From: scan-admin@coverity.com
To: ceph-devel@vger.kernel.org
Subject: New Defects reported by Coverity Scan for ceph
Date: Thu, 13 Jul 2017 05:11:05 +0000 (UTC) [thread overview]
Message-ID: <596700e8c997c_4d9460132840235@ss1435.mail> (raw)
Hi,
Please find the latest report on new defect(s) introduced to ceph found with Coverity Scan.
11 new defect(s) introduced to ceph found with Coverity Scan.
11 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1414864: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1414864: Memory - corruptions (OVERRUN)
/home/brad/working/src/ceph/src/mgr/ServiceMap.cc: 57 in ServiceMap::Service::encode(ceph::buffer::list &, unsigned long) const()
51 }
52
53 // Service
54
55 void ServiceMap::Service::encode(bufferlist& bl, uint64_t features) const
56 {
>>> CID 1414864: Memory - corruptions (OVERRUN)
>>> Overrunning struct type ceph_le32 of 4 bytes by passing it to a function which accesses it at byte offset 7.
57 ENCODE_START(1, 1, bl);
58 ::encode(daemons, bl, features);
59 ::encode(summary, bl);
60 ENCODE_FINISH(bl);
61 }
62
** CID 1414865: Security best practices violations (DC.WEAK_CRYPTO)
/home/brad/working/src/ceph/src/os/filestore/HashIndex.cc: 382 in HashIndex::write_settings()()
________________________________________________________________________________________________________
*** CID 1414865: Security best practices violations (DC.WEAK_CRYPTO)
/home/brad/working/src/ceph/src/os/filestore/HashIndex.cc: 382 in HashIndex::write_settings()()
376 return r;
377 return write_settings();
378 }
379
380 int HashIndex::write_settings() {
381 if (cct->_conf->filestore_split_rand_factor > 0) {
>>> CID 1414865: Security best practices violations (DC.WEAK_CRYPTO)
>>> "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break.
382 settings.split_rand_factor = rand() % cct->_conf->filestore_split_rand_factor;
383 } else {
384 settings.split_rand_factor = 0;
385 }
386 vector<string> path;
387 bufferlist bl;
** CID 1414866: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1414866: Memory - corruptions (OVERRUN)
/home/brad/working/src/ceph/src/mgr/ServiceMap.cc: 12 in ServiceMap::Daemon::encode(ceph::buffer::list &, unsigned long) const()
6 #include "common/Formatter.h"
7
8 // Daemon
9
10 void ServiceMap::Daemon::encode(bufferlist& bl, uint64_t features) const
11 {
>>> CID 1414866: Memory - corruptions (OVERRUN)
>>> Overrunning struct type ceph_le32 of 4 bytes by passing it to a function which accesses it at byte offset 7.
12 ENCODE_START(1, 1, bl);
13 ::encode(gid, bl);
14 ::encode(addr, bl, features);
15 ::encode(start_epoch, bl);
16 ::encode(start_stamp, bl);
17 ::encode(metadata, bl);
** CID 1414867: Memory - illegal accesses (USE_AFTER_FREE)
/home/brad/working/src/ceph/src/mon/Monitor.cc: 1596 in Monitor::reset_probe_timeout()()
________________________________________________________________________________________________________
*** CID 1414867: Memory - illegal accesses (USE_AFTER_FREE)
/home/brad/working/src/ceph/src/mon/Monitor.cc: 1596 in Monitor::reset_probe_timeout()()
1590 cancel_probe_timeout();
1591 probe_timeout_event = new C_MonContext(this, [this](int r) {
1592 probe_timeout(r);
1593 });
1594 double t = g_conf->mon_probe_timeout;
1595 timer.add_event_after(t, probe_timeout_event);
>>> CID 1414867: Memory - illegal accesses (USE_AFTER_FREE)
>>> Passing freed pointer "this->probe_timeout_event" as an argument to "operator <<".
1596 dout(10) << "reset_probe_timeout " << probe_timeout_event << " after " << t << " seconds" << dendl;
1597 }
1598
1599 void Monitor::probe_timeout(int r)
1600 {
1601 dout(4) << "probe_timeout " << probe_timeout_event << dendl;
** CID 1414868: Control flow issues (MISSING_RESTORE)
/home/brad/working/src/ceph/src/os/bluestore/BlueStore.cc: 4119 in BlueStore::_open_bdev(bool)()
________________________________________________________________________________________________________
*** CID 1414868: Control flow issues (MISSING_RESTORE)
/home/brad/working/src/ceph/src/os/bluestore/BlueStore.cc: 4119 in BlueStore::_open_bdev(bool)()
4113 assert(block_size == 1u << block_size_order);
4114 // and set cache_size based on device type
4115 r = _set_cache_sizes();
4116 if (r < 0) {
4117 goto fail_close;
4118 }
>>> CID 1414868: Control flow issues (MISSING_RESTORE)
>>> Value of non-local "this->bdev" that was verified to be "NULL" is not restored as it was along other paths.
