[
https://issues.apache.org/jira/browse/DISPATCH-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16926053#comment-16926053
]
ASF GitHub Bot commented on DISPATCH-1387:
------------------------------------------
ganeshmurthy commented on pull request #563: DISPATCH-1387 - Additional fix.
Fix null pointer dereference problems
URL: https://github.com/apache/qpid-dispatch/pull/563
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Coverity issues on master branch
> --------------------------------
>
> Key: DISPATCH-1387
> URL: https://issues.apache.org/jira/browse/DISPATCH-1387
> Project: Qpid Dispatch
> Issue Type: Improvement
> Components: Container
> Affects Versions: 1.8.0
> Reporter: Ganesh Murthy
> Assignee: Ganesh Murthy
> Priority: Major
> Fix For: 1.9.0
>
>
> {noformat}
> Please find the latest report on new defect(s) introduced to Apache Qpid
> dispatch-router found with Coverity Scan.
> 18 new defect(s) introduced to Apache Qpid dispatch-router found with
> Coverity Scan.
> 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> recent build analyzed by Coverity Scan.
> New defect(s) Reported-by: Coverity Scan
> Showing 18 of 18 defect(s)
> ** CID 344879: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344879: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c:
> 193 in qdra_config_address_get_first_CT()
> 187 qdr_agent_write_config_address_CT(query, addr);
> 188
> 189 //
> 190 // Advance to the next address
> 191 //
> 192 query->next_offset = offset;
> >>> CID 344879: (FORWARD_NULL)
> >>> Passing null pointer "addr" to
> >>>"qdr_manage_advance_config_address_CT", which dereferences it.
> 193 qdr_manage_advance_config_address_CT(query, addr);
> 194
> 195 //
> 196 // Enqueue the response.
> 197 //
> 198 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c:
> 187 in qdra_config_address_get_first_CT()
> 181 addr = DEQ_NEXT(addr);
> 182 assert(addr);
> 183
> 184 //
> 185 // Write the columns of the object into the response body.
> 186 //
> >>> CID 344879: (FORWARD_NULL)
> >>> Passing null pointer "addr" to "qdr_agent_write_config_address_CT",
> >>>which dereferences it.
> 187 qdr_agent_write_config_address_CT(query, addr);
> 188
> 189 //
> 190 // Advance to the next address
> 191 //
> 192 query->next_offset = offset;
> ** CID 344878: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344878: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in
> callback_metrics()
> 552 stats->headers_sent = true;
> 553 }
> 554
> 555 while (stats->current < metrics_length) {
> 556 if (write_metric(&position, end,
> &metrics[stats->current], &stats->context->stats)) {
> 557 stats->current++;
> >>> CID 344878: API usage errors (PRINTF_ARGS)
> >>> Argument "stats->current" to format specifier "%i" was expected to
> >>>have type "int" but has type "unsigned long".
> 558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of
> %i", stats->current, metrics_length);
> 559 } else {
> 560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in
> buffer");
> 561 break;
> 562 }
> 563 }
> ** CID 344877: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344877: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in
> callback_metrics()
> 552 stats->headers_sent = true;
> 553 }
> 554
> 555 while (stats->current < metrics_length) {
> 556 if (write_metric(&position, end,
> &metrics[stats->current], &stats->context->stats)) {
> 557 stats->current++;
> >>> CID 344877: API usage errors (PRINTF_ARGS)
> >>> Argument "metrics_length" to format specifier "%i" was expected to
> >>>have type "int" but has type "unsigned long".
> 558 qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of
> %i", stats->current, metrics_length);
> 559 } else {
> 560 qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in
> buffer");
> 561 break;
> 562 }
> 563 }
> ** CID 344876: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c:
> 331 in qdra_conn_link_route_get_first_CT()
> ________________________________________________________________________________________________________
> *** CID 344876: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c:
> 329 in qdra_conn_link_route_get_first_CT()
> 323 //
> 324 qdr_link_route_t *lr = DEQ_HEAD(conn->conn_link_routes);
> 325 for (int i = 0; i < offset && lr; i++)
> 326 lr = DEQ_NEXT(lr);
> 327 assert(lr);
> 328 // write the lr into the response and advance to next
> >>> CID 344876: (FORWARD_NULL)
> >>> Passing null pointer "lr" to "_write_as_list_CT", which dereferences
> >>>it.
> 329 _write_as_list_CT(query, lr);
> 330 query->next_offset = offset + 1;
> 331 query->more = DEQ_NEXT(lr) != NULL;
> 332 }
> 333 qdr_agent_enqueue_response_CT(core, query);
> 334 }
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c:
> 331 in qdra_conn_link_route_get_first_CT()
> 325 for (int i = 0; i < offset && lr; i++)
> 326 lr = DEQ_NEXT(lr);
> 327 assert(lr);
> 328 // write the lr into the response and advance to next
> 329 _write_as_list_CT(query, lr);
> 330 query->next_offset = offset + 1;
> >>> CID 344876: (FORWARD_NULL)
> >>> Dereferencing null pointer "lr".
