Uploaded image for project: 'Qpid Dispatch'
  1. Qpid Dispatch
  2. DISPATCH-1387

Coverity issues on master branch

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.8.0
    • Fix Version/s: 1.9.0
    • Component/s: Container
    • Labels:
      None

      Description

      Please find the latest report on new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
      
      18 new defect(s) introduced to Apache Qpid dispatch-router found with Coverity Scan.
      4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
      
      New defect(s) Reported-by: Coverity Scan
      Showing 18 of 18 defect(s)
      
      
      ** CID 344879:    (FORWARD_NULL)
      
      
      ________________________________________________________________________________________________________
      *** CID 344879:    (FORWARD_NULL)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: 193 in qdra_config_address_get_first_CT()
      187         qdr_agent_write_config_address_CT(query, addr);
      188     
      189         //
      190         // Advance to the next address
      191         //
      192         query->next_offset = offset;
      >>>     CID 344879:    (FORWARD_NULL)
      >>>     Passing null pointer "addr" to "qdr_manage_advance_config_address_CT", which dereferences it.
      193         qdr_manage_advance_config_address_CT(query, addr);
      194     
      195         //
      196         // Enqueue the response.
      197         //
      198         qdr_agent_enqueue_response_CT(core, query);
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_address.c: 187 in qdra_config_address_get_first_CT()
      181             addr = DEQ_NEXT(addr);
      182         assert(addr);
      183     
      184         //
      185         // Write the columns of the object into the response body.
      186         //
      >>>     CID 344879:    (FORWARD_NULL)
      >>>     Passing null pointer "addr" to "qdr_agent_write_config_address_CT", which dereferences it.
      187         qdr_agent_write_config_address_CT(query, addr);
      188     
      189         //
      190         // Advance to the next address
      191         //
      192         query->next_offset = offset;
      
      ** CID 344878:  API usage errors  (PRINTF_ARGS)
      
      
      ________________________________________________________________________________________________________
      *** CID 344878:  API usage errors  (PRINTF_ARGS)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in callback_metrics()
      552                 stats->headers_sent = true;
      553             }
      554     
      555             while (stats->current < metrics_length) {
      556                 if (write_metric(&position, end, &metrics[stats->current], &stats->context->stats)) {
      557                     stats->current++;
      >>>     CID 344878:  API usage errors  (PRINTF_ARGS)
      >>>     Argument "stats->current" to format specifier "%i" was expected to have type "int" but has type "unsigned long".
      558                     qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of %i", stats->current, metrics_length);
      559                 } else {
      560                     qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in buffer");
      561                     break;
      562                 }
      563             }
      
      ** CID 344877:  API usage errors  (PRINTF_ARGS)
      
      
      ________________________________________________________________________________________________________
      *** CID 344877:  API usage errors  (PRINTF_ARGS)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 558 in callback_metrics()
      552                 stats->headers_sent = true;
      553             }
      554     
      555             while (stats->current < metrics_length) {
      556                 if (write_metric(&position, end, &metrics[stats->current], &stats->context->stats)) {
      557                     stats->current++;
      >>>     CID 344877:  API usage errors  (PRINTF_ARGS)
      >>>     Argument "metrics_length" to format specifier "%i" was expected to have type "int" but has type "unsigned long".
      558                     qd_log(hs->log, QD_LOG_DEBUG, "wrote metric %i of %i", stats->current, metrics_length);
      559                 } else {
      560                     qd_log(hs->log, QD_LOG_DEBUG, "insufficient space in buffer");
      561                     break;
      562                 }
      563             }
      
      ** CID 344876:    (FORWARD_NULL)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 331 in qdra_conn_link_route_get_first_CT()
      