4119 return 0;
4120
4121 fail_close:
4122 bdev->close();
4123 fail:
4124 delete bdev;
** CID 1414869: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1414869: Memory - corruptions (OVERRUN)
/home/brad/working/src/ceph/src/mgr/ServiceMap.cc: 93 in ServiceMap::encode(ceph::buffer::list &, unsigned long) const()
87 }
88
89 // ServiceMap
90
91 void ServiceMap::encode(bufferlist& bl, uint64_t features) const
92 {
>>> CID 1414869: Memory - corruptions (OVERRUN)
>>> Overrunning struct type ceph_le32 of 4 bytes by passing it to a function which accesses it at byte offset 7.
93 ENCODE_START(1, 1, bl);
94 ::encode(epoch, bl);
95 ::encode(modified, bl);
96 ::encode(services, bl, features);
97 ENCODE_FINISH(bl);
98 }
** CID 1414870: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1414870: Memory - corruptions (OVERRUN)
/home/brad/working/src/ceph/src/cls/lock/cls_lock_types.h: 108 in rados::cls::lock::lock_info_t::encode(ceph::buffer::list &, unsigned long) const()
102 ClsLockType lock_type; // lock type (exclusive / shared)
103 string tag; // tag: operations on lock can only succeed with this tag
104 // as long as set of non expired lockers
105 // is bigger than 0.
106
107 void encode(bufferlist &bl, uint64_t features) const {
>>> CID 1414870: Memory - corruptions (OVERRUN)
>>> Overrunning struct type ceph_le32 of 4 bytes by passing it to a function which accesses it at byte offset 7.
108 ENCODE_START(1, 1, bl);
109 ::encode(lockers, bl, features);
110 uint8_t t = (uint8_t)lock_type;
111 ::encode(t, bl);
112 ::encode(tag, bl);
113 ENCODE_FINISH(bl);
** CID 1414871: Incorrect expression (SIZEOF_MISMATCH)
/home/brad/working/src/ceph/src/isa-l/igzip/huff_codes.c: 1390 in isal_create_hufftables()
________________________________________________________________________________________________________
*** CID 1414871: Incorrect expression (SIZEOF_MISMATCH)
/home/brad/working/src/ceph/src/isa-l/igzip/huff_codes.c: 1390 in isal_create_hufftables()
1384
1385 create_code_tables(lit_table, lit_table_sizes, IGZIP_LIT_TABLE_SIZE, lit_huff_table);
1386
1387 create_packed_len_table(len_table, lit_huff_table);
1388 create_packed_dist_table(dist_table, IGZIP_DIST_TABLE_SIZE, dist_huff_table);
1389
>>> CID 1414871: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "deflate_hdr" of type "uint8_t *" and argument "8U /* sizeof (deflate_hdr) */" to function "set_buf" is suspicious.
1390 set_buf(&header_bitbuf, deflate_hdr, sizeof(deflate_hdr));
1391 init(&header_bitbuf);
1392
1393 hlit = max_lit_len_sym - 256;
1394 hdist = max_dist_sym;
1395
** CID 1414872: Incorrect expression (SIZEOF_MISMATCH)
/home/brad/working/src/ceph/src/isa-l/igzip/huff_codes.c: 1481 in isal_create_hufftables_subset()
________________________________________________________________________________________________________
*** CID 1414872: Incorrect expression (SIZEOF_MISMATCH)
/home/brad/working/src/ceph/src/isa-l/igzip/huff_codes.c: 1481 in isal_create_hufftables_subset()
1475
1476 create_code_tables(lit_table, lit_table_sizes, IGZIP_LIT_TABLE_SIZE, lit_huff_table);
1477
1478 create_packed_len_table(len_table, lit_huff_table);
1479 create_packed_dist_table(dist_table, IGZIP_DIST_TABLE_SIZE, dist_huff_table);
1480
>>> CID 1414872: Incorrect expression (SIZEOF_MISMATCH)
>>> Passing argument "deflate_hdr" of type "uint8_t *" and argument "8U /* sizeof (deflate_hdr) */" to function "set_buf" is suspicious.
1481 set_buf(&header_bitbuf, deflate_hdr, sizeof(deflate_hdr));
1482 init(&header_bitbuf);
1483
1484 hlit = max_lit_len_sym - 256;
1485 hdist = max_dist_sym;
1486
** CID 1414873: Uninitialized variables (UNINIT)
/home/brad/working/src/ceph/src/rgw/rgw_op.cc: 3716 in RGWPostObj::execute()()
________________________________________________________________________________________________________
*** CID 1414873: Uninitialized variables (UNINIT)
/home/brad/working/src/ceph/src/rgw/rgw_op.cc: 3716 in RGWPostObj::execute()()
3710 op_ret = -ERR_TOO_SMALL;
3711 return;
3712 }
3713
3714 s->obj_size = ofs;
3715
>>> CID 1414873: Uninitialized variables (UNINIT)
>>> Using uninitialized element of array "calc_md5" when calling "strcmp".