> 331 query->more = DEQ_NEXT(lr) != NULL;
> 332 }
> 333 qdr_agent_enqueue_response_CT(core, query);
> 334 }
> 335
> 336
> ** CID 344875: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344875: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/policy.c: 1294 in
> qd_policy_host_pattern_add()
> 1288 assert (recovered);
> 1289 (void)recovered; /* Silence compiler complaints of
> unused variable */
> 1290 }
> 1291 sys_mutex_unlock(policy->tree_lock);
> 1292 if (oldp) {
> 1293 free(payload);
> >>> CID 344875: API usage errors (PRINTF_ARGS)
> >>> Argument "oldp" to format specifier "%s" was expected to have type
> >>>"char *" but has type "void *".
> 1294 qd_log(policy->log_source,
> 1295 QD_LOG_WARNING,
> 1296 "vhost hostname pattern '%s' failed to replace optimized
> pattern '%s'",
> 1297 hostPattern, oldp);
> 1298 }
> 1299 return oldp == 0;
> ** CID 344874: Memory - corruptions (OVERLAPPING_COPY)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in
> set_rhost_port()
> ________________________________________________________________________________________________________
> *** CID 344874: Memory - corruptions (OVERLAPPING_COPY)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in
> set_rhost_port()
> 589 if (sa && salen) {
> 590 char rport[NI_MAXSERV] = "";
> 591 int err = getnameinfo(sa, salen,
> 592 ctx->rhost, sizeof(ctx->rhost), rport,
> sizeof(rport),
> 593 NI_NUMERICHOST | NI_NUMERICSERV);
> 594 if (!err) {
> >>> CID 344874: Memory - corruptions (OVERLAPPING_COPY)
> >>> In the call to function "snprintf", the object pointed to by argument
> >>>"ctx->rhost" may overlap with the object pointed to by argument
> >>>"ctx->rhost_port".
> 595 snprintf(ctx->rhost_port, sizeof(ctx->rhost_port),
> "%s:%s", ctx->rhost, rport);
> 596 }
> 597 }
> 598 }
> 599
> 600
> ** CID 344873: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344873: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c:
> 222 in qdra_config_link_route_get_first_CT()
> 216 qdr_agent_write_config_link_route_CT(query, lr);
> 217
> 218 //
> 219 // Advance to the next link_route
> 220 //
> 221 query->next_offset = offset;
> >>> CID 344873: (FORWARD_NULL)
> >>> Passing null pointer "lr" to
> >>>"qdr_manage_advance_config_link_route_CT", which dereferences it.
> 222 qdr_manage_advance_config_link_route_CT(query, lr);
> 223
> 224 //
> 225 // Enqueue the response.
> 226 //
> 227 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c:
> 216 in qdra_config_link_route_get_first_CT()
> 210 lr = DEQ_NEXT(lr);
> 211 assert(lr);
> 212
> 213 //
> 214 // Write the columns of the object into the response body.
> 215 //
> >>> CID 344873: (FORWARD_NULL)
> >>> Passing null pointer "lr" to "qdr_agent_write_config_link_route_CT",
> >>>which dereferences it.
> 216 qdr_agent_write_config_link_route_CT(query, lr);
> 217
> 218 //
> 219 // Advance to the next link_route
> 220 //
> 221 query->next_offset = offset;
> ** CID 344872: Null pointer dereferences (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344872: Null pointer dereferences (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_address.c:
> 301 in qdra_address_get_first_CT()
> 295 qdr_manage_write_address_list_CT(core, query, addr);
> 296
> 297 //
> 298 // Advance to the next address
> 299 //
> 300 query->next_offset = offset;
> >>> CID 344872: Null pointer dereferences (FORWARD_NULL)
> >>> Passing null pointer "addr" to "qdr_manage_advance_address_CT", which
> >>>dereferences it.
> 301 qdr_manage_advance_address_CT(query, addr);
> 302
> 303 //
> 304 // Enqueue the response.
> 305 //
> 306 qdr_agent_enqueue_response_CT(core, query);
> ** CID 344871: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344871: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c:
> 229 in qdra_config_auto_link_get_first_CT()
> 223 qdr_agent_write_config_auto_link_CT(query, al);
> 224
> 225 //
> 226 // Advance to the next auto_link
> 227 //
> 228 query->next_offset = offset;
> >>> CID 344871: (FORWARD_NULL)
> >>> Passing null pointer "al" to
> >>>"qdr_manage_advance_config_auto_link_CT", which dereferences it.
> 229 qdr_manage_advance_config_auto_link_CT(query, al);
> 230
> 231 //
> 232 // Enqueue the response.
> 233 //
> 234 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c:
> 223 in qdra_config_auto_link_get_first_CT()
> 217 al = DEQ_NEXT(al);
> 218 assert(al);
> 219
> 220 //
> 221 // Write the columns of the object into the response body.
> 222 //
> >>> CID 344871: (FORWARD_NULL)
> >>> Passing null pointer "al" to "qdr_agent_write_config_auto_link_CT",
> >>>which dereferences it.
> 223 qdr_agent_write_config_auto_link_CT(query, al);
> 224
> 225 //
> 226 // Advance to the next auto_link
> 227 //
> 228 query->next_offset = offset;
> ** CID 344870: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344870: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 327
> in qdra_link_get_first_CT()
> 321 qdr_agent_write_link_CT(core, query, link);
> 322
> 323 //
> 324 // Advance to the next address
> 325 //
> 326 query->next_offset = offset;
> >>> CID 344870: (FORWARD_NULL)
> >>> Passing null pointer "link" to "qdr_manage_advance_link_CT", which
> >>>dereferences it.
> 327 qdr_manage_advance_link_CT(query, link);
> 328
> 329 //
> 330 // Enqueue the response.
> 331 //
> 332 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 321
> in qdra_link_get_first_CT()
> 315 link = DEQ_NEXT(link);
> 316 assert(link);
> 317
> 318 //
> 319 // Write the columns of the link into the response body.
> 320 //
> >>> CID 344870: (FORWARD_NULL)
> >>> Passing null pointer "link" to "qdr_agent_write_link_CT", which
> >>>dereferences it.
> 321 qdr_agent_write_link_CT(core, query, link);
> 322
> 323 //
> 324 // Advance to the next address
> 325 //
> 326 query->next_offset = offset;
> ** CID 344869: (FORWARD_NULL)
> ________________________________________________________________________________________________________
> *** CID 344869: (FORWARD_NULL)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c:
> 337 in qdra_connection_get_first_CT()
> 331 qdr_agent_write_connection_CT(core, query, conn);
> 332
> 333 //
> 334 // Advance to the next connection
> 335 //
> 336 query->next_offset = offset;
> >>> CID 344869: (FORWARD_NULL)
> >>> Passing null pointer "conn" to "qdr_manage_advance_connection_CT",
> >>>which dereferences it.
> 337 qdr_manage_advance_connection_CT(query, conn);
> 338
> 339 //
> 340 // Enqueue the response.
> 341 //
> 342 qdr_agent_enqueue_response_CT(core, query);
> /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c:
> 331 in qdra_connection_get_first_CT()
> 325 conn = DEQ_NEXT(conn);
> 326 assert(conn);
> 327
> 328 //
> 329 // Write the columns of the object into the response body.
> 330 //
> >>> CID 344869: (FORWARD_NULL)
> >>> Passing null pointer "conn" to "qdr_agent_write_connection_CT", which
> >>>dereferences it.
> 331 qdr_agent_write_connection_CT(core, query, conn);
> 332
> 333 //
> 334 // Advance to the next connection
> 335 //
> 336 query->next_offset = offset;
> ** CID 344868: Insecure data handling (TAINTED_SCALAR)
> ________________________________________________________________________________________________________
> *** CID 344868: Insecure data handling (TAINTED_SCALAR)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/connection_manager.c: 556 in
> qd_dispatch_configure_ssl_profile()
> 550 ssl_profile->ssl_uid_format =
> qd_entity_opt_string(entity, "uidFormat", 0); CHECK();
> 551 ssl_profile->uid_name_mapping_file =
> qd_entity_opt_string(entity, "uidNameMappingFile", 0); CHECK();
> 552
> 553 //
> 554 // Process the password to handle any modifications or lookups
> needed
> 555 //
> >>> CID 344868: Insecure data handling (TAINTED_SCALAR)
> >>> Passing tainted variable "ssl_profile->ssl_password" to a tainted
> >>>sink.
> 556 qd_config_ssl_profile_process_password(ssl_profile); CHECK();
> 557
> 558 qd_log(cm->log_source, QD_LOG_INFO, "Created SSL Profile with
> name %s ", ssl_profile->name);
> 559 return ssl_profile;
> 560
> 561 error:
> ** CID 344867: API usage errors (PRINTF_ARGS)
> ________________________________________________________________________________________________________
> *** CID 344867: API usage errors (PRINTF_ARGS)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 61 in
> logger()
> 55 static void logger(int lll, const char *line) {
> 56 if (strstr(line, IGNORED)) return;
> 57 size_t len = strlen(line);
> 58 while (len > 1 && isspace(line[len-1])) { /* Strip trailing
> newline */
> 59 --len;
> 60 }
> >>> CID 344867: API usage errors (PRINTF_ARGS)
> >>> Precision argument "len" to format specifier "%.*s" was expected to
> >>>have type "int" but has type "unsigned long".
> 61 qd_log(http_log, qd_level(lll), "%.*s", len, line);
> 62 }
> 63
> 64 static void log_init() {
> 65 http_log = qd_log_source("HTTP");
> 66 int levels = 0;
> ** CID 344866: Control flow issues (DEADCODE)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in
> qd_parse_annotations_v1()
> ________________________________________________________________________________________________________
> *** CID 344866: Control flow issues (DEADCODE)
> /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in
> qd_parse_annotations_v1()
> 826 case QD_MAE_TO:
> 827 *ma_to_override = val_field;
> 828 break;
> 829 case QD_MAE_PHASE:
> 830 *ma_phase = val_field;
> 831 break;
> >>> CID 344866: Control flow issues (DEADCODE)
> >>> Execution cannot reach this statement: "case QD_MAE_NONE:".
> 832 case QD_MAE_NONE:
> 833 assert(false);
> 834 break;
> 835 }
> 836
> 837 qd_iterator_free(val_iter);
> ** CID 336747: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in
> test_send_to_messenger()
> ________________________________________________________________________________________________________
> *** CID 336747: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in
> test_send_to_messenger()
> 75 static char* test_send_to_messenger(void *context)
> 76 {
> 77 qd_message_t *msg = qd_message();
> 78 qd_message_content_t *content = MSG_CONTENT(msg);
> 79 qd_message_compose_1(msg, "test_addr_0", 0);
> 80 qd_buffer_t *buf = DEQ_HEAD(content->buffers);
> >>> CID 336747: Resource leaks (RESOURCE_LEAK)
> >>> Variable "msg" going out of scope leaks the storage it points to.
> 81 if (buf == 0) return "Expected a buffer in the test message";
> 82
> 83 pn_message_t *pn_msg = pn_message();
> 84 size_t len = flatten_bufs(content);
> 85 int result = pn_message_decode(pn_msg, buffer, len);
> 86 if (result != 0) {
> ** CID 336746: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in
> test_send_message_annotations()
> ________________________________________________________________________________________________________
> *** CID 336746: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in
> test_send_message_annotations()
> 335 if (result != 0) {
> 336 qd_message_free(msg);
> 337 return "Error in pn_message_decode";
> 338 }
> 339
> 340 pn_data_t *ma = pn_message_annotations(pn_msg);
> >>> CID 336746: Resource leaks (RESOURCE_LEAK)
> >>> Variable "msg" going out of scope leaks the storage it points to.
> 341 if (!ma) return "Missing message annotations";
> 342 pn_data_rewind(ma);
> 343 pn_data_next(ma);
> 344 if (pn_data_type(ma) != PN_MAP) return "Invalid message
> annotation type";
> 345 if (pn_data_get_map(ma) != QD_MA_N_KEYS * 2) return "Invalid map
> length";
> 346 pn_data_enter(ma);
> ** CID 142248: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in
> test_map()
> ________________________________________________________________________________________________________
> *** CID 142248: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in
> test_map()
> 296 qd_iterator_t *key_iter = qd_parse_raw(key_field);
> 297 qd_iterator_t *typed_iter = qd_parse_typed(key_field);
> 298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) {
> 299 unsigned char *result = qd_iterator_copy(key_iter);
> 300 snprintf(error, 1000, "First key: expected 'first', got
> '%s'", result);
> 301 free (result);
> >>> CID 142248: Resource leaks (RESOURCE_LEAK)
> >>> Variable "field" going out of scope leaks the storage it points to.
> 302 return error;
> 303 }
> 304
> 305 if (!qd_iterator_equal(typed_iter, (unsigned char*)
> "\xa3\x05\x66irst"))
> 306 return "Incorrect typed iterator on first-key";
> 307
> ** CID 142246: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in
> test_map()
> ________________________________________________________________________________________________________
> *** CID 142246: Resource leaks (RESOURCE_LEAK)
> /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in
> test_map()
> 296 qd_iterator_t *key_iter = qd_parse_raw(key_field);
> 297 qd_iterator_t *typed_iter = qd_parse_typed(key_field);
> 298 if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) {
> 299 unsigned char *result = qd_iterator_copy(key_iter);
> 300 snprintf(error, 1000, "First key: expected 'first', got
> '%s'", result);
> 301 free (result);
> >>> CID 142246: Resource leaks (RESOURCE_LEAK)
> >>> Variable "data_iter" going out of scope leaks the storage it points
> >>>to.
> 302 return error;
> 303 }
> 304
> 305 if (!qd_iterator_equal(typed_iter, (unsigned char*)
> "\xa3\x05\x66irst"))
> 306 return "Incorrect typed iterator on first-key";
> 307
> \
>
>
>
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
