-------- Original Message --------
Subject: New Defects reported by Coverity Scan for GlusterFS
Date: Fri, 17 Jan 2014 02:06:17 -0800
From: scan-ad...@coverity.com
Hi,
Please find the latest report on new defect(s) introduced to GlusterFS found
with Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 20 of 466 defect(s)
** CID 11205: Time of check time of use (TOCTOU)
/libglusterfs/src/common-utils.c: 90 in mkdir_p()
** CID 1124359: Unchecked return value (CHECKED_RETURN)
/xlators/protocol/client/src/client-rpc-fops.c: 2928 in client_fdctx_destroy()
/xlators/protocol/client/src/client-rpc-fops.c: 2937 in client_fdctx_destroy()
** CID 1124364: Unchecked return value from library (CHECKED_RETURN)
/xlators/storage/posix/src/posix.c: 1502 in posix_rmdir()
** CID 1124360: Unchecked return value (CHECKED_RETURN)
/xlators/performance/write-behind/src/write-behind.c: 1794 in wb_release()
** CID 1124362: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/afr/src/afr-self-heal-common.c: 2137 in afr_sh_entrylk()
** CID 1124358: Unchecked return value (CHECKED_RETURN)
/xlators/protocol/client/src/client.c: 2446 in client_init_grace_timer()
** CID 1124354: Unchecked return value from library (CHECKED_RETURN)
/xlators/storage/posix/src/posix-handle.c: 492 in posix_handle_init()
** CID 1124342: Free of array-typed value (BAD_FREE)
/xlators/cluster/afr/src/afr-self-heal-metadata.c: 438 in
afr_set_metadata_sh_info_str()
** CID 1124344: Free of array-typed value (BAD_FREE)
/xlators/mgmt/glusterd/src/glusterd-handler.c: 2571 in __glusterd_handle_mount()
** CID 1124343: Free of array-typed value (BAD_FREE)
/xlators/cluster/afr/src/afr-self-heal-data.c: 902 in afr_set_data_sh_info_str()
/xlators/cluster/afr/src/afr-self-heal-data.c: 906 in afr_set_data_sh_info_str()
** CID 1124341: Free of array-typed value (BAD_FREE)
/xlators/protocol/server/src/server-handshake.c: 164 in
getspec_build_volfile_path()
** CID 1124340: Free of array-typed value (BAD_FREE)
/glusterfsd/src/glusterfsd.c: 1406 in parse_cmdline()
** CID 1124353: Unchecked return value (CHECKED_RETURN)
/api/src/glfs-resolve.c: 447 in glfs_resolve_at()
** CID 1124352: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/dht/src/dht-shared.c: 533 in dht_init()
** CID 1124351: Unchecked return value from library (CHECKED_RETURN)
/xlators/features/changelog/lib/src/gf-changelog-process.c: 438 in
gf_changelog_decode()
** CID 1124348: Unchecked return value (CHECKED_RETURN)
/libglusterfs/src/timer.c: 213 in gf_timer_registry_init()
** CID 1124347: Unchecked return value from library (CHECKED_RETURN)
/libglusterfs/src/statedump.c: 804 in gf_proc_dump_info()
** CID 1059059: Unsigned compared against 0 (NO_EFFECT)
/xlators/performance/io-cache/src/io-cache.c: 1770 in init()
** CID 1124325: Value not atomically updated (ATOMICITY)
/xlators/performance/io-cache/src/io-cache.c: 1060 in ioc_dispatch_requests()
/xlators/performance/io-cache/src/io-cache.c: 1060 in ioc_dispatch_requests()
** CID 1124346: Truncated stdio return value (CHAR_IO)
/cli/src/cli-cmd-volume.c: 617 in cli_cmd_get_confirmation()
________________________________________________________________________________________________________
*** CID 11205: Time of check time of use (TOCTOU)
/libglusterfs/src/common-utils.c: 90 in mkdir_p()
84 i = (dir[0] == '/')? 1: 0;
85 do {
86 if (path[i] != '/' && path[i] != '\0')
87 continue;
88
89 dir[i] = '\0';
CID 11205: Time of check time of use (TOCTOU)
Calling function "mkdir(char const *, __mode_t)" that uses "dir" after a
check function. This can cause a time-of-check, time-of-use race condition.
90 ret = mkdir (dir, mode);
91 if (ret && errno != EEXIST) {
92 gf_log ("", GF_LOG_ERROR, "Failed due to reason
%s",
93 strerror (errno));
94 goto out;
95 }
________________________________________________________________________________________________________
*** CID 1124359: Unchecked return value (CHECKED_RETURN)
/xlators/protocol/client/src/client-rpc-fops.c: 2928 in client_fdctx_destroy()
2922 ret = 0;
2923
2924 if (fdctx->is_dir) {
2925 gfs3_releasedir_req req = {{0,},};
2926 req.fd = fdctx->remote_fd;
2927 gf_log (this->name, GF_LOG_TRACE, "sending releasedir on
fd");
CID 1124359: Unchecked return value (CHECKED_RETURN)
No check of the return value of "client_submit_request(this, &req, fr,
&clnt3_3_fop_prog, 42, client3_3_releasedir_cbk(struct rpc_req *, struct iovec *, int, void
*), NULL, NULL, 0, NULL, 0, NULL, (xdrproc_t)xdr_gfs3_releasedir_req(XDR *, gfs3_releasedir_req
*))".
2928 client_submit_request (this, &req, fr,
&clnt3_3_fop_prog,
2929 GFS3_OP_RELEASEDIR,
2930 client3_3_releasedir_cbk,
2931 NULL, NULL, 0, NULL, 0, NULL,
2932
(xdrproc_t)xdr_gfs3_releasedir_req);
2933 } else {
/xlators/protocol/client/src/client-rpc-fops.c: 2937 in client_fdctx_destroy()
2931 NULL, NULL, 0, NULL, 0, NULL,
2932
(xdrproc_t)xdr_gfs3_releasedir_req);
2933 } else {
2934 gfs3_release_req req = {{0,},};
2935 req.fd = fdctx->remote_fd;
2936 gf_log (this->name, GF_LOG_TRACE, "sending release on
fd");
CID 1124359: Unchecked return value (CHECKED_RETURN)
No check of the return value of "client_submit_request(this, &req, fr,
&clnt3_3_fop_prog, 41, client3_3_release_cbk(struct rpc_req *, struct iovec *, int, void *),
NULL, NULL, 0, NULL, 0, NULL, (xdrproc_t)xdr_gfs3_release_req(XDR *, gfs3_release_req *))".
2937 client_submit_request (this, &req, fr,
&clnt3_3_fop_prog,
2938 GFS3_OP_RELEASE,
2939 client3_3_release_cbk, NULL,
2940 NULL, 0, NULL, 0, NULL,
2941
(xdrproc_t)xdr_gfs3_release_req);
2942 }
________________________________________________________________________________________________________
*** CID 1124364: Unchecked return value from library (CHECKED_RETURN)
/xlators/storage/posix/src/posix.c: 1502 in posix_rmdir()
1496 if (flags) {
1497 gfid_str = uuid_utoa (stbuf.ia_gfid);
1498 char *tmp_path = alloca (strlen (priv->trash_path) +
1499 strlen ("/") +
1500 strlen (gfid_str) + 1);
1501
CID 1124364: Unchecked return value from library (CHECKED_RETURN)
No check of the return value of "mkdir(priv->trash_path, 493U)".
1502 mkdir (priv->trash_path, 0755);
1503 sprintf (tmp_path, "%s/%s", priv->trash_path,
gfid_str);
1504 op_ret = rename (real_path, tmp_path);
1505 } else {
1506 op_ret = rmdir (real_path);
1507 }
________________________________________________________________________________________________________
*** CID 1124360: Unchecked return value (CHECKED_RETURN)
/xlators/performance/write-behind/src/write-behind.c: 1794 in wb_release()
1788
1789 int
1790 wb_release (xlator_t *this, fd_t *fd)
1791 {
1792 uint64_t tmp = 0;
1793
CID 1124360: Unchecked return value (CHECKED_RETURN)
No check of the return value of "fd_ctx_del(fd, this, &tmp)".
1794 fd_ctx_del (fd, this, &tmp);
1795
1796 return 0;
1797 }
1798
1799
________________________________________________________________________________________________________
*** CID 1124362: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/afr/src/afr-self-heal-common.c: 2137 in afr_sh_entrylk()
2131 int_lock->lk_basename = base_name;
2132 int_lock->lk_loc = loc;
2133 int_lock->lock_cbk = lock_cbk;
2134 int_lock->domain = this->name;
2135
2136 int_lock->lockee_count = 0;
CID 1124362: Unchecked return value (CHECKED_RETURN)
No check of the return value of "afr_init_entry_lockee(&int_lock->lockee[0], local,
loc, base_name, priv->child_count)".
2137 afr_init_entry_lockee (&int_lock->lockee[0], local, loc,
2138 base_name, priv->child_count);
2139 int_lock->lockee_count++;
2140 afr_nonblocking_entrylk (frame, this);
2141
2142 return 0;
________________________________________________________________________________________________________
*** CID 1124358: Unchecked return value (CHECKED_RETURN)
/xlators/protocol/client/src/client.c: 2446 in client_init_grace_timer()
2440 GF_VALIDATE_OR_GOTO (this->name, conf, out);
2441
2442 conf->lk_heal = _gf_false;
2443
2444 ret = dict_get_str (options, "lk-heal", &lk_heal);
2445 if (!ret)
CID 1124358: Unchecked return value (CHECKED_RETURN)
No check of the return value of "gf_string2boolean(lk_heal,
&conf->lk_heal)".
2446 gf_string2boolean (lk_heal, &conf->lk_heal);
2447
2448 gf_log (this->name, GF_LOG_DEBUG, "lk-heal = %s",
2449 (conf->lk_heal) ? "on" : "off");
2450
2451 ret = dict_get_int32 (options, "grace-timeout",
&grace_timeout);
________________________________________________________________________________________________________
*** CID 1124354: Unchecked return value from library (CHECKED_RETURN)
/xlators/storage/posix/src/posix-handle.c: 492 in posix_handle_init()
486 }
487 break;
488 default:
489 break;
490 }
491
CID 1124354: Unchecked return value from library (CHECKED_RETURN)
No check of the return value of "stat(handle_pfx, &priv->handledir)".
492 stat (handle_pfx, &priv->handledir);
493
494 len = posix_handle_path (this, gfid, NULL, NULL, 0);
495 rootstr = alloca (len);
496 posix_handle_path (this, gfid, NULL, rootstr, len);
497
________________________________________________________________________________________________________
*** CID 1124342: Free of array-typed value (BAD_FREE)
/xlators/cluster/afr/src/afr-self-heal-metadata.c: 438 in
afr_set_metadata_sh_info_str()
432 priv = this->private;
433
434 pending_matrix_str = afr_get_pending_matrix_str
(sh->pending_matrix,
435 this);
436
437 if (!pending_matrix_str)
CID 1124342: Free of array-typed value (BAD_FREE)
Assigning: "pending_matrix_str" = """".
438 pending_matrix_str = "";
439
440 len += snprintf (num, sizeof (num), "%s", string_msg);
441
442 for (i = 0; i < priv->child_count; i++) {
443 if ((sh->source == i) && (local->child_up[i] == 1)) {
________________________________________________________________________________________________________
*** CID 1124344: Free of array-typed value (BAD_FREE)
/xlators/mgmt/glusterd/src/glusterd-handler.c: 2571 in __glusterd_handle_mount()
2565 rsp.op_ret = glusterd_do_mount (mnt_req.label, dict,
2566 &rsp.path, &rsp.op_errno);
2567 synclock_lock (&priv->big_lock);
2568
2569 out:
2570 if (!rsp.path)
CID 1124344: Free of array-typed value (BAD_FREE)
Assigning: "rsp.path" = """".
2571 rsp.path = "";
2572
2573 glusterd_submit_reply (req, &rsp, NULL, 0, NULL,
2574 (xdrproc_t)xdr_gf1_cli_mount_rsp);
2575 ret = 0;
2576
________________________________________________________________________________________________________
*** CID 1124343: Free of array-typed value (BAD_FREE)
/xlators/cluster/afr/src/afr-self-heal-data.c: 902 in afr_set_data_sh_info_str()
896
897 priv = this->private;
898
899 pending_matrix_str = afr_get_pending_matrix_str
(sh->pending_matrix,
900 this);
901 if (!pending_matrix_str)
CID 1124343: Free of array-typed value (BAD_FREE)
Assigning: "pending_matrix_str" = """".
902 pending_matrix_str = "";
903
904 sizes_str = afr_get_sizes_str (local, sh->buf, this);
905 if (!sizes_str)
906 sizes_str = "";
907
/xlators/cluster/afr/src/afr-self-heal-data.c: 906 in afr_set_data_sh_info_str()
900 this);
901 if (!pending_matrix_str)
902 pending_matrix_str = "";
903
904 sizes_str = afr_get_sizes_str (local, sh->buf, this);
905 if (!sizes_str)
CID 1124343: Free of array-typed value (BAD_FREE)
Assigning: "sizes_str" = """".