3716 if (supplied_md5_b64 && strcmp(calc_md5, supplied_md5)) {
3717 op_ret = -ERR_BAD_DIGEST;
3718 return;
3719 }
3720
3721 op_ret = store->check_quota(s->bucket_owner.get_id(), s->bucket,
** CID 1414874: Memory - illegal accesses (UNINIT)
/home/brad/working/src/ceph/src/compressor/zlib/ZlibCompressor.cc: 115 in ZlibCompressor::isal_compress(const ceph::buffer::list &, ceph::buffer::list &)()
________________________________________________________________________________________________________
*** CID 1414874: Memory - illegal accesses (UNINIT)
/home/brad/working/src/ceph/src/compressor/zlib/ZlibCompressor.cc: 115 in ZlibCompressor::isal_compress(const ceph::buffer::list &, ceph::buffer::list &)()
109
110 #if __x86_64__ && defined(HAVE_BETTER_YASM_ELF64)
111 int ZlibCompressor::isal_compress(const bufferlist &in, bufferlist &out)
112 {
113 int ret;
114 unsigned have;
>>> CID 1414874: Memory - illegal accesses (UNINIT)
>>> Declaring variable "strm" without initializer.
115 isal_zstream strm;
116 unsigned char* c_in;
117 int begin = 1;
118
119 /* allocate deflate state */
120 isal_deflate_init(&strm);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRaGCnxtQO9E3gxlB2GxVsWFENryh7bC5hIb-2FQBVM85YLQ-3D-3D_2sw0G7ICm9mxCh1lYW1t9y1lfDrIerWzLwB67LZ-2Bn8GgUHDK3UdKUZb0vpG-2Fz19Ghj7-2Bx-2FKWvgGtKe2pBI0awbrnxqUxRLcPqBM1Vp1NF-2F3gwQrwIAPVElxtQMRscsFh1WtQdX4JANyHU0xgmGaBVUjmpp2BBqSvQ25-2FOLVbF8wvW2cvH68a1zd9mDtBJS8ZJrA0IYUr4qd0W8Ak6WUG6ZU0WPgJbVubSULSlFFd250-3D
To manage Coverity Scan email notifications for "ceph-devel@vger.kernel.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4Bco8jcmzhh7FSyvoR0E3-2BDgRcBCQ6OuthHBtaTCGNq9OVG2ZVnjrgThgf5hX3GVEkIxvBX-2BorwRZfOftSp7HPfCifRGGak1MlgNFVd3IIPA-3D_2sw0G7ICm9mxCh1lYW1t9y1lfDrIerWzLwB67LZ-2Bn8GgUHDK3UdKUZb0vpG-2Fz19Ghj7-2Bx-2FKWvgGtKe2pBI0awYdxU42XtgK12zM2JW75KTpHQ0BnOgU3rYwE29D-2FETObwGymbUVyYoPhnWuZOz0pwMmFoOpgrKXxi4pqD-2FnlXTQODJDxsXnXttjVj0EN41ZxTnq428Ik05KCr97hRWjUpE-2B26YTDaxHAe3dkT99VIWw-3D
next reply other threads:[~2017-07-13 5:12 UTC|newest]
Thread overview: 124+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-13 5:11 scan-admin [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-08-20 12:22 New Defects reported by Coverity Scan for ceph scan-admin
2022-08-20 13:17 ` Jeff Layton
2022-08-22 3:54 ` Brad Hubbard
2022-08-23 12:52 ` Jeff Layton
2018-01-04 3:32 scan-admin
2017-12-28 1:57 scan-admin
2017-12-21 1:54 scan-admin
2017-12-21 3:34 ` Jos Collin
2017-12-21 4:03 ` Brad Hubbard
2017-12-14 6:49 scan-admin
2017-12-01 2:25 scan-admin
2017-11-23 0:19 scan-admin
2017-11-16 11:35 scan-admin
2017-11-09 11:36 scan-admin
2017-11-02 2:11 scan-admin
2017-10-27 0:31 scan-admin
2017-10-19 3:54 scan-admin
2017-10-12 5:54 scan-admin
2017-10-05 5:08 scan-admin
2017-09-28 5:09 scan-admin
2017-09-21 6:44 scan-admin
2017-09-14 7:19 scan-admin
2017-09-07 5:08 scan-admin
2017-08-31 6:39 scan-admin
2017-08-24 23:32 scan-admin
2017-08-17 3:29 scan-admin
2017-08-10 3:50 scan-admin
2017-08-03 4:57 scan-admin
2017-07-27 3:50 scan-admin
