[
https://issues.apache.org/jira/browse/DISPATCH-1292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16799460#comment-16799460
]
Ganesh Murthy commented on DISPATCH-1292:
-----------------------------------------
{noformat}
________________________________________________________________________________________________________
*** CID 337241: Null pointer dereferences (REVERSE_INULL)
/home/gmurthy/opensource/qpid-dispatch/src/connection_manager.c: 780 in
qd_dispatch_configure_connector()
774 qd_connection_manager_t *cm = qd->connection_manager;
775 qd_connector_t *ct = qd_server_connector(qd->server);
776
777 qd_error_clear();
778 ct->policy_vhost = qd_entity_opt_string(entity, "policyVhost", 0);
CHECK();
779
>>> CID 337241: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "ct" suggests that it may be null, but it has already
>>>been dereferenced on all paths leading to the check.
780 if (ct && load_server_config(qd, &ct->config, entity, false) ==
QD_ERROR_NONE) {
781 DEQ_ITEM_INIT(ct);
782 DEQ_INSERT_TAIL(cm->connectors, ct);
783 log_config(cm->log_source, &ct->config, "Connector");
784
785 //
** CID 337240: Concurrent data access violations (MISSING_LOCK)
/home/gmurthy/opensource/qpid-dispatch/src/policy.c: 1174 in
qd_policy_amqp_open_connector()
________________________________________________________________________________________________________
*** CID 337240: Concurrent data access violations (MISSING_LOCK)
/home/gmurthy/opensource/qpid-dispatch/src/policy.c: 1174 in
qd_policy_amqp_open_connector()
1168 qd_conn->policy_settings = NEW(qd_policy_settings_t);
1169 if (qd_conn->policy_settings) {
1170 ZERO(qd_conn->policy_settings);
1171
1172 if (qd_policy_open_fetch_settings(policy,
policy_vhost, POLICY_VHOST_GROUP, qd_conn->policy_settings)) {
1173 qd_conn->policy_settings->outgoingConnection =
true;
>>> CID 337240: Concurrent data access violations (MISSING_LOCK)
>>> Accessing "qd_conn->policy_counted" without holding lock
>>>"sys_mutex_t.mutex". Elsewhere, "qd_connection_t.policy_counted" is accessed
>>>with "sys_mutex_t.mutex" held 1 out of 2 times (1 of these accesses strongly
>>>imply that it is necessary).
1174 qd_conn->policy_counted = true; // Count senders
and receivers for this connection
1175 } else {
1176 qd_log(policy->log_source,
1177 QD_LOG_ERROR,
1178 "Failed to find policyVhost settings for
connection '%d', policyVhost: '%s'",
1179 conn_id, policy_vhost);{noformat}
> Coverity issues on master branch
> --------------------------------
>
> Key: DISPATCH-1292
> URL: https://issues.apache.org/jira/browse/DISPATCH-1292
> Project: Qpid Dispatch
> Issue Type: Bug
> Components: Container
> Affects Versions: 1.5.0
> Reporter: Ganesh Murthy
> Assignee: Ganesh Murthy
> Priority: Major
> Fix For: 1.6.0
>
>
> {noformat}
> 10 of 17,133
> New Defects reported by Coverity Scan for Apache Qpid dispatch-router
> Inbox
> x
> scan-ad...@coverity.com
>
> 12:31 AM (7 hours ago)
>
> to me
> Hi,
> Please find the latest report on new defect(s) introduced to Apache Qpid
> dispatch-router found with Coverity Scan.
> 11 new defect(s) introduced to Apache Qpid dispatch-router found with
> Coverity Scan.
