[ 
https://issues.apache.org/jira/browse/ZOOKEEPER-310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mahadev konar updated ZOOKEEPER-310:
------------------------------------

    Fix Version/s:     (was: 3.3.0)
                   3.4.0

moving this to 3.4 since its not a blocker....

> Coverity report on issues in C client code
> ------------------------------------------
>
>                 Key: ZOOKEEPER-310
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-310
>             Project: Zookeeper
>          Issue Type: Bug
>          Components: c client
>    Affects Versions: 3.1.0
>            Reporter: Patrick Hunt
>            Assignee: Mahadev konar
>            Priority: Minor
>             Fix For: 3.4.0
>
>
> Coverity found the following issues in the c code thatwe should look 
> at/resolve:
> 1) zookeeper.c
> Event unterminated_case: This case (value 0) is not terminated by a 'break' 
> statement.
> 717           case 0:
> 718               errno = EHOSTDOWN;
> Event fallthrough: The above case falls through to this one.
> 719           case -1:
> Event unterminated_case: This case (value 0) is not terminated by a 'break' 
> statement.
> 739           case 0:
> 740               errno = EHOSTDOWN;
> Event fallthrough: The above case falls through to this one.
> 741           case -1:
> Event negative_return_fn: Called negative-returning function "socket(2, 1, 0)"
> Event var_assign: NEGATIVE return value of "socket" assigned to signed 
> variable "zh->fd"
> 1099              zh->fd = socket(PF_INET, SOCK_STREAM, 0);
> Event negative_returns: Tracked variable "zh->fd" was passed to a negative 
> sink.
> 1100              setsockopt(zh->fd, IPPROTO_TCP, TCP_NODELAY, &on, 
> sizeof(int));
> Event deref_ptr: Directly dereferenced pointer "cptr->buffer"
> 1308      cptr->buffer->curr_offset = get_buffer_len(oa);
> Event check_after_deref: Pointer "cptr->buffer" dereferenced before NULL check
> 1309      if (!cptr->buffer) {
> cli.c
> Event returned_null: Function "strchr" returned NULL value (checked 4 out of 
> 5 times)
> Event var_assigned: Variable "ptr" assigned to NULL return value from "strchr"
> 532                   char *ptr = strchr(buffer, '\n');
> Event dereference: Dereferencing NULL value "ptr" 
> recordio.c
> Event alloc_fn: Called allocation function "malloc"
> Event var_assign: Assigned variable "buff" to storage returned from 
> "malloc(12U)"
> 284       struct buff_struct *buff = malloc(sizeof(struct buff_struct));
> Event leaked_storage: Variable "buff" goes out of scope
> At conditional (1): "!(ia != NULL)" taking true path 
> 285       if (!ia) return 0;
> Event alloc_fn: Called allocation function "malloc"
> Event var_assign: Assigned variable "buff" to storage returned from 
> "malloc(12U)"
> 301       struct buff_struct *buff = malloc(sizeof(struct buff_struct));
> Event leaked_storage: Variable "buff" goes out of scope
> At conditional (1): "!(oa != NULL)" taking true path
> 302       if (!oa) return 0;

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to