Ganesh Murthy created DISPATCH-837:
--------------------------------------
Summary: Coverity scan reported errors in Qpid Dispatch master
Key: DISPATCH-837
URL: https://issues.apache.org/jira/browse/DISPATCH-837
Project: Qpid Dispatch
Issue Type: Bug
Components: Container
Reporter: Ganesh Murthy
Assignee: Ganesh Murthy
{noformat}
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 181420: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/src/dispatch.c: 190 in
qd_dispatch_configure_router()
________________________________________________________________________________________________________
*** CID 181420: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/src/dispatch.c: 190 in
qd_dispatch_configure_router()
184 qd->default_treatment = QD_TREATMENT_ANYCAST_BALANCED;
185 }
186
187 qd_error_t qd_dispatch_configure_router(qd_dispatch_t *qd, qd_entity_t
*entity)
188 {
189 qd_dispatch_set_router_id(qd, qd_entity_opt_string(entity,
"routerId", 0)); QD_ERROR_RET();
>>> CID 181420: Resource leaks (RESOURCE_LEAK)
>>> Failing to save or free storage allocated by
>>> "qd_entity_opt_string(entity, "defaultDistribution", NULL)" leaks it.
190 qd_dispatch_set_router_default_distribution(qd,
qd_entity_opt_string(entity, "defaultDistribution", 0)); QD_ERROR_RET();
191 if (! qd->router_id) {
192 qd_dispatch_set_router_id(qd, qd_entity_opt_string(entity,
"id", 0)); QD_ERROR_RET();
193 }
194 if (!qd->router_id) {
195 qd_log_source_t *router_log = qd_log_source("ROUTER");
** CID 181419: Concurrent data access violations (ATOMICITY)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 149 in
qdr_link_process_deliveries()
________________________________________________________________________________________________________
*** CID 181419: Concurrent data access violations (ATOMICITY)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 149 in
qdr_link_process_deliveries()
143 dlv = DEQ_HEAD(link->undelivered);
144 sys_mutex_unlock(conn->work_lock);
145 if (dlv) {
146 settled = dlv->settled;
147 core->deliver_handler(core->user_context, link, dlv,
settled);
148 sys_mutex_lock(conn->work_lock);
>>> CID 181419: Concurrent data access violations (ATOMICITY)
>>> Using an unreliable value of "dlv" inside the second locked section. If
>>> the data that "dlv" depends on was changed by another thread, this use
>>> might be incorrect.
149 send_complete = qdr_delivery_send_complete(dlv);
150 if (send_complete) {
151 //
152 // The entire message has been sent. It is now the
appropriate time to have the delivery removed
153 // from the head of the undelivered list and move
it to the unsettled list if it is not settled.
154 //
** CID 181418: Possible Control flow issues (DEADCODE)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 198 in
qdr_link_process_deliveries()
________________________________________________________________________________________________________
*** CID 181418: Possible Control flow issues (DEADCODE)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 198 in
qdr_link_process_deliveries()
192 sys_mutex_unlock(conn->work_lock);
193
194 }
195 }
196
197 if (drained)
>>> CID 181418: Possible Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "(*core->drained_handler)(co...".
198 core->drained_handler(core->user_context, link);
199 else if (offer != -1)
200 core->offer_handler(core->user_context, link, offer);
201 }
202
203 return num_deliveries_completed;
** CID 181417: Memory - illegal accesses (USE_AFTER_FREE)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 587 in
qdr_delivery_unlink_peers_CT()
________________________________________________________________________________________________________
*** CID 181417: Memory - illegal accesses (USE_AFTER_FREE)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 587 in
qdr_delivery_unlink_peers_CT()
581 qdr_delivery_t * peer_dlv = dlv_ref->dlv;
582 if (peer_dlv == peer) {
583 if (peer->peer) {
584 peer->peer = 0;
585 qdr_delivery_decref_CT(core, dlv);
586 }
>>> CID 181417: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "dlv".
587 qdr_del_delivery_ref(&dlv->peers, dlv_ref);
588 qdr_delivery_decref_CT(core, peer);
589 break;
590 }
591 dlv_ref = DEQ_NEXT(dlv_ref);
592 }
** CID 181416: (USE_AFTER_FREE)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1070 in
qdr_deliver_continue_CT()
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1112 in
qdr_deliver_continue_CT()
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1110 in
qdr_deliver_continue_CT()
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1112 in
qdr_deliver_continue_CT()
________________________________________________________________________________________________________
*** CID 181416: (USE_AFTER_FREE)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1070 in
qdr_deliver_continue_CT()
1064 // This decref is for the action reference
1065 qdr_delivery_decref_CT(core, in_dlv);
1066
1067 //
1068 // If it is already in the undelivered list or it has no peers,
don't try to deliver this again.
