[ https://issues.apache.org/jira/browse/DISPATCH-1292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16799460#comment-16799460 ]
Ganesh Murthy commented on DISPATCH-1292: ----------------------------------------- {noformat} ________________________________________________________________________________________________________ *** CID 337241: Null pointer dereferences (REVERSE_INULL) /home/gmurthy/opensource/qpid-dispatch/src/connection_manager.c: 780 in qd_dispatch_configure_connector() 774 qd_connection_manager_t *cm = qd->connection_manager; 775 qd_connector_t *ct = qd_server_connector(qd->server); 776 777 qd_error_clear(); 778 ct->policy_vhost = qd_entity_opt_string(entity, "policyVhost", 0); CHECK(); 779 >>> CID 337241: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "ct" suggests that it may be null, but it has already >>>been dereferenced on all paths leading to the check. 780 if (ct && load_server_config(qd, &ct->config, entity, false) == QD_ERROR_NONE) { 781 DEQ_ITEM_INIT(ct); 782 DEQ_INSERT_TAIL(cm->connectors, ct); 783 log_config(cm->log_source, &ct->config, "Connector"); 784 785 // ** CID 337240: Concurrent data access violations (MISSING_LOCK) /home/gmurthy/opensource/qpid-dispatch/src/policy.c: 1174 in qd_policy_amqp_open_connector() ________________________________________________________________________________________________________ *** CID 337240: Concurrent data access violations (MISSING_LOCK) /home/gmurthy/opensource/qpid-dispatch/src/policy.c: 1174 in qd_policy_amqp_open_connector() 1168 qd_conn->policy_settings = NEW(qd_policy_settings_t); 1169 if (qd_conn->policy_settings) { 1170 ZERO(qd_conn->policy_settings); 1171 1172 if (qd_policy_open_fetch_settings(policy, policy_vhost, POLICY_VHOST_GROUP, qd_conn->policy_settings)) { 1173 qd_conn->policy_settings->outgoingConnection = true; >>> CID 337240: Concurrent data access violations (MISSING_LOCK) >>> Accessing "qd_conn->policy_counted" without holding lock >>>"sys_mutex_t.mutex". Elsewhere, "qd_connection_t.policy_counted" is accessed >>>with "sys_mutex_t.mutex" held 1 out of 2 times (1 of these accesses strongly >>>imply that it is necessary). 1174 qd_conn->policy_counted = true; // Count senders and receivers for this connection 1175 } else { 1176 qd_log(policy->log_source, 1177 QD_LOG_ERROR, 1178 "Failed to find policyVhost settings for connection '%d', policyVhost: '%s'", 1179 conn_id, policy_vhost);{noformat} > Coverity issues on master branch > -------------------------------- > > Key: DISPATCH-1292 > URL: https://issues.apache.org/jira/browse/DISPATCH-1292 > Project: Qpid Dispatch > Issue Type: Bug > Components: Container > Affects Versions: 1.5.0 > Reporter: Ganesh Murthy > Assignee: Ganesh Murthy > Priority: Major > Fix For: 1.6.0 > > > {noformat} > 10 of 17,133 > New Defects reported by Coverity Scan for Apache Qpid dispatch-router > Inbox > x > scan-ad...@coverity.com > > 12:31 AM (7 hours ago) > > to me > Hi, > Please find the latest report on new defect(s) introduced to Apache Qpid > dispatch-router found with Coverity Scan. > 11 new defect(s) introduced to Apache Qpid dispatch-router found with > Coverity Scan. > 55 defect(s), reported by Coverity Scan earlier, were marked fixed in the > recent build analyzed by Coverity Scan. > New defect(s) Reported-by: Coverity Scan > Showing 11 of 11 defect(s) > ** CID 336749: Control flow issues (MISSING_BREAK) > /home/gmurthy/opensource/qpid-dispatch/src/server.c: 909 in handle() > ________________________________________________________________________________________________________ > *** CID 336749: Control flow issues (MISSING_BREAK) > /home/gmurthy/opensource/qpid-dispatch/src/server.c: 909 in handle() > 903 qdr_handle_authentication_service_connection_event(e); > 904 return true; > 905 } > 906 > 907 switch (pn_event_type(e)) { > 908 > >>> CID 336749: Control flow issues (MISSING_BREAK) > >>> The case for value "PN_PROACTOR_INTERRUPT" is not terminated by a > >>>'break' statement. > 909 case PN_PROACTOR_INTERRUPT: > 910 if (qd_server->stopping) { > 911 /* Interrupt the next thread */ > 912 pn_proactor_interrupt(qd_server->proactor); > 913 /* Stop the current thread */ > 914 return false; > ** CID 336748: Resource leaks (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/src/router_node.c: 567 in > AMQP_rx_handler() > ________________________________________________________________________________________________________ > *** CID 336748: Resource leaks (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/src/router_node.c: 567 in > AMQP_rx_handler() > 561 qd_log(router->log_source, QD_LOG_DEBUG, "Message > rejected due to policy violation on target. User:%s", conn->user_id); > 562 pn_link_flow(pn_link, 1); > 563 pn_delivery_update(pnd, PN_REJECTED); > 564 pn_delivery_settle(pnd); > 565 qd_message_free(msg); > 566 qd_iterator_free(addr_iter); > >>> CID 336748: Resource leaks (RESOURCE_LEAK) > >>> Variable "link_exclusions" going out of scope leaks the storage it > >>>points to. > 567 return next_delivery; > 568 } > 569 } > 570 } else { > 571 // > 572 // This is a targeted link, not anonymous. > ** CID 336747: (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 81 in > test_send_to_messenger() > /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 86 in > test_send_to_messenger() > ________________________________________________________________________________________________________ > *** CID 336747: (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 81 in > test_send_to_messenger() > 75 static char* test_send_to_messenger(void *context) > 76 { > 77 qd_message_t *msg = qd_message(); > 78 qd_message_content_t *content = MSG_CONTENT(msg); > 79 qd_message_compose_1(msg, "test_addr_0", 0); > 80 qd_buffer_t *buf = DEQ_HEAD(content->buffers); > >>> CID 336747: (RESOURCE_LEAK) > >>> Variable "msg" going out of scope leaks the storage it points to. > 81 if (buf == 0) return "Expected a buffer in the test message"; > 82 > 83 pn_message_t *pn_msg = pn_message(); > 84 size_t len = flatten_bufs(content); > 85 int result = pn_message_decode(pn_msg, buffer, len); > 86 if (result != 0) return "Error in pn_message_decode"; > /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 86 in > test_send_to_messenger() > 80 qd_buffer_t *buf = DEQ_HEAD(content->buffers); > 81 if (buf == 0) return "Expected a buffer in the test message"; > 82 > 83 pn_message_t *pn_msg = pn_message(); > 84 size_t len = flatten_bufs(content); > 85 int result = pn_message_decode(pn_msg, buffer, len); > >>> CID 336747: (RESOURCE_LEAK) > >>> Variable "msg" going out of scope leaks the storage it points to. > 86 if (result != 0) return "Error in pn_message_decode"; > 87 > 88 if (strcmp(pn_message_get_address(pn_msg), "test_addr_0") != 0) > 89 return "Address mismatch in received message"; > 90 > 91 pn_message_free(pn_msg); > ** CID 336746: (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 320 in > test_send_message_annotations() > /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 325 in > test_send_message_annotations() > ________________________________________________________________________________________________________ > *** CID 336746: (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 320 in > test_send_message_annotations() > 314 qd_composed_field_t *ingress = qd_compose_subfield(0); > 315 qd_compose_insert_string(ingress, "distress"); > 316 qd_message_set_ingress_annotation(msg, ingress); > 317 > 318 qd_message_compose_1(msg, "test_addr_0", 0); > 319 qd_buffer_t *buf = DEQ_HEAD(content->buffers); > >>> CID 336746: (RESOURCE_LEAK) > >>> Variable "msg" going out of scope leaks the storage it points to. > 320 if (buf == 0) return "Expected a buffer in the test message"; > 321 > 322 pn_message_t *pn_msg = pn_message(); > 323 size_t len = flatten_bufs(content); > 324 int result = pn_message_decode(pn_msg, buffer, len); > 325 if (result != 0) return "Error in pn_message_decode"; > /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 325 in > test_send_message_annotations() > 319 qd_buffer_t *buf = DEQ_HEAD(content->buffers); > 320 if (buf == 0) return "Expected a buffer in the test message"; > 321 > 322 pn_message_t *pn_msg = pn_message(); > 323 size_t len = flatten_bufs(content); > 324 int result = pn_message_decode(pn_msg, buffer, len); > >>> CID 336746: (RESOURCE_LEAK) > >>> Variable "msg" going out of scope leaks the storage it points to. > 325 if (result != 0) return "Error in pn_message_decode"; > 326 > 327 pn_data_t *ma = pn_message_annotations(pn_msg); > 328 if (!ma) return "Missing message annotations"; > 329 pn_data_rewind(ma); > 330 pn_data_next(ma); > ** CID 336745: Resource leaks (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in > test_compose_subfields() > ________________________________________________________________________________________________________ > *** CID 336745: Resource leaks (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in > test_compose_subfields() > 353 qd_compose_insert_string(sub3, "Key2"); > 354 > 355 // > 356 qd_composed_field_t *field = > qd_compose(QD_PERFORMATIVE_MESSAGE_ANNOTATIONS, 0); > 357 qd_compose_start_map(field); > 358 qd_compose_insert_buffers(field, &sub1->buffers); > >>> CID 336745: Resource leaks (RESOURCE_LEAK) > >>> Variable "sub3" going out of scope leaks the storage it points to. > 359 if (!DEQ_IS_EMPTY(sub1->buffers)) return "Buffer chain ownership > not transferred!"; > 360 qd_compose_free(sub1); > 361 qd_compose_insert_buffers(field, &sub2->buffers); > 362 qd_compose_free(sub2); > 363 > 364 qd_compose_insert_buffers(field, &sub3->buffers); > ** CID 336744: (DC.WEAK_CRYPTO) > /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 26 in > qd_generate_discriminator() > /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 27 in > qd_generate_discriminator() > /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 28 in > qd_generate_discriminator() > ________________________________________________________________________________________________________ > *** CID 336744: (DC.WEAK_CRYPTO) > /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 26 in > qd_generate_discriminator() > 20 #include <qpid/dispatch/discriminator.h> > 21 #include <stdlib.h> > 22 > 23 void qd_generate_discriminator(char *string) > 24 { > 25 static const char *table = > "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_"; > >>> CID 336744: (DC.WEAK_CRYPTO) > >>> "random" should not be used for security related applications, as > >>>linear congruential algorithms are too easy to break. > 26 long int rnd1 = random(); > 27 long int rnd2 = random(); > 28 long int rnd3 = random(); > 29 int idx; > 30 int cursor = 0; > 31 > /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 27 in > qd_generate_discriminator() > 21 #include <stdlib.h> > 22 > 23 void qd_generate_discriminator(char *string) > 24 { > 25 static const char *table = > "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_"; > 26 long int rnd1 = random(); > >>> CID 336744: (DC.WEAK_CRYPTO) > >>> "random" should not be used for security related