      
      ________________________________________________________________________________________________________
      *** CID 344876:    (FORWARD_NULL)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 329 in qdra_conn_link_route_get_first_CT()
      323             //
      324             qdr_link_route_t *lr = DEQ_HEAD(conn->conn_link_routes);
      325             for (int i = 0; i < offset && lr; i++)
      326                 lr = DEQ_NEXT(lr);
      327             assert(lr);
      328             // write the lr into the response and advance to next
      >>>     CID 344876:    (FORWARD_NULL)
      >>>     Passing null pointer "lr" to "_write_as_list_CT", which dereferences it.
      329             _write_as_list_CT(query, lr);
      330             query->next_offset = offset + 1;
      331             query->more = DEQ_NEXT(lr) != NULL;
      332         }
      333         qdr_agent_enqueue_response_CT(core, query);
      334     }
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_conn_link_route.c: 331 in qdra_conn_link_route_get_first_CT()
      325             for (int i = 0; i < offset && lr; i++)
      326                 lr = DEQ_NEXT(lr);
      327             assert(lr);
      328             // write the lr into the response and advance to next
      329             _write_as_list_CT(query, lr);
      330             query->next_offset = offset + 1;
      >>>     CID 344876:    (FORWARD_NULL)
      >>>     Dereferencing null pointer "lr".
      331             query->more = DEQ_NEXT(lr) != NULL;
      332         }
      333         qdr_agent_enqueue_response_CT(core, query);
      334     }
      335     
      336     
      
      ** CID 344875:  API usage errors  (PRINTF_ARGS)
      
      
      ________________________________________________________________________________________________________
      *** CID 344875:  API usage errors  (PRINTF_ARGS)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/policy.c: 1294 in qd_policy_host_pattern_add()
      1288             assert (recovered);
      1289             (void)recovered;        /* Silence compiler complaints of unused variable */
      1290         }
      1291         sys_mutex_unlock(policy->tree_lock);
      1292         if (oldp) {
      1293             free(payload);
      >>>     CID 344875:  API usage errors  (PRINTF_ARGS)
      >>>     Argument "oldp" to format specifier "%s" was expected to have type "char *" but has type "void *".
      1294             qd_log(policy->log_source,
      1295                 QD_LOG_WARNING,
      1296                 "vhost hostname pattern '%s' failed to replace optimized pattern '%s'",
      1297                 hostPattern, oldp);
      1298         }
      1299         return oldp == 0;
      
      ** CID 344874:  Memory - corruptions  (OVERLAPPING_COPY)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in set_rhost_port()
      
      
      ________________________________________________________________________________________________________
      *** CID 344874:  Memory - corruptions  (OVERLAPPING_COPY)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/server.c: 595 in set_rhost_port()
      589         if (sa && salen) {
      590             char rport[NI_MAXSERV] = "";
      591             int err = getnameinfo(sa, salen,
      592                                   ctx->rhost, sizeof(ctx->rhost), rport, sizeof(rport),
      593                                   NI_NUMERICHOST | NI_NUMERICSERV);
      594             if (!err) {
      >>>     CID 344874:  Memory - corruptions  (OVERLAPPING_COPY)
      >>>     In the call to function "snprintf", the object pointed to by argument "ctx->rhost" may overlap with the object pointed to by argument "ctx->rhost_port".
      595                 snprintf(ctx->rhost_port, sizeof(ctx->rhost_port), "%s:%s", ctx->rhost, rport);
      596             }
      597         }
      598     }
      599     
      600     
      
      ** CID 344873:    (FORWARD_NULL)
      
      
      ________________________________________________________________________________________________________
      *** CID 344873:    (FORWARD_NULL)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: 222 in qdra_config_link_route_get_first_CT()
      216         qdr_agent_write_config_link_route_CT(query, lr);
      217     
      218         //
      219         // Advance to the next link_route
      220         //
      221         query->next_offset = offset;
      >>>     CID 344873:    (FORWARD_NULL)
      >>>     Passing null pointer "lr" to "qdr_manage_advance_config_link_route_CT", which dereferences it.
      222         qdr_manage_advance_config_link_route_CT(query, lr);
      223     
      224         //
      225         // Enqueue the response.
      226         //
      227         qdr_agent_enqueue_response_CT(core, query);
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_link_route.c: 216 in qdra_config_link_route_get_first_CT()
      210             lr = DEQ_NEXT(lr);
      211         assert(lr);
      212     
      213         //
      214         // Write the columns of the object into the response body.
      215         //
      >>>     CID 344873:    (FORWARD_NULL)
      >>>     Passing null pointer "lr" to "qdr_agent_write_config_link_route_CT", which dereferences it.
      216         qdr_agent_write_config_link_route_CT(query, lr);
      217     
      218         //
      219         // Advance to the next link_route
      220         //
      221         query->next_offset = offset;
      
      ** CID 344872:  Null pointer dereferences  (FORWARD_NULL)
      
      
      ________________________________________________________________________________________________________
      *** CID 344872:  Null pointer dereferences  (FORWARD_NULL)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_address.c: 301 in qdra_address_get_first_CT()
      295         qdr_manage_write_address_list_CT(core, query, addr);
      296     
      297         //
      298         // Advance to the next address
      299         //
      300         query->next_offset = offset;
      >>>     CID 344872:  Null pointer dereferences  (FORWARD_NULL)
      >>>     Passing null pointer "addr" to "qdr_manage_advance_address_CT", which dereferences it.
      301         qdr_manage_advance_address_CT(query, addr);
      302     
      303         //
      304         // Enqueue the response.
      305         //
      306         qdr_agent_enqueue_response_CT(core, query);
      
      ** CID 344871:    (FORWARD_NULL)
      
      
      ________________________________________________________________________________________________________
      *** CID 344871:    (FORWARD_NULL)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: 229 in qdra_config_auto_link_get_first_CT()
      223         qdr_agent_write_config_auto_link_CT(query, al);
      224     
      225         //
      226         // Advance to the next auto_link
      227         //
      228         query->next_offset = offset;
      >>>     CID 344871:    (FORWARD_NULL)
      >>>     Passing null pointer "al" to "qdr_manage_advance_config_auto_link_CT", which dereferences it.
      229         qdr_manage_advance_config_auto_link_CT(query, al);
      230     
      231         //
      232         // Enqueue the response.
      233         //
      234         qdr_agent_enqueue_response_CT(core, query);
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_config_auto_link.c: 223 in qdra_config_auto_link_get_first_CT()
      217             al = DEQ_NEXT(al);
      218         assert(al);
      219     
      220         //
      221         // Write the columns of the object into the response body.
      222         //
      >>>     CID 344871:    (FORWARD_NULL)
      >>>     Passing null pointer "al" to "qdr_agent_write_config_auto_link_CT", which dereferences it.
      223         qdr_agent_write_config_auto_link_CT(query, al);
      224     
      225         //
      226         // Advance to the next auto_link
      227         //
      228         query->next_offset = offset;
      
      ** CID 344870:    (FORWARD_NULL)
      
      
      ________________________________________________________________________________________________________
      *** CID 344870:    (FORWARD_NULL)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 327 in qdra_link_get_first_CT()
      321         qdr_agent_write_link_CT(core, query, link);
      322     
      323         //
      324         // Advance to the next address
      325         //
      326         query->next_offset = offset;
      >>>     CID 344870:    (FORWARD_NULL)
      >>>     Passing null pointer "link" to "qdr_manage_advance_link_CT", which dereferences it.
      327         qdr_manage_advance_link_CT(query, link);
      328     
      329         //
      330         // Enqueue the response.
      331         //
      332         qdr_agent_enqueue_response_CT(core, query);
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_link.c: 321 in qdra_link_get_first_CT()
      315             link = DEQ_NEXT(link);
      316         assert(link);
      317     
      318         //
      319         // Write the columns of the link into the response body.
      320         //
      >>>     CID 344870:    (FORWARD_NULL)
      >>>     Passing null pointer "link" to "qdr_agent_write_link_CT", which dereferences it.
      321         qdr_agent_write_link_CT(core, query, link);
      322     
      323         //
      324         // Advance to the next address
      325         //
      326         query->next_offset = offset;
      
      ** CID 344869:    (FORWARD_NULL)
      
      
      ________________________________________________________________________________________________________
      *** CID 344869:    (FORWARD_NULL)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: 337 in qdra_connection_get_first_CT()
      331         qdr_agent_write_connection_CT(core, query, conn);
      332     
      333         //
      334         // Advance to the next connection
      335         //
      336         query->next_offset = offset;
      >>>     CID 344869:    (FORWARD_NULL)
      >>>     Passing null pointer "conn" to "qdr_manage_advance_connection_CT", which dereferences it.
      337         qdr_manage_advance_connection_CT(query, conn);
      338     
      339         //
      340         // Enqueue the response.
      341         //
      342         qdr_agent_enqueue_response_CT(core, query);
      /home/kgiusti/work/dispatch/qpid-dispatch/src/router_core/agent_connection.c: 331 in qdra_connection_get_first_CT()
      325             conn = DEQ_NEXT(conn);
      326         assert(conn);
      327     
      328         //
      329         // Write the columns of the object into the response body.
      330         //
      >>>     CID 344869:    (FORWARD_NULL)
      >>>     Passing null pointer "conn" to "qdr_agent_write_connection_CT", which dereferences it.
      331         qdr_agent_write_connection_CT(core, query, conn);
      332     
      333         //
      334         // Advance to the next connection
      335         //
      336         query->next_offset = offset;
      
      ** CID 344868:  Insecure data handling  (TAINTED_SCALAR)
      
      
      ________________________________________________________________________________________________________
      *** CID 344868:  Insecure data handling  (TAINTED_SCALAR)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/connection_manager.c: 556 in qd_dispatch_configure_ssl_profile()
      550         ssl_profile->ssl_uid_format             = qd_entity_opt_string(entity, "uidFormat", 0);          CHECK();
      551         ssl_profile->uid_name_mapping_file      = qd_entity_opt_string(entity, "uidNameMappingFile", 0); CHECK();
      552     
      553         //
      554         // Process the password to handle any modifications or lookups needed
      555         //
      >>>     CID 344868:  Insecure data handling  (TAINTED_SCALAR)
      >>>     Passing tainted variable "ssl_profile->ssl_password" to a tainted sink.
      556         qd_config_ssl_profile_process_password(ssl_profile); CHECK();
      557     
      558         qd_log(cm->log_source, QD_LOG_INFO, "Created SSL Profile with name %s ", ssl_profile->name);
      559         return ssl_profile;
      560     
      561         error:
      
      ** CID 344867:  API usage errors  (PRINTF_ARGS)
      
      
      ________________________________________________________________________________________________________
      *** CID 344867:  API usage errors  (PRINTF_ARGS)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/http-libwebsockets.c: 61 in logger()
      55     static void logger(int lll, const char *line)  {
      56         if (strstr(line, IGNORED)) return;
      57         size_t  len = strlen(line);
      58         while (len > 1 && isspace(line[len-1])) { /* Strip trailing newline */
      59             --len;
      60         }
      >>>     CID 344867:  API usage errors  (PRINTF_ARGS)
      >>>     Precision argument "len" to format specifier "%.*s" was expected to have type "int" but has type "unsigned long".
      61         qd_log(http_log, qd_level(lll), "%.*s", len, line);
      62     }
      63     
      64     static void log_init() {
      65         http_log = qd_log_source("HTTP");
      66         int levels = 0;
      
      ** CID 344866:  Control flow issues  (DEADCODE)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in qd_parse_annotations_v1()
      
      
      ________________________________________________________________________________________________________
      *** CID 344866:  Control flow issues  (DEADCODE)
      /home/kgiusti/work/dispatch/qpid-dispatch/src/parse.c: 832 in qd_parse_annotations_v1()
      826                         case QD_MAE_TO:
      827                             *ma_to_override = val_field;
      828                             break;
      829                         case QD_MAE_PHASE:
      830                             *ma_phase = val_field;
      831                             break;
      >>>     CID 344866:  Control flow issues  (DEADCODE)
      >>>     Execution cannot reach this statement: "case QD_MAE_NONE:".
      832                         case QD_MAE_NONE:
      833                             assert(false);
      834                             break;
      835                     }
      836     
      837                     qd_iterator_free(val_iter);
      