1069 //
>>> CID 181416: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "in_dlv".
1070 if (in_dlv->where == QDR_DELIVERY_IN_UNDELIVERED ||
!qdr_delivery_has_peer_CT(in_dlv))
1071 return;
1072
1073 qdr_deliver_continue_peers_CT(core, in_dlv);
1074
1075
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1112 in
qdr_deliver_continue_CT()
1106 peer = next_peer;
1107 }
1108
1109 // Remove the delivery from the settled list and decref
the in_dlv.
1110 in_dlv->where = QDR_DELIVERY_NOWHERE;
1111 qdr_delivery_decref_CT(core, in_dlv); // This decref is
for removing the delivery from the settled list.
>>> CID 181416: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "in_dlv".
1112 DEQ_REMOVE(in_dlv->link->settled, in_dlv);
1113 }
1114 }
1115 }
1116
1117
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1104 in
qdr_deliver_continue_CT()
1098 //
1099 // The in_dlv has one or more peers. These peers will have
to be unlinked.
1100 //
1101 qdr_delivery_t *peer = qdr_delivery_first_peer_CT(in_dlv);
1102 qdr_delivery_t *next_peer = 0;
1103 while (peer) {
>>> CID 181416: (USE_AFTER_FREE)
>>> Calling "qdr_delivery_next_peer_CT" dereferences freed pointer "in_dlv".
1104 next_peer = qdr_delivery_next_peer_CT(in_dlv);
1105 qdr_delivery_unlink_peers_CT(core, in_dlv, peer);
1106 peer = next_peer;
1107 }
1108
1109 // Remove the delivery from the settled list and decref
the in_dlv.
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1110 in
qdr_deliver_continue_CT()
1104 next_peer = qdr_delivery_next_peer_CT(in_dlv);
1105 qdr_delivery_unlink_peers_CT(core, in_dlv, peer);
1106 peer = next_peer;
1107 }
1108
1109 // Remove the delivery from the settled list and decref
the in_dlv.
>>> CID 181416: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "in_dlv".
1110 in_dlv->where = QDR_DELIVERY_NOWHERE;
1111 qdr_delivery_decref_CT(core, in_dlv); // This decref is
for removing the delivery from the settled list.
1112 DEQ_REMOVE(in_dlv->link->settled, in_dlv);
1113 }
1114 }
1115 }
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1112 in
qdr_deliver_continue_CT()
1106 peer = next_peer;
1107 }
1108
1109 // Remove the delivery from the settled list and decref
the in_dlv.
1110 in_dlv->where = QDR_DELIVERY_NOWHERE;
1111 qdr_delivery_decref_CT(core, in_dlv); // This decref is
for removing the delivery from the settled list.
>>> CID 181416: (USE_AFTER_FREE)
>>> Dereferencing freed pointer "in_dlv".
1112 DEQ_REMOVE(in_dlv->link->settled, in_dlv);
1113 }
1114 }
1115 }
1116
1117
** CID 181415: Integer handling issues (NO_EFFECT)
/home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 679 in
qd_parse_annotations_v1()
________________________________________________________________________________________________________
*** CID 181415: Integer handling issues (NO_EFFECT)
/home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 679 in
qd_parse_annotations_v1()
673 // Adjust size of user annotation blob by the size of the router
674 // annotations
675 blob_pointer->remaining = user_bytes;
676 assert(blob_pointer->remaining >= 0);
677
678 *blob_item_count = user_entries;
>>> CID 181415: Integer handling issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is
>>> always true. "*blob_item_count >= 0U".
679 assert(*blob_item_count >= 0);
680 return 0;
681 }
682
683
684 void qd_parse_annotations(
** CID 181414: (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 339 in
test_q2_input_holdoff_sensing()
/home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in
test_q2_input_holdoff_sensing()
________________________________________________________________________________________________________
*** CID 181414: (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 339 in
test_q2_input_holdoff_sensing()
333 for (int nbufs=1; nbufs<QD_QLIMIT_Q2_UPPER + 1; nbufs++) {
334 qd_message_t *msg = qd_message();
335 qd_message_content_t *content = MSG_CONTENT(msg);
336
337 set_content_bufs(content, nbufs);
338 if (qd_message_Q2_holdoff_should_block(msg) != (nbufs >=
QD_QLIMIT_Q2_UPPER))
>>> CID 181414: (RESOURCE_LEAK)
>>> Variable "msg" going out of scope leaks the storage it points to.