applications, as > >>>linear congruential algorithms are too easy to break. > 27 long int rnd2 = random(); > 28 long int rnd3 = random(); > 29 int idx; > 30 int cursor = 0; > 31 > 32 for (idx = 0; idx < 5; idx++) { > /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 28 in > qd_generate_discriminator() > 22 > 23 void qd_generate_discriminator(char *string) > 24 { > 25 static const char *table = > "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_"; > 26 long int rnd1 = random(); > 27 long int rnd2 = random(); > >>> CID 336744: (DC.WEAK_CRYPTO) > >>> "random" should not be used for security related applications, as > >>>linear congruential algorithms are too easy to break. > 28 long int rnd3 = random(); > 29 int idx; > 30 int cursor = 0; > 31 > 32 for (idx = 0; idx < 5; idx++) { > 33 string[cursor++] = table[(rnd1 >> (idx * 6)) & 63]; > ** CID 336743: Resource leaks (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in > test_compose_subfields() > ________________________________________________________________________________________________________ > *** CID 336743: Resource leaks (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in > test_compose_subfields() > 353 qd_compose_insert_string(sub3, "Key2"); > 354 > 355 // > 356 qd_composed_field_t *field = > qd_compose(QD_PERFORMATIVE_MESSAGE_ANNOTATIONS, 0); > 357 qd_compose_start_map(field); > 358 qd_compose_insert_buffers(field, &sub1->buffers); > >>> CID 336743: Resource leaks (RESOURCE_LEAK) > >>> Variable "sub2" going out of scope leaks the storage it points to. > 359 if (!DEQ_IS_EMPTY(sub1->buffers)) return "Buffer chain ownership > not transferred!"; > 360 qd_compose_free(sub1); > 361 qd_compose_insert_buffers(field, &sub2->buffers); > 362 qd_compose_free(sub2); > 363 > 364 qd_compose_insert_buffers(field, &sub3->buffers); > ** CID 336742: Null pointer dereferences (REVERSE_INULL) > /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_addr_tracking/edge_addr_tracking.c: > 341 in on_link_event() > ________________________________________________________________________________________________________ > *** CID 336742: Null pointer dereferences (REVERSE_INULL) > /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_addr_tracking/edge_addr_tracking.c: > 341 in on_link_event() > 335 if (addr && qdr_address_is_mobile_CT(addr) && > DEQ_SIZE(addr->subscriptions) == 0 && link->link_direction == QD_INCOMING) { > 336 qdr_addr_endpoint_state_t *endpoint_state = > qdrc_get_endpoint_state_for_connection(mc->endpoint_state_list, link->conn); > 337 assert(endpoint_state); > 338 assert(link->edge_context == 0); > 339 link->edge_context = endpoint_state; > 340 endpoint_state->ref_count++; > >>> CID 336742: Null pointer dereferences (REVERSE_INULL) > >>> Null-checking "endpoint_state" suggests that it may be null, but it > >>>has already been dereferenced on all paths leading to the check. > 341 if (qdrc_can_send_address(addr, link->conn) && > endpoint_state) { > 342 qdrc_send_message(mc->core, addr, > endpoint_state->endpoint, true); > 343 } > 344 } > 345 break; > 346 } > ** CID 336741: Resource leaks (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/router/src/main.c: 192 in > daemon_process() > ________________________________________________________________________________________________________ > *** CID 336741: Resource leaks (RESOURCE_LEAK) > /home/gmurthy/opensource/qpid-dispatch/router/src/main.c: 192 in > daemon_process() > 186 if (strncmp("/", config_path, 1)) { > 187 char *cur_path = NULL; > 188 size_t path_size = 256; > 189 int getcwd_error = 0; > 190 cur_path = (char *) calloc(path_size, sizeof(char)); > 191 > >>> CID 336741: Resource leaks (RESOURCE_LEAK) > >>> Overwriting "cur_path" in "cur_path = getcwd(cur_path, path_size)" > >>>leaks the storage that "cur_path" points to. > 192 while ((cur_path = getcwd(cur_path, path_size)) == > NULL) { > 193 free(cur_path); > 194 if ( errno != ERANGE ) { > 195 // If unable to get current directory > 196 getcwd_error = 1; > 197 break; > ** CID 336740: Security best practices violations (STRING_OVERFLOW) > /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_router/addr_proxy.c: > 118 in set_waypoint_capability() > ________________________________________________________________________________________________________ > *** CID 336740: Security best practices violations (STRING_OVERFLOW) > /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_router/addr_proxy.c: > 118 in set_waypoint_capability() > 112 // In all remaining cases, the new links are acting as waypoints. > 113 // > 114 int ordinal = phase + (dir == QD_OUTGOING ? 0 : 1); > 115 char cap[16]; > 116 char suffix[3]; > 117 > >>> CID 336740: Security best practices violations (STRING_OVERFLOW) > >>> You might overrun the 16-character fixed-size string "cap" by copying > >>>"QD_CAPABILITY_WAYPOINT_DEFAULT" without checking the length. > 118 strcpy(cap, QD_CAPABILITY_WAYPOINT_DEFAULT); > 119 suffix[0] = '.'; > 120 suffix[1] = '0' + ordinal; > 121 suffix[2] = '\0'; > 122 strcat(cap, suffix); > 123 qdr_terminus_add_capability(term, cap); > ** CID 336739: Integer handling issues (CONSTANT_EXPRESSION_RESULT) > /home/gmurthy/opensource/qpid-dispatch/src/router_core/core_events.c: 51 in > qdrc_event_subscribe_CT() > ________________________________________________________________________________________________________ > *** CID 336739: Integer handling issues (CONSTANT_EXPRESSION_RESULT) > /home/gmurthy/opensource/qpid-dispatch/src/router_core/core_events.c: 51 in > qdrc_event_subscribe_CT() > 45 sub->context = context; > 46 sub->events = events; > 47 sub->on_conn_event = on_conn_event; > 48 sub->on_link_event = on_link_event; > 49 sub->on_addr_event = on_addr_event; > 50 > >>> CID 336739: Integer handling issues (CONSTANT_EXPRESSION_RESULT) > >>> "events & 0U /* !((0x3f | 0x3f00) | 0xfff0000) */" is always 0 > >>>regardless of the values of its operands. This occurs as a value. > 51 assert((events & !(_QDRC_EVENT_CONN_RANGE | _QDRC_EVENT_LINK_RANGE > | _QDRC_EVENT_ADDR_RANGE)) == 0); > 52 assert(!(events & _QDRC_EVENT_CONN_RANGE) || on_conn_event); > 53 assert(!(events & _QDRC_EVENT_LINK_RANGE) || on_link_event); > 54 assert(!(events & _QDRC_EVENT_ADDR_RANGE) || on_addr_event); > 55 > 56 if (events & _QDRC_EVENT_CONN_RANGE) > ________________________________________________________________________________________________________ > To view the defects in Coverity Scan visit, > https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX1-2FDm2ydKRp2jKIMEChnF9qYjWDV40qhnoFf9KqJJs5gJkRt3r-2Bll2jeD6T5JeFcgC_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKkvoS-2FuJVjgCuslzX1dwckJNC7zZIx1YhiEs45lNkv-2FJbkCiayCX8OOQy-2FsaHbaWWe2WidVwy7Ol1lHWtu-2FIQYOqyXS1KP10pikPG3AkmxqIH-2F7deyf8-2FTnTa-2Fl-2BQLbEh9AvC8YWxt6MQw6cAP-2Fi-2B4QnOJ-2F6VhEvoEVYwZwSgEWEQ-3D-3D > To manage Coverity Scan email notifications for "gmur...@redhat.com", click > https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4GT7ZJULeBsdRIGSsmCGK3QgA2CDXnZgZ8-2FWGYmnExRLcco6O6snRtSPKudValmBAwINi3CN-2FlFC5he5SY5w858xo9A3QAFQJ4sopzS8nVgs-3D_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKkvoS-2FuJVjgCuslzX1dwckJ6tm91XSA9ozRLZ6acLz7F19Px-2BcrMfPkJddQQwCtyrNP-2BrRe1ySqLnjIS-2BCkRhnAJeuv0cAtW3OXqGc5JwSHA3r3XoyfjAFFU1C12CubZ2MwIWrfy7TEjEPIll42I3rSdWmRFRevVSluUSqMa-2FJhcQ-3D-3D > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org