Hi all, I ran into this mail below, which I think we shouldn't simply ignore. Sorry Vitezslav, for doing so for almost a year :-[
After a little svn digging, I found out that the problem in common/slp_predicate.c seems to have been introduced in a code clean-up by John: http://openslp.svn.sourceforge.net/viewvc/openslp/trunk/openslp/common/slp_predicate.c?r1=1494&r2=1493&pathrev=1494#l307 The problem in slpd/slpd_predicate.c seems to have been there since the introduction of the filterv1() function by Matthew: http://openslp.svn.sourceforge.net/viewvc/openslp/trunk/openslp/slpd/slpd_predicate.c?r1=1144&r2=1143&pathrev=1144#l1145 I haven't looked into what the code actually does, so I didn't fix these issues yet ;-) Anyone feeling like doing so? BR, Roel On 08/24/2011 02:41 PM, Vitezslav Crhonek wrote: > Hello, > > We found possible defects in source code during Coverity scan (static > analysis) of openslp-2.0.beta2. I'd like to discuss two of them. > > common/slp_predicate.c: > 301 case opaque: > 302 if (!memcmp((((char *) (a->val.opaqueVal)) + 4), > 303 (((char *)(b->val.opaqueVal)) + 4), > 304 SLP_MIN((*((int *)a->val.opaqueVal)), > 305 (*((int *)a->val.opaqueVal))))) > 306 ; > 307 return 1; > > The "if" statement is followed by an extra semicolon, which results in > "return 1" being called unconditionally. "memcmp" seems to be useless. > > slpd/slpd_predicate.c: > 1081 Operation op; > ... > 1110 op = EQUAL; > ... > 1132 /**** Do operation. *****/ > 1133 if (op == PRESENT) > 1134 { > 1135 /*** Since the PRESENT operation is the same for all > types, > 1136 do that now. ***/ > 1137 return FR_EVAL_TRUE; > 1138 } > 1139 else > > Code between lines 1134 and 1138 will never be executed, because "op" > variable is set to EQUAL (!= PRESENT). No pointer is set to "op" - > I see no way how to change the value between assignation and condition. > Is it intentional? > > Please let me know what do you think. I believe it should be fixed. > And if you are interested in whole Coverity log, I can send it to you on > demand. > > Best regards, > Vitezslav Crhonek > > ------------------------------------------------------------------------------ > EMC VNX: the world's simplest storage, starting under $10K > The only unified storage solution that offers unified management > Up to 160% more powerful than alternatives and 25% more efficient. > Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev > _______________________________________________ > Openslp-devel mailing list > Openslp-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openslp-devel ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Openslp-devel mailing list Openslp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openslp-devel