906 sizes_str = "";
907
908 sinks_str = afr_get_sinks_str (this, local, sh);
909 if (!sinks_str)
910 sinks_str = "";
911
________________________________________________________________________________________________________
*** CID 1124341: Free of array-typed value (BAD_FREE)
/xlators/protocol/server/src/server-handshake.c: 164 in
getspec_build_volfile_path()
158 if (-1 == ret)
159 goto out;
160
161 free_filename = 1;
162 }
163 if (!filename)
CID 1124341: Free of array-typed value (BAD_FREE)
Assigning: "filename" = ""/usr/local/etc/glusterfs/glusterfs.vol"".
164 filename = DEFAULT_VOLUME_FILE_PATH;
165
166 ret = -1;
167
168 if ((filename) && (path_len > strlen (filename))) {
169 strcpy (path, filename);
________________________________________________________________________________________________________
*** CID 1124340: Free of array-typed value (BAD_FREE)
/glusterfsd/src/glusterfsd.c: 1406 in parse_cmdline()
1400 cmd_args = &ctx->cmd_args;
1401
1402 argp_parse (&argp, argc, argv, ARGP_IN_ORDER, NULL, cmd_args);
1403
1404 if (ENABLE_DEBUG_MODE == cmd_args->debug_mode) {
1405 cmd_args->log_level = GF_LOG_DEBUG;
CID 1124340: Free of array-typed value (BAD_FREE)
Assigning: "cmd_args->log_file" = ""/dev/stderr"".
1406 cmd_args->log_file = "/dev/stderr";
1407 cmd_args->no_daemon_mode = ENABLE_NO_DAEMON_MODE;
1408 }
1409
1410 process_mode = gf_get_process_mode (argv[0]);
1411 ctx->process_mode = process_mode;
________________________________________________________________________________________________________
*** CID 1124353: Unchecked return value (CHECKED_RETURN)
/api/src/glfs-resolve.c: 447 in glfs_resolve_at()
441 uuid_copy (loc->gfid, inode->gfid);
442 if (iatt)
443 *iatt = ciatt;
444 ret = 0;
445 }
446
CID 1124353: Unchecked return value (CHECKED_RETURN)
No check of the return value of "glfs_loc_touchup(loc)".
447 glfs_loc_touchup (loc);
448 out:
449 GF_FREE (path);
450
451 /* do NOT loc_wipe here as only last component might be missing
*/
452
________________________________________________________________________________________________________
*** CID 1124352: Unchecked return value (CHECKED_RETURN)
/xlators/cluster/dht/src/dht-shared.c: 533 in dht_init()
527 }
528
529 conf->search_unhashed = GF_DHT_LOOKUP_UNHASHED_ON;
530 if (dict_get_str (this->options, "lookup-unhashed", &temp_str)
== 0) {
531 /* If option is not "auto", other options _should_ be
boolean */
532 if (strcasecmp (temp_str, "auto"))
CID 1124352: Unchecked return value (CHECKED_RETURN)
No check of the return value of "gf_string2boolean(temp_str,
&conf->search_unhashed)".
533 gf_string2boolean (temp_str,
&conf->search_unhashed);
534 else
535 conf->search_unhashed =
GF_DHT_LOOKUP_UNHASHED_AUTO;
536 }
537
538 GF_OPTION_INIT ("unhashed-sticky-bit",
conf->unhashed_sticky_bit, bool,
________________________________________________________________________________________________________
*** CID 1124351: Unchecked return value from library (CHECKED_RETURN)
/xlators/features/changelog/lib/src/gf-changelog-process.c: 438 in
gf_changelog_decode()
432 goto out;
433 }
434
435 /**
436 * start processing after the header
437 */
CID 1124351: Unchecked return value from library (CHECKED_RETURN)
No check of the return value of "lseek(from_fd, elen, 0)".
438 lseek (from_fd, elen, SEEK_SET);
439
440 switch (encoding) {
441 case CHANGELOG_ENCODE_BINARY:
442 /**
443 * this ideally should have been a part of
changelog-encoders.c
________________________________________________________________________________________________________
*** CID 1124348: Unchecked return value (CHECKED_RETURN)
/libglusterfs/src/timer.c: 213 in gf_timer_registry_init()
207 reg->active.next = ®->active;
208 reg->active.prev = ®->active;
209 reg->stale.next = ®->stale;
210 reg->stale.prev = ®->stale;
211
212 ctx->timer = reg;
CID 1124348: Unchecked return value (CHECKED_RETURN)
No check of the return value of "gf_thread_create(®->th, NULL,
gf_timer_proc(void *), ctx)".