2017-07-28 18:42 ` Gregory Farnum
2017-07-28 22:22 ` Brad Hubbard
2017-07-20 4:08 scan-admin
2017-07-06 5:03 scan-admin
2017-06-29 4:08 scan-admin
2017-06-22 4:27 scan-admin
2017-06-15 9:50 scan-admin
2017-06-11 23:46 scan-admin
2017-06-01 4:33 scan-admin
2017-05-25 6:22 scan-admin
2017-05-18 1:44 scan-admin
2017-05-11 5:32 scan-admin
2017-05-04 2:45 scan-admin
2017-04-27 2:22 scan-admin
2017-04-20 5:34 scan-admin
2017-04-13 6:25 scan-admin
2017-04-06 9:40 scan-admin
2017-03-31 1:25 scan-admin
2017-03-23 7:58 scan-admin
2017-03-16 7:37 scan-admin
2017-03-09 6:12 scan-admin
2017-03-02 7:44 scan-admin
2017-02-23 9:09 scan-admin
2017-02-17 2:29 scan-admin
[not found] ` <CAJE9aOMoxWjhq=g+25hfhMhxSCnHAOwAyNhXvkxS1wwBEd3j+A@mail.gmail.com>
2017-02-17 5:19 ` kefu chai
2017-02-05 10:08 scan-admin
2017-01-27 13:22 scan-admin
2017-01-17 3:01 scan-admin
2017-01-09 10:05 scan-admin
2016-12-30 8:33 scan-admin
2016-12-23 9:16 scan-admin
2016-12-16 8:54 scan-admin
2016-12-09 11:29 scan-admin
2016-12-02 11:08 scan-admin
2016-11-25 7:55 scan-admin
2016-03-19 17:58 scan-admin
2016-03-13 17:40 scan-admin
2016-03-12 18:04 scan-admin
2016-03-05 17:55 scan-admin
2016-03-07 20:59 ` Gregory Farnum
2016-02-27 18:07 scan-admin
2016-02-20 18:26 scan-admin
2016-02-18 20:32 scan-admin
2016-02-13 17:47 scan-admin
2016-02-11 17:57 scan-admin
2016-02-11 22:01 ` Gregory Farnum
2016-02-12 16:36 ` Adam C. Emerson
2016-02-04 20:39 scan-admin
2016-02-03 20:40 scan-admin
2015-05-02 14:37 scan-admin
2015-01-21 1:41 scan-admin
2015-01-16 14:39 scan-admin
2015-01-16 15:17 ` Gregory Farnum
2015-01-16 16:00 ` John Spray
2015-01-16 16:08 ` Sage Weil
[not found] <54b528bef1f63_1b74f3532c63410@scan.coverity.com.mail>
2015-01-13 14:34 ` Sage Weil
2015-01-13 14:16 scan-admin
2015-01-10 14:36 scan-admin
2015-01-10 15:48 ` Haomai Wang
2015-01-09 14:30 scan-admin
2015-01-09 15:26 ` Sage Weil
2015-01-09 15:32 ` Danny Al-Gaaf
2015-01-04 14:14 scan-admin
2014-12-27 14:13 scan-admin
2014-12-28 6:03 ` Sage Weil
2014-12-26 14:19 scan-admin
2014-12-23 14:37 scan-admin
2014-12-21 14:13 scan-admin
2014-12-18 14:19 scan-admin
2014-12-14 14:17 scan-admin
2014-12-07 20:36 scan-admin
2014-12-05 14:11 scan-admin
2014-12-02 14:09 scan-admin
2014-11-25 14:09 scan-admin
2014-11-23 14:08 scan-admin
2014-11-20 14:20 scan-admin
2014-11-14 14:21 scan-admin
2014-11-13 14:21 scan-admin
2014-11-11 20:40 scan-admin
2014-11-09 14:12 scan-admin
2014-10-30 13:19 scan-admin
2014-10-30 16:08 ` Sage Weil
2014-10-28 13:16 scan-admin
2014-10-28 18:26 ` Danny Al-Gaaf
2014-10-26 13:17 scan-admin
2014-10-24 17:55 scan-admin
2014-10-24 17:59 ` Sage Weil
2014-10-17 13:27 scan-admin
2014-10-09 13:23 scan-admin
2014-10-02 13:21 scan-admin
2014-09-25 13:18 scan-admin
2014-09-16 21:40 scan-admin
2014-08-16 21:31 scan-admin
2014-08-09 15:30 scan-admin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=596700e8c997c_4d9460132840235@ss1435.mail \
--to=scan-admin@coverity.com \
--cc=ceph-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.