Ganesh Murthy created DISPATCH-1163:
---------------------------------------
Summary: Coverity issues on master branch
Key: DISPATCH-1163
URL: https://issues.apache.org/jira/browse/DISPATCH-1163
Project: Qpid Dispatch
Issue Type: Bug
Components: Container
Affects Versions: 1.4.1
Reporter: Ganesh Murthy
Fix For: 1.5.0
{noformat}
Hi,
Please find the latest report on new defect(s) introduced to Apache Qpid
dispatch-router found with Coverity Scan.
3 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity
Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 324907: Memory - corruptions (OVERRUN)
/home/kgiusti/work/qpid-dispatch/src/router_core/connections.c: 1477 in
qdr_attach_link_data_CT()
________________________________________________________________________________________________________
*** CID 324907: Memory - corruptions (OVERRUN)
/home/kgiusti/work/qpid-dispatch/src/router_core/connections.c: 1477 in
qdr_attach_link_data_CT()
1471 // are assigned priorities in the order in which they are
attached.
1472 int next_slot =
core->data_links_by_mask_bit[conn->mask_bit].count ++;
1473 if (next_slot > QDR_MAX_PRIORITY) {
1474 qd_log(core->log, QD_LOG_ERROR, "Attempt to attach too
many inter-router links for priority sheaf.");
1475 }
1476 link->priority = next_slot;
>>> CID 324907: Memory - corruptions (OVERRUN)
>>> Overrunning array "core->data_links_by_mask_bit[conn->mask_bit].links"
>>>of 10 8-byte elements at element index 10 (byte offset 80) using index
>>>"next_slot" (which evaluates to 10).
1477 core->data_links_by_mask_bit[conn->mask_bit].links[next_slot]
= link;
1478 }
1479 }
1480
1481
1482 static void qdr_detach_link_data_CT(qdr_core_t *core, qdr_connection_t
*conn, qdr_link_t *link)
** CID 324906: Incorrect expression (UNUSED_VALUE)
/home/kgiusti/work/qpid-dispatch/src/message.c: 791 in
qd_message_parse_priority()
________________________________________________________________________________________________________
*** CID 324906: Incorrect expression (UNUSED_VALUE)
/home/kgiusti/work/qpid-dispatch/src/message.c: 791 in
qd_message_parse_priority()
785 qd_parsed_field_t *field = qd_parse(iter);
786 if (qd_parse_ok(field)) {
787 if (qd_parse_is_list(field) && qd_parse_sub_count(field) >=
2) {
788 qd_parsed_field_t *priority_field =
qd_parse_sub_value(field, 1);
789 if (qd_parse_tag(priority_field) != QD_AMQP_NULL) {
790 uint32_t value = qd_parse_as_uint(priority_field);
>>> CID 324906: Incorrect expression (UNUSED_VALUE)
>>> Assigning value from "(value >= 10U) ? 9 : (uint8_t)(value & 0xffU)" to
>>>"content->priority" here, but that stored value is overwritten before it can
>>>be used.
791 content->priority = value >= QDR_N_PRIORITIES ?
QDR_N_PRIORITIES - 1 : (uint8_t) (value & 0x00ff);
792 content->priority = value > QDR_MAX_PRIORITY ?
QDR_MAX_PRIORITY : (uint8_t) (value & 0x00ff);
793 content->priority_present = true;
794 }
795 }
796 }
** CID 324905: Security best practices violations (DC.WEAK_CRYPTO)
/home/kgiusti/work/qpid-dispatch/src/router_core/core_client_api.c: 156 in
qdrc_client_CT()
________________________________________________________________________________________________________
*** CID 324905: Security best practices violations (DC.WEAK_CRYPTO)
/home/kgiusti/work/qpid-dispatch/src/router_core/core_client_api.c: 156 in
qdrc_client_CT()
150 if (!client)
151 return NULL;
152
153 ZERO(client);
154 client->core = core;
155 client->correlations = qd_hash(6, 4, 0);
>>> CID 324905: Security best practices violations (DC.WEAK_CRYPTO)
>>> "rand" should not be used for security related applications, as linear
>>>congruential algorithms are too easy to break.
156 client->next_cid = rand();
157 client->rx_credit_max = credit_window;
158 client->user_context = user_context;
159 client->on_state_cb = on_state_cb;
160 client->on_flow_cb = on_flow_cb;
161
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX1-2FDm2ydKRp2jKIMEChnF9qYjWDV40qhnoFf9KqJJs5gJ3gKShavCjMfPIUiT4tI2B_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKlmbivMjLmRupWWPbw4s8pJuDqBj40bfXa-2BmqxyHmnf0eDQMSBH6cu0RSxwXczXjjgNPMXQZUGQcXGcA3WtDUB6p3QqgtL4m8e-2BSGh9K8vMCtW3am2nFIE1Lbf8nE95-2FmDMaZWOOMGEPkfYE2-2BOiWAbfugrCv-2BO3SVj8V44LoE8Mg-3D-3D
To manage Coverity Scan email notifications for "gmur...@redhat.com", click
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4GT7ZJULeBsdRIGSsmCGK3QgA2CDXnZgZ8-2FWGYmnExRLcco6O6snRtSPKudValmBAwINi3CN-2FlFC5he5SY5w85-2BEKaU-2FEfQJ1S-2BAvMeHNTnE-3D_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKlmbivMjLmRupWWPbw4s8pJGEbgcj4tgDiH6S3i9TtZ3xugsIHFbE9FvdpmoEQ2kYdFR8bB9M98VS1yhkSB01zzCgTEoXwSXPChOYOnSMKEyfajo1k47bHwRlPQSSs5Do9D0ia5TQMh4SpOX9CT4Zj7OW6Gz77uHKuEjuI7aZSpVA-3D-3D
{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