213 gf_thread_create (®->th, NULL, gf_timer_proc, ctx);
214 }
215 out:
216 return ctx->timer;
________________________________________________________________________________________________________
*** CID 1124347: Unchecked return value from library (CHECKED_RETURN)
/libglusterfs/src/statedump.c: 804 in gf_proc_dump_info()
798 timestr);
799 ret = write (gf_dump_fd, sign_string, strlen (sign_string));
800
801 out:
802 if (gf_dump_fd != -1)
803 gf_proc_dump_close ();
CID 1124347: Unchecked return value from library (CHECKED_RETURN)
No check of the return value of "rename(tmp_dump_name, path)".
804 rename (tmp_dump_name, path);
805 GF_FREE (dump_options.dump_path);
806 dump_options.dump_path = NULL;
807 gf_proc_dump_unlock ();
808
809 return;
________________________________________________________________________________________________________
*** CID 1059059: Unsigned compared against 0 (NO_EFFECT)
/xlators/performance/io-cache/src/io-cache.c: 1770 in init()
1764 }
1765 }
1766 table->max_pri ++;
1767
1768 INIT_LIST_HEAD (&table->inodes);
1769
CID 1059059: Unsigned compared against 0 (NO_EFFECT)
This greater-than-or-equal-to-zero comparison of an unsigned value is always true.
"table->max_file_size >= 0UL".
1770 if ((table->max_file_size >= 0)
1771 && (table->min_file_size > table->max_file_size)) {
1772 gf_log ("io-cache", GF_LOG_ERROR, "minimum size (%"
1773 PRIu64") of a file that can be cached is "
1774 "greater than maximum size (%"PRIu64")",
1775 table->min_file_size, table->max_file_size);
________________________________________________________________________________________________________
*** CID 1124325: Value not atomically updated (ATOMICITY)
/xlators/performance/io-cache/src/io-cache.c: 1060 in ioc_dispatch_requests()
1054 "inode(%s) at offset=%"PRId64"",
1055 uuid_utoa (fd->inode->gfid),
trav_offset);
1056 ret = ioc_cache_validate (frame, ioc_inode,
fd, trav);
1057 if (ret == -1) {
1058 ioc_inode_lock (ioc_inode);
1059 {
CID 1124325: Value not atomically updated (ATOMICITY)
Using an unreliable value of "trav" inside the second locked section. If the data
that "trav" depends on was changed by another thread, this use might be incorrect.
1060 waitq = __ioc_page_wakeup
(trav,
1061
trav->op_errno);
1062 }
1063 ioc_inode_unlock (ioc_inode);
1064
1065 ioc_waitq_return (waitq);
/xlators/performance/io-cache/src/io-cache.c: 1060 in ioc_dispatch_requests()
1054 "inode(%s) at offset=%"PRId64"",
1055 uuid_utoa (fd->inode->gfid),
trav_offset);
1056 ret = ioc_cache_validate (frame, ioc_inode,
fd, trav);
1057 if (ret == -1) {
1058 ioc_inode_lock (ioc_inode);
1059 {
CID 1124325: Value not atomically updated (ATOMICITY)
Using an unreliable value of "trav" inside the second locked section. If the data
that "trav" depends on was changed by another thread, this use might be incorrect.
1060 waitq = __ioc_page_wakeup
(trav,
1061
trav->op_errno);
1062 }
1063 ioc_inode_unlock (ioc_inode);
1064
1065 ioc_waitq_return (waitq);
________________________________________________________________________________________________________
*** CID 1124346: Truncated stdio return value (CHAR_IO)
/cli/src/cli-cmd-volume.c: 617 in cli_cmd_get_confirmation()
611 len = strlen (answer);
612
613 if (len && answer [len - 1] == '\n'){
614 answer [--len] = '\0';
615 } else {
616 do{
CID 1124346: Truncated stdio return value (CHAR_IO)
Assigning the return value of "getchar(void)" to char "flush" truncates its
value.
617 flush = getchar ();
618 }while (flush != '\n');
619 }
620
621 if (len > 3)
622 goto out;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
http://scan.coverity.com/projects/987?tab=Overview
To unsubscribe from the email notification for new defects,
http://scan5.coverity.com/cgi-bin/unsubscribe.py
_______________________________________________
Gluster-devel mailing list
Gluster-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/gluster-devel