> 55 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
> New defect(s) Reported-by: Coverity Scan
> Showing 11 of 11 defect(s)
> ** CID 336749: Control flow issues (MISSING_BREAK)
> /home/gmurthy/opensource/qpid-dispatch/src/server.c: 909 in handle()
> ________________________________________________________________________________________________________
> *** CID 336749: Control flow issues (MISSING_BREAK)
> /home/gmurthy/opensource/qpid-dispatch/src/server.c: 909 in handle()
> 903 qdr_handle_authentication_service_connection_event(e);
> 904 return true;
> 905 }
> 906
> 907 switch (pn_event_type(e)) {
> 908
> >>> CID 336749: Control flow issues (MISSING_BREAK)
> >>> The case for value "PN_PROACTOR_INTERRUPT" is not terminated by a
> >>>'break' statement.
> 909 case PN_PROACTOR_INTERRUPT:
> 910 if (qd_server->stopping) {
> 911 /* Interrupt the next thread */
> 912 pn_proactor_interrupt(qd_server->proactor);
> 913 /* Stop the current thread */
> 914 return false;
> ** CID 336748: Resource leaks (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/src/router_node.c: 567 in
> AMQP_rx_handler()
> ________________________________________________________________________________________________________
> *** CID 336748: Resource leaks (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/src/router_node.c: 567 in
> AMQP_rx_handler()
> 561 qd_log(router->log_source, QD_LOG_DEBUG, "Message
> rejected due to policy violation on target. User:%s", conn->user_id);
> 562 pn_link_flow(pn_link, 1);
> 563 pn_delivery_update(pnd, PN_REJECTED);
> 564 pn_delivery_settle(pnd);
> 565 qd_message_free(msg);
> 566 qd_iterator_free(addr_iter);
> >>> CID 336748: Resource leaks (RESOURCE_LEAK)
> >>> Variable "link_exclusions" going out of scope leaks the storage it
> >>>points to.
> 567 return next_delivery;
> 568 }
> 569 }
> 570 } else {
> 571 //
> 572 // This is a targeted link, not anonymous.
> ** CID 336747: (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 81 in
> test_send_to_messenger()
> /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 86 in
> test_send_to_messenger()
> ________________________________________________________________________________________________________
> *** CID 336747: (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 81 in
> test_send_to_messenger()
> 75 static char* test_send_to_messenger(void *context)
> 76 {
> 77 qd_message_t *msg = qd_message();
> 78 qd_message_content_t *content = MSG_CONTENT(msg);
> 79 qd_message_compose_1(msg, "test_addr_0", 0);
> 80 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
> >>> CID 336747: (RESOURCE_LEAK)
> >>> Variable "msg" going out of scope leaks the storage it points to.
> 81 if (buf == 0) return "Expected a buffer in the test message";
> 82
> 83 pn_message_t *pn_msg = pn_message();
> 84 size_t len = flatten_bufs(content);
> 85 int result = pn_message_decode(pn_msg, buffer, len);
> 86 if (result != 0) return "Error in pn_message_decode";
> /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 86 in
> test_send_to_messenger()
> 80 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
> 81 if (buf == 0) return "Expected a buffer in the test message";
> 82
> 83 pn_message_t *pn_msg = pn_message();
> 84 size_t len = flatten_bufs(content);
> 85 int result = pn_message_decode(pn_msg, buffer, len);
> >>> CID 336747: (RESOURCE_LEAK)
> >>> Variable "msg" going out of scope leaks the storage it points to.
> 86 if (result != 0) return "Error in pn_message_decode";
> 87
> 88 if (strcmp(pn_message_get_address(pn_msg), "test_addr_0") != 0)
> 89 return "Address mismatch in received message";
> 90
> 91 pn_message_free(pn_msg);
> ** CID 336746: (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 320 in
> test_send_message_annotations()
> /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 325 in
> test_send_message_annotations()
> ________________________________________________________________________________________________________
> *** CID 336746: (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 320 in
> test_send_message_annotations()
> 314 qd_composed_field_t *ingress = qd_compose_subfield(0);
> 315 qd_compose_insert_string(ingress, "distress");
> 316 qd_message_set_ingress_annotation(msg, ingress);
> 317
> 318 qd_message_compose_1(msg, "test_addr_0", 0);
> 319 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
> >>> CID 336746: (RESOURCE_LEAK)
> >>> Variable "msg" going out of scope leaks the storage it points to.
> 320 if (buf == 0) return "Expected a buffer in the test message";
> 321
> 322 pn_message_t *pn_msg = pn_message();
> 323 size_t len = flatten_bufs(content);
> 324 int result = pn_message_decode(pn_msg, buffer, len);
> 325 if (result != 0) return "Error in pn_message_decode";
> /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 325 in
> test_send_message_annotations()
> 319 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
> 320 if (buf == 0) return "Expected a buffer in the test message";
> 321
> 322 pn_message_t *pn_msg = pn_message();
> 323 size_t len = flatten_bufs(content);
> 324 int result = pn_message_decode(pn_msg, buffer, len);
> >>> CID 336746: (RESOURCE_LEAK)
> >>> Variable "msg" going out of scope leaks the storage it points to.
> 325 if (result != 0) return "Error in pn_message_decode";
> 326
> 327 pn_data_t *ma = pn_message_annotations(pn_msg);
> 328 if (!ma) return "Missing message annotations";
> 329 pn_data_rewind(ma);
> 330 pn_data_next(ma);
> ** CID 336745: Resource leaks (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in
> test_compose_subfields()
> ________________________________________________________________________________________________________
> *** CID 336745: Resource leaks (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in
> test_compose_subfields()
> 353 qd_compose_insert_string(sub3, "Key2");
> 354
> 355 //
> 356 qd_composed_field_t *field =
> qd_compose(QD_PERFORMATIVE_MESSAGE_ANNOTATIONS, 0);
> 357 qd_compose_start_map(field);
> 358 qd_compose_insert_buffers(field, &sub1->buffers);
> >>> CID 336745: Resource leaks (RESOURCE_LEAK)
> >>> Variable "sub3" going out of scope leaks the storage it points to.
> 359 if (!DEQ_IS_EMPTY(sub1->buffers)) return "Buffer chain ownership
> not transferred!";
> 360 qd_compose_free(sub1);
> 361 qd_compose_insert_buffers(field, &sub2->buffers);
> 362 qd_compose_free(sub2);
> 363
> 364 qd_compose_insert_buffers(field, &sub3->buffers);
> ** CID 336744: (DC.WEAK_CRYPTO)
> /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 26 in
> qd_generate_discriminator()
> /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 27 in
> qd_generate_discriminator()
> /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 28 in
> qd_generate_discriminator()
> ________________________________________________________________________________________________________
> *** CID 336744: (DC.WEAK_CRYPTO)
> /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 26 in
> qd_generate_discriminator()
> 20 #include <qpid/dispatch/discriminator.h>
> 21 #include <stdlib.h>
> 22
> 23 void qd_generate_discriminator(char *string)
> 24 {
> 25 static const char *table =
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_";
> >>> CID 336744: (DC.WEAK_CRYPTO)
> >>> "random" should not be used for security related applications, as
> >>>linear congruential algorithms are too easy to break.
> 26 long int rnd1 = random();
> 27 long int rnd2 = random();
> 28 long int rnd3 = random();
> 29 int idx;
> 30 int cursor = 0;
> 31
> /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 27 in
> qd_generate_discriminator()
> 21 #include <stdlib.h>
> 22
> 23 void qd_generate_discriminator(char *string)
> 24 {
> 25 static const char *table =
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_";
> 26 long int rnd1 = random();
> >>> CID 336744: (DC.WEAK_CRYPTO)
> >>> "random" should not be used for security related applications, as
> >>>linear congruential algorithms are too easy to break.
> 27 long int rnd2 = random();
> 28 long int rnd3 = random();
> 29 int idx;
> 30 int cursor = 0;
> 31
> 32 for (idx = 0; idx < 5; idx++) {
> /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 28 in
> qd_generate_discriminator()
> 22
> 23 void qd_generate_discriminator(char *string)
> 24 {
> 25 static const char *table =
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_";
> 26 long int rnd1 = random();
> 27 long int rnd2 = random();
> >>> CID 336744: (DC.WEAK_CRYPTO)
> >>> "random" should not be used for security related applications, as
> >>>linear congruential algorithms are too easy to break.
> 28 long int rnd3 = random();
> 29 int idx;
> 30 int cursor = 0;
> 31
> 32 for (idx = 0; idx < 5; idx++) {
> 33 string[cursor++] = table[(rnd1 >> (idx * 6)) & 63];
> ** CID 336743: Resource leaks (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in
> test_compose_subfields()
> ________________________________________________________________________________________________________
> *** CID 336743: Resource leaks (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in
> test_compose_subfields()
> 353 qd_compose_insert_string(sub3, "Key2");
> 354
> 355 //
> 356 qd_composed_field_t *field =
> qd_compose(QD_PERFORMATIVE_MESSAGE_ANNOTATIONS, 0);
> 357 qd_compose_start_map(field);
> 358 qd_compose_insert_buffers(field, &sub1->buffers);
> >>> CID 336743: Resource leaks (RESOURCE_LEAK)
> >>> Variable "sub2" going out of scope leaks the storage it points to.
> 359 if (!DEQ_IS_EMPTY(sub1->buffers)) return "Buffer chain ownership
> not transferred!";
> 360 qd_compose_free(sub1);
> 361 qd_compose_insert_buffers(field, &sub2->buffers);
> 362 qd_compose_free(sub2);
> 363
> 364 qd_compose_insert_buffers(field, &sub3->buffers);
> ** CID 336742: Null pointer dereferences (REVERSE_INULL)
> /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_addr_tracking/edge_addr_tracking.c:
> 341 in on_link_event()
> ________________________________________________________________________________________________________
> *** CID 336742: Null pointer dereferences (REVERSE_INULL)
> /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_addr_tracking/edge_addr_tracking.c:
> 341 in on_link_event()
> 335 if (addr && qdr_address_is_mobile_CT(addr) &&
> DEQ_SIZE(addr->subscriptions) == 0 && link->link_direction == QD_INCOMING) {
> 336 qdr_addr_endpoint_state_t *endpoint_state =
> qdrc_get_endpoint_state_for_connection(mc->endpoint_state_list, link->conn);
> 337 assert(endpoint_state);
> 338 assert(link->edge_context == 0);
> 339 link->edge_context = endpoint_state;
> 340 endpoint_state->ref_count++;
> >>> CID 336742: Null pointer dereferences (REVERSE_INULL)
> >>> Null-checking "endpoint_state" suggests that it may be null, but it
> >>>has already been dereferenced on all paths leading to the check.
> 341 if (qdrc_can_send_address(addr, link->conn) &&
> endpoint_state) {
> 342 qdrc_send_message(mc->core, addr,
> endpoint_state->endpoint, true);
> 343 }
> 344 }
> 345 break;
> 346 }
> ** CID 336741: Resource leaks (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/router/src/main.c: 192 in
> daemon_process()
> ________________________________________________________________________________________________________
> *** CID 336741: Resource leaks (RESOURCE_LEAK)
> /home/gmurthy/opensource/qpid-dispatch/router/src/main.c: 192 in
> daemon_process()
> 186 if (strncmp("/", config_path, 1)) {
> 187 char *cur_path = NULL;
> 188 size_t path_size = 256;
> 189 int getcwd_error = 0;
> 190 cur_path = (char *) calloc(path_size, sizeof(char));
> 191
> >>> CID 336741: Resource leaks (RESOURCE_LEAK)
> >>> Overwriting "cur_path" in "cur_path = getcwd(cur_path, path_size)"
> >>>leaks the storage that "cur_path" points to.
> 192 while ((cur_path = getcwd(cur_path, path_size)) ==
> NULL) {
> 193 free(cur_path);
> 194 if ( errno != ERANGE ) {
> 195 // If unable to get current directory
> 196 getcwd_error = 1;
> 197 break;
> ** CID 336740: Security best practices violations (STRING_OVERFLOW)
> /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_router/addr_proxy.c:
> 118 in set_waypoint_capability()
> ________________________________________________________________________________________________________
> *** CID 336740: Security best practices violations (STRING_OVERFLOW)
> /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_router/addr_proxy.c:
> 118 in set_waypoint_capability()
> 112 // In all remaining cases, the new links are acting as waypoints.
> 113 //
> 114 int ordinal = phase + (dir == QD_OUTGOING ? 0 : 1);
> 115 char cap[16];
> 116 char suffix[3];
> 117
> >>> CID 336740: Security best practices violations (STRING_OVERFLOW)
> >>> You might overrun the 16-character fixed-size string "cap" by copying
> >>>"QD_CAPABILITY_WAYPOINT_DEFAULT" without checking the length.
> 118 strcpy(cap, QD_CAPABILITY_WAYPOINT_DEFAULT);
> 119 suffix[0] = '.';
> 120 suffix[1] = '0' + ordinal;
> 121 suffix[2] = '\0';
> 122 strcat(cap, suffix);
> 123 qdr_terminus_add_capability(term, cap);
> ** CID 336739: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
> /home/gmurthy/opensource/qpid-dispatch/src/router_core/core_events.c: 51 in
> qdrc_event_subscribe_CT()
> ________________________________________________________________________________________________________
> *** CID 336739: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
> /home/gmurthy/opensource/qpid-dispatch/src/router_core/core_events.c: 51 in
> qdrc_event_subscribe_CT()
> 45 sub->context = context;
> 46 sub->events = events;
> 47 sub->on_conn_event = on_conn_event;
> 48 sub->on_link_event = on_link_event;
> 49 sub->on_addr_event = on_addr_event;
> 50
> >>> CID 336739: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
> >>> "events & 0U /* !((0x3f | 0x3f00) | 0xfff0000) */" is always 0
> >>>regardless of the values of its operands. This occurs as a value.
> 51 assert((events & !(_QDRC_EVENT_CONN_RANGE | _QDRC_EVENT_LINK_RANGE
> | _QDRC_EVENT_ADDR_RANGE)) == 0);
> 52 assert(!(events & _QDRC_EVENT_CONN_RANGE) || on_conn_event);
> 53 assert(!(events & _QDRC_EVENT_LINK_RANGE) || on_link_event);
> 54 assert(!(events & _QDRC_EVENT_ADDR_RANGE) || on_addr_event);
> 55
> 56 if (events & _QDRC_EVENT_CONN_RANGE)
> ________________________________________________________________________________________________________
> To view the defects in Coverity Scan visit,
> https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX1-2FDm2ydKRp2jKIMEChnF9qYjWDV40qhnoFf9KqJJs5gJkRt3r-2Bll2jeD6T5JeFcgC_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKkvoS-2FuJVjgCuslzX1dwckJNC7zZIx1YhiEs45lNkv-2FJbkCiayCX8OOQy-2FsaHbaWWe2WidVwy7Ol1lHWtu-2FIQYOqyXS1KP10pikPG3AkmxqIH-2F7deyf8-2FTnTa-2Fl-2BQLbEh9AvC8YWxt6MQw6cAP-2Fi-2B4QnOJ-2F6VhEvoEVYwZwSgEWEQ-3D-3D
> To manage Coverity Scan email notifications for "gmur...@redhat.com", click
> https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4GT7ZJULeBsdRIGSsmCGK3QgA2CDXnZgZ8-2FWGYmnExRLcco6O6snRtSPKudValmBAwINi3CN-2FlFC5he5SY5w858xo9A3QAFQJ4sopzS8nVgs-3D_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKkvoS-2FuJVjgCuslzX1dwckJ6tm91XSA9ozRLZ6acLz7F19Px-2BcrMfPkJddQQwCtyrNP-2BrRe1ySqLnjIS-2BCkRhnAJeuv0cAtW3OXqGc5JwSHA3r3XoyfjAFFU1C12CubZ2MwIWrfy7TEjEPIll42I3rSdWmRFRevVSluUSqMa-2FJhcQ-3D-3D
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
