid/sys/Shlib.h: 39 in
qpid::sys::Shlib::Shlib(const char *)()
33 /** Encapsulates a shared library handle.
34 *@see AutoShlib
35 */
36 class Shlib {
37 public:
38 /** Load a shared library */
>>> CID 400915: Resource leak in object (CTOR_DTOR_LEAK)
>>> The constructor allocates field "handle" of "qpid::sys::Shlib" but
>>> there is no destructor.
39 Shlib(const char* libname) { load(libname); }
40
41 /** Load a shared library */
42 Shlib(const std::string& libname) { load(libname.c_str()); }
43
44 /** Unload shared library. */
________________________________________________________________________________________________________
*** CID 400954: Dereference after null check (FORWARD_NULL)
/qpidbuilds/trunk/qpid/cpp/src/qpid/xml/XmlExchange.cpp: 150 in
qpid::broker::XmlExchange::bind(boost::shared_ptr<qpid::broker::Queue>, const
std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, const
qpid::framing::FieldTable *)()
144 // federated requests are done by calling the relevent methods.
145
146 std::string fedOp;
147 std::string fedTags;
148 std::string fedOrigin;
149
>>> CID 400954: Dereference after null check (FORWARD_NULL)
>>> Comparing "args" to null implies that "args" might be null.
150 if (args)
151 fedOp = args->getAsString(qpidFedOp);
152 if (! fedOp.empty()) {
153 fedTags = args->getAsString(qpidFedTags);
154 fedOrigin = args->getAsString(qpidFedOrigin);
155 }
/qpidbuilds/trunk/qpid/cpp/src/qpid/xml/XmlExchange.cpp: 150 in
qpid::broker::XmlExchange::bind(boost::shared_ptr<qpid::broker::Queue>, const
std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, const
qpid::framing::FieldTable *)()
144 // federated requests are done by calling the relevent methods.
145
146 std::string fedOp;
147 std::string fedTags;
148 std::string fedOrigin;
149
>>> CID 400954: Dereference after null check (FORWARD_NULL)
>>> Comparing "args" to null implies that "args" might be null.
150 if (args)
151 fedOp = args->getAsString(qpidFedOp);
152 if (! fedOp.empty()) {
153 fedTags = args->getAsString(qpidFedTags);
154 fedOrigin = args->getAsString(qpidFedOrigin);
155 }
________________________________________________________________________________________________________
*** CID 400955: Unchecked dynamic_cast (FORWARD_NULL)
/qpidbuilds/trunk/qpid/cpp/src/tests/logging.cpp: 445 in
qpid::tests::testQuoteNonPrintable()()
439 qpid::log::windows::SinkOptions *sinks =
440 dynamic_cast<qpid::log::windows::SinkOptions
*>(opts.sinkOptions.get());
441 #else
442 qpid::log::posix::SinkOptions *sinks =
443 dynamic_cast<qpid::log::posix::SinkOptions
*>(opts.sinkOptions.get());
444 #endif
>>> CID 400955: Unchecked dynamic_cast (FORWARD_NULL)
>>> Dereferencing null pointer "sinks".
445 sinks->logToStderr = false;
446 sinks->logFile = "logging.tmp";
447 l.configure(opts);
448
449 char s[] = "null\0tab\tspace newline\nret\r\x80\x99\xff";
450 string str(s, sizeof(s));
________________________________________________________________________________________________________
*** CID 401229: Uncaught exception (UNCAUGHT_EXCEPT)
/qpidbuilds/trunk/qpid/cpp/src/posix/QpiddBroker.cpp: 221 in main()
215 }
216 return 0;
217 }
218
219 }} // namespace qpid::Broker
220
>>> CID 401229: Uncaught exception (UNCAUGHT_EXCEPT)
>>> In function "main" an exception of type "qpid::Options::Exception" is
>>> thrown and never caught.
221 int main(int argc, char* argv[])
222 {
223 return qpid::broker::run_broker(argc, argv);
________________________________________________________________________________________________________
*** CID 401297: Uninitialized scalar field (UNINIT_CTOR)
/qpidbuilds/trunk/qpid/cpp/src/tests/TimerTest.cpp: 64 in
qpid::tests::TestTask::TestTask(qpid::sys::Duration, qpid::tests::Counter &)()
58 uint position;
59 Monitor monitor;
60 Counter& counter;
61
62 public:
63 TestTask(Duration timeout, Counter& _counter)
>>> CID 401297: Uninitialized scalar field (UNINIT_CTOR)
>>> Non-static class member "position" is not initialized in this
>>> constructor nor in any functions that it calls.
64 : TimerTask(timeout, "Test"), start(now()), expected(timeout),
end(start), fired(false), counter(_counter) {}
65
66 void fire()
67 {
68 Monitor::ScopedLock l(monitor);
69 fired = true;
________________________________________________________________________________________________________
*** CID 1033539: Uninitialized pointer field (UNINIT_CTOR)
/qpidbuilds/trunk/qpid/cpp/src/qpidd.h: 55 in
qpid::broker::QpiddOptionsPrivate::QpiddOptionsPrivate()()
49 struct QpiddOptions;
50 struct QpiddOptionsPrivate {
51 QpiddOptions *options;
52 QpiddOptionsPrivate(QpiddOptions *parent) : options(parent) {}
53 virtual ~QpiddOptionsPrivate() {}
54 protected:
>>> CID 1033539: Uninitialized pointer field (UNINIT_CTOR)
>>> Non-static class member "options" is not initialized in this
>>> constructor nor in any functions that it calls.
55 QpiddOptionsPrivate() {}
56 };
57
58 struct QpiddOptions : public qpid::Options {
59 qpid::CommonOptions common;
60 qpid::ModuleOptions module;
________________________________________________________________________________________________________
*** CID 1127840: Use of untrusted string value (TAINTED_STRING)
/qpidbuilds/trunk/qpid/cpp/src/tests/XmlClientSessionTest.cpp: 49 in
qpid::tests::XmlFixture::XmlFixture()()
43 namespace tests {
44
45 QPID_AUTO_TEST_SUITE(XmlClientSessionTest)
46
47 struct XmlFixture {
48 XmlFixture() {
>>> CID 1127840: Use of untrusted string value (TAINTED_STRING)
>>> Passing tainted string "std::string(getLibPath("XML_LIB", NULL))" to
>>> "qpid::sys::Shlib::Shlib(std::string const &)", which cannot accept tainted
>>> data.
49 qpid::sys::Shlib shlib(getLibPath("XML_LIB"));
50 }
51 ~XmlFixture() {}
52 };
53
54 using namespace qpid::client;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/6?tab=overview
To manage Coverity Scan email notifications for "dev@qpid.apache.org", click
http://scan.coverity.com/subscriptions/edit?email=dev%40qpid.apache.org&token=60991677ffaf52c2eed1d29bf727edf0
.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