339 return "qd_message_holdoff_would_block was miscalculated";
340 if (qd_message_Q2_holdoff_should_unblock(msg) != (nbufs <
QD_QLIMIT_Q2_LOWER))
341 return "qd_message_holdoff_would_unblock was miscalculated";
342
343 qd_message_free(msg);
344 }
/home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in
test_q2_input_holdoff_sensing()
335 qd_message_content_t *content = MSG_CONTENT(msg);
336
337 set_content_bufs(content, nbufs);
338 if (qd_message_Q2_holdoff_should_block(msg) != (nbufs >=
QD_QLIMIT_Q2_UPPER))
339 return "qd_message_holdoff_would_block was miscalculated";
340 if (qd_message_Q2_holdoff_should_unblock(msg) != (nbufs <
QD_QLIMIT_Q2_LOWER))
>>> CID 181414: (RESOURCE_LEAK)
>>> Variable "msg" going out of scope leaks the storage it points to.
341 return "qd_message_holdoff_would_unblock was miscalculated";
342
343 qd_message_free(msg);
344 }
345 return 0;
346 }
** CID 181413: Null pointer dereferences (REVERSE_INULL)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1084 in
qdr_deliver_continue_CT()
________________________________________________________________________________________________________
*** CID 181413: Null pointer dereferences (REVERSE_INULL)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1084 in
qdr_deliver_continue_CT()
1078 // The entire message has now been received. Check to see if
there are in process subscriptions that need to
1079 // receive this message. in process subscriptions, at this
time, can deal only with full messages.
1080 //
1081 qdr_subscription_t *sub = DEQ_HEAD(in_dlv->subscriptions);
1082 while (sub) {
1083 DEQ_REMOVE_HEAD(in_dlv->subscriptions);
>>> CID 181413: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "in_dlv" suggests that it may be null, but it has already
>>> been dereferenced on all paths leading to the check.
1084 qdr_forward_on_message_CT(core, sub, in_dlv ? in_dlv->link
: 0, in_dlv->msg);
1085 sub = DEQ_HEAD(in_dlv->subscriptions);
1086 }
1087
1088 // This is a multicast delivery
1089 if
(qdr_is_addr_treatment_multicast(in_dlv->link->owning_addr)) {
** CID 181412: Concurrent data access violations (MISSING_LOCK)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1185 in
qdr_addr_start_inlinks_CT()
________________________________________________________________________________________________________
*** CID 181412: Concurrent data access violations (MISSING_LOCK)
/home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/transfer.c: 1185 in
qdr_addr_start_inlinks_CT()
1179 //
1180 // Move all the undelivered to a local list in case
not all can be delivered.
1181 // We don't want to loop here forever putting the same
messages on the undelivered
1182 // list.
1183 //
1184 qdr_delivery_list_t deliveries;
>>> CID 181412: Concurrent data access violations (MISSING_LOCK)
>>> Accessing "link->undelivered.scratch" without holding lock
>>> "sys_mutex_t.mutex". Elsewhere, "qdr_delivery_list_t.scratch" is accessed
>>> with "sys_mutex_t.mutex" held 4 out of 5 times.
1185 DEQ_MOVE(link->undelivered, deliveries);
1186
1187 qdr_delivery_t *dlv = DEQ_HEAD(deliveries);
1188 while (dlv) {
1189 DEQ_REMOVE_HEAD(deliveries);
1190 qdr_link_forward_CT(core, link, dlv, addr);
** CID 124934: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 181 in
test_message_properties()
________________________________________________________________________________________________________
*** CID 124934: Resource leaks (RESOURCE_LEAK)
/home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 181 in
test_message_properties()
175 qd_message_content_t *content = MSG_CONTENT(msg);
176
177 set_content(content, size);
178
179 qd_iterator_t *iter = qd_message_field_iterator(msg,
QD_FIELD_CORRELATION_ID);
180 if (!iter) return "Expected iterator for the 'correlation-id'
field";
>>> CID 124934: Resource leaks (RESOURCE_LEAK)
>>> Variable "iter" going out of scope leaks the storage it points to.
181 if (qd_iterator_length(iter) != 13) return "Bad length for
correlation-id";
182 if (!qd_iterator_equal(iter, (const unsigned char
*)"correlationId")) {
183 qd_iterator_free(iter);
184 return "Invalid correlation-id";
185 }
186 qd_iterator_free(iter);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX1-2FDm2ydKRp2jKIMEChnF9qYjWDV40qhnoFf9KqJJs5gJ3gKShavCjMfPIUiT4tI2B_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKkH8DXAcTo0KcqFSFTvUzz6crMx-2FSgHb7MB-2FvuR2f4Tz6M6a5ScpyYAk5PcurHjL0urUVAhDaoDz7PUJ32Xt-2Bk3iq9oeTMzekZMSRgqTDTcg-2B1CsRw-2FOQXfLSeGZHAzACr1F21jPOxg73BaqGqnUtLTAqOWl23OBHnpHmqpqhHT5fYnuAht58nGAwRPIKtCQjo-3D
{noformat}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
