Ganesh Murthy created DISPATCH-1163: ---------------------------------------
Summary: Coverity issues on master branch Key: DISPATCH-1163 URL: https://issues.apache.org/jira/browse/DISPATCH-1163 Project: Qpid Dispatch Issue Type: Bug Components: Container Affects Versions: 1.4.1 Reporter: Ganesh Murthy Fix For: 1.5.0 {noformat} Hi, Please find the latest report on new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan. 3 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 324907: Memory - corruptions (OVERRUN) /home/kgiusti/work/qpid-dispatch/src/router_core/connections.c: 1477 in qdr_attach_link_data_CT() ________________________________________________________________________________________________________ *** CID 324907: Memory - corruptions (OVERRUN) /home/kgiusti/work/qpid-dispatch/src/router_core/connections.c: 1477 in qdr_attach_link_data_CT() 1471 // are assigned priorities in the order in which they are attached. 1472 int next_slot = core->data_links_by_mask_bit[conn->mask_bit].count ++; 1473 if (next_slot > QDR_MAX_PRIORITY) { 1474 qd_log(core->log, QD_LOG_ERROR, "Attempt to attach too many inter-router links for priority sheaf."); 1475 } 1476 link->priority = next_slot; >>> CID 324907: Memory - corruptions (OVERRUN) >>> Overrunning array "core->data_links_by_mask_bit[conn->mask_bit].links" >>>of 10 8-byte elements at element index 10 (byte offset 80) using index >>>"next_slot" (which evaluates to 10). 1477 core->data_links_by_mask_bit[conn->mask_bit].links[next_slot] = link; 1478 } 1479 } 1480 1481 1482 static void qdr_detach_link_data_CT(qdr_core_t *core, qdr_connection_t *conn, qdr_link_t *link) ** CID 324906: Incorrect expression (UNUSED_VALUE) /home/kgiusti/work/qpid-dispatch/src/message.c: 791 in qd_message_parse_priority() ________________________________________________________________________________________________________ *** CID 324906: Incorrect expression (UNUSED_VALUE) /home/kgiusti/work/qpid-dispatch/src/message.c: 791 in qd_message_parse_priority() 785 qd_parsed_field_t *field = qd_parse(iter); 786 if (qd_parse_ok(field)) { 787 if (qd_parse_is_list(field) && qd_parse_sub_count(field) >= 2) { 788 qd_parsed_field_t *priority_field = qd_parse_sub_value(field, 1); 789 if (qd_parse_tag(priority_field) != QD_AMQP_NULL) { 790 uint32_t value = qd_parse_as_uint(priority_field); >>> CID 324906: Incorrect expression (UNUSED_VALUE) >>> Assigning value from "(value >= 10U) ? 9 : (uint8_t)(value & 0xffU)" to >>>"content->priority" here, but that stored value is overwritten before it can >>>be used. 791 content->priority = value >= QDR_N_PRIORITIES ? QDR_N_PRIORITIES - 1 : (uint8_t) (value & 0x00ff); 792 content->priority = value > QDR_MAX_PRIORITY ? QDR_MAX_PRIORITY : (uint8_t) (value & 0x00ff); 793 content->priority_present = true; 794 } 795 } 796 } ** CID 324905: Security best practices violations (DC.WEAK_CRYPTO) /home/kgiusti/work/qpid-dispatch/src/router_core/core_client_api.c: 156 in qdrc_client_CT() ________________________________________________________________________________________________________ *** CID 324905: Security best practices violations (DC.WEAK_CRYPTO) /home/kgiusti/work/qpid-dispatch/src/router_core/core_client_api.c: 156 in qdrc_client_CT() 150 if (!client) 151 return NULL; 152 153 ZERO(client); 154 client->core = core; 155 client->correlations = qd_hash(6, 4, 0); >>> CID 324905: Security best practices violations (DC.WEAK_CRYPTO) >>> "rand" should not be used for security related applications, as linear >>>congruential algorithms are too easy to break. 156 client->next_cid = rand(); 157 client->rx_credit_max = credit_window; 158 client->user_context = user_context; 159 client->on_state_cb = on_state_cb; 160 client->on_flow_cb = on_flow_cb; 161 ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX1-2FDm2ydKRp2jKIMEChnF9qYjWDV40qhnoFf9KqJJs5gJ3gKShavCjMfPIUiT4tI2B_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKlmbivMjLmRupWWPbw4s8pJuDqBj40bfXa-2BmqxyHmnf0eDQMSBH6cu0RSxwXczXjjgNPMXQZUGQcXGcA3WtDUB6p3QqgtL4m8e-2BSGh9K8vMCtW3am2nFIE1Lbf8nE95-2FmDMaZWOOMGEPkfYE2-2BOiWAbfugrCv-2BO3SVj8V44LoE8Mg-3D-3D To manage Coverity Scan email notifications for "gmur...@redhat.com", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4GT7ZJULeBsdRIGSsmCGK3QgA2CDXnZgZ8-2FWGYmnExRLcco6O6snRtSPKudValmBAwINi3CN-2FlFC5he5SY5w85-2BEKaU-2FEfQJ1S-2BAvMeHNTnE-3D_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKlmbivMjLmRupWWPbw4s8pJGEbgcj4tgDiH6S3i9TtZ3xugsIHFbE9FvdpmoEQ2kYdFR8bB9M98VS1yhkSB01zzCgTEoXwSXPChOYOnSMKEyfajo1k47bHwRlPQSSs5Do9D0ia5TQMh4SpOX9CT4Zj7OW6Gz77uHKuEjuI7aZSpVA-3D-3D {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org