      ** CID 336747:  Resource leaks  (RESOURCE_LEAK)
      /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
      
      
      ________________________________________________________________________________________________________
      *** CID 336747:  Resource leaks  (RESOURCE_LEAK)
      /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 81 in test_send_to_messenger()
      75     static char* test_send_to_messenger(void *context)
      76     {
      77         qd_message_t         *msg     = qd_message();
      78         qd_message_content_t *content = MSG_CONTENT(msg);
      79         qd_message_compose_1(msg, "test_addr_0", 0);
      80         qd_buffer_t *buf = DEQ_HEAD(content->buffers);
      >>>     CID 336747:  Resource leaks  (RESOURCE_LEAK)
      >>>     Variable "msg" going out of scope leaks the storage it points to.
      81         if (buf == 0) return "Expected a buffer in the test message";
      82     
      83         pn_message_t *pn_msg = pn_message();
      84         size_t len = flatten_bufs(content);
      85         int result = pn_message_decode(pn_msg, buffer, len);
      86         if (result != 0) {
      
      ** CID 336746:  Resource leaks  (RESOURCE_LEAK)
      /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_send_message_annotations()
      
      
      ________________________________________________________________________________________________________
      *** CID 336746:  Resource leaks  (RESOURCE_LEAK)
      /home/kgiusti/work/dispatch/qpid-dispatch/tests/message_test.c: 341 in test_send_message_annotations()
      335         if (result != 0) {
      336             qd_message_free(msg);
      337             return "Error in pn_message_decode";
      338         }
      339     
      340         pn_data_t *ma = pn_message_annotations(pn_msg);
      >>>     CID 336746:  Resource leaks  (RESOURCE_LEAK)
      >>>     Variable "msg" going out of scope leaks the storage it points to.
      341         if (!ma) return "Missing message annotations";
      342         pn_data_rewind(ma);
      343         pn_data_next(ma);
      344         if (pn_data_type(ma) != PN_MAP) return "Invalid message annotation type";
      345         if (pn_data_get_map(ma) != QD_MA_N_KEYS * 2) return "Invalid map length";
      346         pn_data_enter(ma);
      
      ** CID 142248:  Resource leaks  (RESOURCE_LEAK)
      /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
      
      
      ________________________________________________________________________________________________________
      *** CID 142248:  Resource leaks  (RESOURCE_LEAK)
      /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
      296         qd_iterator_t     *key_iter   = qd_parse_raw(key_field);
      297         qd_iterator_t     *typed_iter = qd_parse_typed(key_field);
      298         if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) {
      299             unsigned char     *result   = qd_iterator_copy(key_iter);
      300             snprintf(error, 1000, "First key: expected 'first', got '%s'", result);
      301             free (result);
      >>>     CID 142248:  Resource leaks  (RESOURCE_LEAK)
      >>>     Variable "field" going out of scope leaks the storage it points to.
      302             return error;
      303         }
      304     
      305         if (!qd_iterator_equal(typed_iter, (unsigned char*) "\xa3\x05\x66irst"))
      306             return "Incorrect typed iterator on first-key";
      307     
      
      ** CID 142246:  Resource leaks  (RESOURCE_LEAK)
      /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
      
      
      ________________________________________________________________________________________________________
      *** CID 142246:  Resource leaks  (RESOURCE_LEAK)
      /home/kgiusti/work/dispatch/qpid-dispatch/tests/parse_test.c: 302 in test_map()
      296         qd_iterator_t     *key_iter   = qd_parse_raw(key_field);
      297         qd_iterator_t     *typed_iter = qd_parse_typed(key_field);
      298         if (!qd_iterator_equal(key_iter, (unsigned char*) "first")) {
      299             unsigned char     *result   = qd_iterator_copy(key_iter);
      300             snprintf(error, 1000, "First key: expected 'first', got '%s'", result);
      301             free (result);
      >>>     CID 142246:  Resource leaks  (RESOURCE_LEAK)
      >>>     Variable "data_iter" going out of scope leaks the storage it points to.
      302             return error;
      303         }
      304     
      305         if (!qd_iterator_equal(typed_iter, (unsigned char*) "\xa3\x05\x66irst"))
      306             return "Incorrect typed iterator on first-key";
      307     
      
      
      \
      
          
          
          
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                gmurthy Ganesh Murthy
                Reporter:
                gmurthy Ganesh Murthy
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: