Uploaded image for project: 'Qpid Dispatch'
  1. Qpid Dispatch
  2. DISPATCH-1292

Coverity issues on master branch

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.0
    • Fix Version/s: 1.6.0
    • Component/s: Container
    • Labels:
      None

      Description

      10 of 17,133
      New Defects reported by Coverity Scan for Apache Qpid dispatch-router
      Inbox
      	x
      scan-admin@coverity.com
      	
      12:31 AM (7 hours ago)
      	
      to me
      Hi,
      
      Please find the latest report on new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
      
      11 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
      55 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
      
      New defect(s) Reported-by: Coverity Scan
      Showing 11 of 11 defect(s)
      
      
      ** CID 336749:  Control flow issues  (MISSING_BREAK)
      /home/gmurthy/opensource/qpid-dispatch/src/server.c: 909 in handle()
      
      
      ________________________________________________________________________________________________________
      *** CID 336749:  Control flow issues  (MISSING_BREAK)
      /home/gmurthy/opensource/qpid-dispatch/src/server.c: 909 in handle()
      903             qdr_handle_authentication_service_connection_event(e);
      904             return true;
      905         }
      906     
      907         switch (pn_event_type(e)) {
      908     
      >>>     CID 336749:  Control flow issues  (MISSING_BREAK)
      >>>     The case for value "PN_PROACTOR_INTERRUPT" is not terminated by a 'break' statement.
      909         case PN_PROACTOR_INTERRUPT:
      910             if (qd_server->stopping) {
      911                 /* Interrupt the next thread */
      912                 pn_proactor_interrupt(qd_server->proactor);
      913                 /* Stop the current thread */
      914                 return false;
      
      ** CID 336748:  Resource leaks  (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/src/router_node.c: 567 in AMQP_rx_handler()
      
      
      ________________________________________________________________________________________________________
      *** CID 336748:  Resource leaks  (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/src/router_node.c: 567 in AMQP_rx_handler()
      561                     qd_log(router->log_source, QD_LOG_DEBUG, "Message rejected due to policy violation on target. User:%s", conn->user_id);
      562                     pn_link_flow(pn_link, 1);
      563                     pn_delivery_update(pnd, PN_REJECTED);
      564                     pn_delivery_settle(pnd);
      565                     qd_message_free(msg);
      566                     qd_iterator_free(addr_iter);
      >>>     CID 336748:  Resource leaks  (RESOURCE_LEAK)
      >>>     Variable "link_exclusions" going out of scope leaks the storage it points to.
      567                     return next_delivery;
      568                 }
      569             }
      570         } else {
      571             //
      572             // This is a targeted link, not anonymous.
      
      ** CID 336747:    (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
      /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 86 in test_send_to_messenger()
      
      
      ________________________________________________________________________________________________________
      *** CID 336747:    (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
      75     static char* test_send_to_messenger(void *context)
      76     {
      77         qd_message_t         *msg     = qd_message();
      78         qd_message_content_t *content = MSG_CONTENT(msg);
      79         qd_message_compose_1(msg, "test_addr_0", 0);
      80         qd_buffer_t *buf = DEQ_HEAD(content->buffers);
      >>>     CID 336747:    (RESOURCE_LEAK)
      >>>     Variable "msg" going out of scope leaks the storage it points to.
      81         if (buf == 0) return "Expected a buffer in the test message";
      82     
      83         pn_message_t *pn_msg = pn_message();
      84         size_t len = flatten_bufs(content);
      85         int result = pn_message_decode(pn_msg, buffer, len);
      86         if (result != 0) return "Error in pn_message_decode";
      /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 86 in test_send_to_messenger()
      80         qd_buffer_t *buf = DEQ_HEAD(content->buffers);
      81         if (buf == 0) return "Expected a buffer in the test message";
      82     
      83         pn_message_t *pn_msg = pn_message();
      84         size_t len = flatten_bufs(content);
      85         int result = pn_message_decode(pn_msg, buffer, len);
      >>>     CID 336747:    (RESOURCE_LEAK)
      >>>     Variable "msg" going out of scope leaks the storage it points to.
      86         if (result != 0) return "Error in pn_message_decode";
      87     
      88         if (strcmp(pn_message_get_address(pn_msg), "test_addr_0") != 0)
      89             return "Address mismatch in received message";
      90     
      91         pn_message_free(pn_msg);
      
      ** CID 336746:    (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 320 in test_send_message_annotations()
      /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 325 in test_send_message_annotations()
      
      
      ________________________________________________________________________________________________________
      *** CID 336746:    (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 320 in test_send_message_annotations()
      314         qd_composed_field_t *ingress = qd_compose_subfield(0);
      315         qd_compose_insert_string(ingress, "distress");
      316         qd_message_set_ingress_annotation(msg, ingress);
      317     
      318         qd_message_compose_1(msg, "test_addr_0", 0);
      319         qd_buffer_t *buf = DEQ_HEAD(content->buffers);
      >>>     CID 336746:    (RESOURCE_LEAK)
      >>>     Variable "msg" going out of scope leaks the storage it points to.
      320         if (buf == 0) return "Expected a buffer in the test message";
      321     
      322         pn_message_t *pn_msg = pn_message();
      323         size_t len = flatten_bufs(content);
      324         int result = pn_message_decode(pn_msg, buffer, len);
      325         if (result != 0) return "Error in pn_message_decode";
      /home/gmurthy/opensource/qpid-dispatch/tests/message_test.c: 325 in test_send_message_annotations()
      319         qd_buffer_t *buf = DEQ_HEAD(content->buffers);
      320         if (buf == 0) return "Expected a buffer in the test message";
      321     
      322         pn_message_t *pn_msg = pn_message();
      323         size_t len = flatten_bufs(content);
      324         int result = pn_message_decode(pn_msg, buffer, len);
      >>>     CID 336746:    (RESOURCE_LEAK)
      >>>     Variable "msg" going out of scope leaks the storage it points to.
      325         if (result != 0) return "Error in pn_message_decode";
      326     
      327         pn_data_t *ma = pn_message_annotations(pn_msg);
      328         if (!ma) return "Missing message annotations";
      329         pn_data_rewind(ma);
      330         pn_data_next(ma);
      
      ** CID 336745:  Resource leaks  (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in test_compose_subfields()
      
      
      ________________________________________________________________________________________________________
      *** CID 336745:  Resource leaks  (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in test_compose_subfields()
      353         qd_compose_insert_string(sub3, "Key2");
      354     
      355         //
      356         qd_composed_field_t *field = qd_compose(QD_PERFORMATIVE_MESSAGE_ANNOTATIONS, 0);
      357         qd_compose_start_map(field);
      358         qd_compose_insert_buffers(field, &sub1->buffers);
      >>>     CID 336745:  Resource leaks  (RESOURCE_LEAK)
      >>>     Variable "sub3" going out of scope leaks the storage it points to.
      359         if (!DEQ_IS_EMPTY(sub1->buffers)) return "Buffer chain ownership not transferred!";
      360         qd_compose_free(sub1);
      361         qd_compose_insert_buffers(field, &sub2->buffers);
      362         qd_compose_free(sub2);
      363     
      364         qd_compose_insert_buffers(field, &sub3->buffers);
      
      ** CID 336744:    (DC.WEAK_CRYPTO)
      /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 26 in qd_generate_discriminator()
      /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 27 in qd_generate_discriminator()
      /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 28 in qd_generate_discriminator()
      
      
      ________________________________________________________________________________________________________
      *** CID 336744:    (DC.WEAK_CRYPTO)
      /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 26 in qd_generate_discriminator()
      20     #include <qpid/dispatch/discriminator.h>
      21     #include <stdlib.h>
      22     
      23     void qd_generate_discriminator(char *string)
      24     {
      25         static const char *table = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_";
      >>>     CID 336744:    (DC.WEAK_CRYPTO)
      >>>     "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
      26         long int rnd1 = random();
      27         long int rnd2 = random();
      28         long int rnd3 = random();
      29         int      idx;
      30         int      cursor = 0;
      31     
      /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 27 in qd_generate_discriminator()
      21     #include <stdlib.h>
      22     
      23     void qd_generate_discriminator(char *string)
      24     {
      25         static const char *table = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_";
      26         long int rnd1 = random();
      >>>     CID 336744:    (DC.WEAK_CRYPTO)
      >>>     "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
      27         long int rnd2 = random();
      28         long int rnd3 = random();
      29         int      idx;
      30         int      cursor = 0;
      31     
      32         for (idx = 0; idx < 5; idx++) {
      /home/gmurthy/opensource/qpid-dispatch/src/discriminator.c: 28 in qd_generate_discriminator()
      22     
      23     void qd_generate_discriminator(char *string)
      24     {
      25         static const char *table = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+_";
      26         long int rnd1 = random();
      27         long int rnd2 = random();
      >>>     CID 336744:    (DC.WEAK_CRYPTO)
      >>>     "random" should not be used for security related applications, as linear congruential algorithms are too easy to break.
      28         long int rnd3 = random();
      29         int      idx;
      30         int      cursor = 0;
      31     
      32         for (idx = 0; idx < 5; idx++) {
      33             string[cursor++] = table[(rnd1 >> (idx * 6)) & 63];
      
      ** CID 336743:  Resource leaks  (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in test_compose_subfields()
      
      
      ________________________________________________________________________________________________________
      *** CID 336743:  Resource leaks  (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/tests/compose_test.c: 359 in test_compose_subfields()
      353         qd_compose_insert_string(sub3, "Key2");
      354     
      355         //
      356         qd_composed_field_t *field = qd_compose(QD_PERFORMATIVE_MESSAGE_ANNOTATIONS, 0);
      357         qd_compose_start_map(field);
      358         qd_compose_insert_buffers(field, &sub1->buffers);
      >>>     CID 336743:  Resource leaks  (RESOURCE_LEAK)
      >>>     Variable "sub2" going out of scope leaks the storage it points to.
      359         if (!DEQ_IS_EMPTY(sub1->buffers)) return "Buffer chain ownership not transferred!";
      360         qd_compose_free(sub1);
      361         qd_compose_insert_buffers(field, &sub2->buffers);
      362         qd_compose_free(sub2);
      363     
      364         qd_compose_insert_buffers(field, &sub3->buffers);
      
      ** CID 336742:  Null pointer dereferences  (REVERSE_INULL)
      /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_addr_tracking/edge_addr_tracking.c: 341 in on_link_event()
      
      
      ________________________________________________________________________________________________________
      *** CID 336742:  Null pointer dereferences  (REVERSE_INULL)
      /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_addr_tracking/edge_addr_tracking.c: 341 in on_link_event()
      335                 if (addr && qdr_address_is_mobile_CT(addr) && DEQ_SIZE(addr->subscriptions) == 0 && link->link_direction == QD_INCOMING) {
      336                     qdr_addr_endpoint_state_t *endpoint_state = qdrc_get_endpoint_state_for_connection(mc->endpoint_state_list, link->conn);
      337                     assert(endpoint_state);
      338                     assert(link->edge_context == 0);
      339                     link->edge_context = endpoint_state;
      340                     endpoint_state->ref_count++;
      >>>     CID 336742:  Null pointer dereferences  (REVERSE_INULL)
      >>>     Null-checking "endpoint_state" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
      341                     if (qdrc_can_send_address(addr, link->conn) && endpoint_state) {
      342                         qdrc_send_message(mc->core, addr, endpoint_state->endpoint, true);
      343                     }
      344                 }
      345                 break;
      346             }
      
      ** CID 336741:  Resource leaks  (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/router/src/main.c: 192 in daemon_process()
      
      
      ________________________________________________________________________________________________________
      *** CID 336741:  Resource leaks  (RESOURCE_LEAK)
      /home/gmurthy/opensource/qpid-dispatch/router/src/main.c: 192 in daemon_process()
      186                 if (strncmp("/", config_path, 1)) {
      187                     char *cur_path = NULL;
      188                     size_t path_size = 256;
      189                     int getcwd_error = 0;
      190                     cur_path = (char *) calloc(path_size, sizeof(char));
      191     
      >>>     CID 336741:  Resource leaks  (RESOURCE_LEAK)
      >>>     Overwriting "cur_path" in "cur_path = getcwd(cur_path, path_size)" leaks the storage that "cur_path" points to.
      192                     while ((cur_path = getcwd(cur_path, path_size)) == NULL) {
      193                         free(cur_path);
      194                         if ( errno != ERANGE ) {
      195                             // If unable to get current directory
      196                             getcwd_error = 1;
      197                             break;
      
      ** CID 336740:  Security best practices violations  (STRING_OVERFLOW)
      /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_router/addr_proxy.c: 118 in set_waypoint_capability()
      
      
      ________________________________________________________________________________________________________
      *** CID 336740:  Security best practices violations  (STRING_OVERFLOW)
      /home/gmurthy/opensource/qpid-dispatch/src/router_core/modules/edge_router/addr_proxy.c: 118 in set_waypoint_capability()
      112         // In all remaining cases, the new links are acting as waypoints.
      113         //
      114         int ordinal = phase + (dir == QD_OUTGOING ? 0 : 1);
      115         char cap[16];
      116         char suffix[3];
      117     
      >>>     CID 336740:  Security best practices violations  (STRING_OVERFLOW)
      >>>     You might overrun the 16-character fixed-size string "cap" by copying "QD_CAPABILITY_WAYPOINT_DEFAULT" without checking the length.
      118         strcpy(cap, QD_CAPABILITY_WAYPOINT_DEFAULT);
      119         suffix[0] = '.';
      120         suffix[1] = '0' + ordinal;
      121         suffix[2] = '\0';
      122         strcat(cap, suffix);
      123         qdr_terminus_add_capability(term, cap);
      
      ** CID 336739:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
      /home/gmurthy/opensource/qpid-dispatch/src/router_core/core_events.c: 51 in qdrc_event_subscribe_CT()
      
      
      ________________________________________________________________________________________________________
      *** CID 336739:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
      /home/gmurthy/opensource/qpid-dispatch/src/router_core/core_events.c: 51 in qdrc_event_subscribe_CT()
      45         sub->context       = context;
      46         sub->events        = events;
      47         sub->on_conn_event = on_conn_event;
      48         sub->on_link_event = on_link_event;
      49         sub->on_addr_event = on_addr_event;
      50     
      >>>     CID 336739:  Integer handling issues  (CONSTANT_EXPRESSION_RESULT)
      >>>     "events & 0U /* !((0x3f | 0x3f00) | 0xfff0000) */" is always 0 regardless of the values of its operands. This occurs as a value.
      51         assert((events & !(_QDRC_EVENT_CONN_RANGE | _QDRC_EVENT_LINK_RANGE | _QDRC_EVENT_ADDR_RANGE)) == 0);
      52         assert(!(events & _QDRC_EVENT_CONN_RANGE) || on_conn_event);
      53         assert(!(events & _QDRC_EVENT_LINK_RANGE) || on_link_event);
      54         assert(!(events & _QDRC_EVENT_ADDR_RANGE) || on_addr_event);
      55     
      56         if (events & _QDRC_EVENT_CONN_RANGE)
      
      
      ________________________________________________________________________________________________________
      To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZSbhom32dlDl11LWEm9nX1-2FDm2ydKRp2jKIMEChnF9qYjWDV40qhnoFf9KqJJs5gJkRt3r-2Bll2jeD6T5JeFcgC_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKkvoS-2FuJVjgCuslzX1dwckJNC7zZIx1YhiEs45lNkv-2FJbkCiayCX8OOQy-2FsaHbaWWe2WidVwy7Ol1lHWtu-2FIQYOqyXS1KP10pikPG3AkmxqIH-2F7deyf8-2FTnTa-2Fl-2BQLbEh9AvC8YWxt6MQw6cAP-2Fi-2B4QnOJ-2F6VhEvoEVYwZwSgEWEQ-3D-3D
      
        To manage Coverity Scan email notifications for "gmurthy@redhat.com", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4GT7ZJULeBsdRIGSsmCGK3QgA2CDXnZgZ8-2FWGYmnExRLcco6O6snRtSPKudValmBAwINi3CN-2FlFC5he5SY5w858xo9A3QAFQJ4sopzS8nVgs-3D_ygEXfYGmow-2BVmzDwjZ-2FNe9kh2OIomE8gx57jSnhuvKkvoS-2FuJVjgCuslzX1dwckJ6tm91XSA9ozRLZ6acLz7F19Px-2BcrMfPkJddQQwCtyrNP-2BrRe1ySqLnjIS-2BCkRhnAJeuv0cAtW3OXqGc5JwSHA3r3XoyfjAFFU1C12CubZ2MwIWrfy7TEjEPIll42I3rSdWmRFRevVSluUSqMa-2FJhcQ-3D-3D
      
      
      
      	

        Attachments

          Activity

            People

            • Assignee:
              ganeshmurthy Ganesh Murthy
              Reporter:
              ganeshmurthy Ganesh Murthy
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: