Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes from Coverity Report (12/01/2017) #66

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Fixes from Coverity Report (12/01/2017) #66

wants to merge 7 commits into from

Conversation

RanierV
Copy link

@RanierV RanierV commented Dec 1, 2017

Hi,
Can yours take a look.

Best regards,

Ranier Vilela

@RanierV
Update nxt_conn_write.c
2ee3265 
Fix Coverity report:
CID 200492 (nginx#1 of 1): Uninitialized scalar variable (UNINIT)2. uninit_use_in_call: Using uninitialized value sb.last when calling nxt_sendbuf_mem_coalesce. [show details]
@RanierV
Update nxt_php_sapi.c
676ab95 
CID 200488 (nginx#1 of 2): Dereference null return value (NULL_RETURNS)11. dereference: Dereferencing a pointer that might be null run_ctx.mem_pool when calling nxt_mp_destroy.
@RanierV
Update nxt_time_parse.c
ec6cdeb 
CID 200485 (nginx#1 of 1): Unused value (UNUSED_VALUE)assigned_value: Assigning value st_letter to state here, but that stored value is overwritten before it can be used.
@RanierV
Update nxt_socketpair.c
858cb4d 
CID 200484 (nginx#1 of 1): Uninitialized scalar variable (UNINIT)2. uninit_use_in_call: Using uninitialized value msg. Field msg.msg_flags is uninitialized when calling recvmsg
@RanierV
Update nxt_process_title.c
9173b78 
CID 200480 (nginx#2 of 2): Resource leak (RESOURCE_LEAK)22. leaked_storage: Variable p going out of scope leaks the storage it points to.
@RanierV
Update nxt_linux_sendfile.c
a67463b 
CID 200475 (nginx#1 of 1): Uninitialized scalar variable (UNINIT)2. uninit_use_in_call: Using uninitialized value sb.last when calling nxt_sendbuf_mem_coalesce.
@RanierV
Update nxt_event_conn_job_sendfile.c
d28a21b 
CID 200471 (nginx#1 of 1): Uninitialized scalar variable (UNINIT)5. uninit_use_in_call: Using uninitialized value sb.last when calling nxt_sendbuf_mem_coalesce
@VBart VBart self-assigned this Dec 1, 2017
alejandro-colomar
alejandro-colomar reviewed Sep 1, 2022
View reviewed changes
src/nxt_process_title.c
@@ -178,6 +178,12 @@ nxt_process_arguments(nxt_task_t *task, char **orig_argv, char ***orig_envp)
}

done:
if (p != NULL) {
nxt_free(p);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, I just saw this old PR around, and had a fast look at it. nxt_free(), as well as free(3), can handle NULL just fine. The conditionals are not necessary.

alejandro-colomar
alejandro-colomar reviewed Sep 1, 2022
View reviewed changes
src/nxt_process_title.c
@@ -130,6 +125,11 @@ nxt_process_arguments(nxt_task_t *task, char **orig_argv, char ***orig_envp)
goto done;
}

p = nxt_malloc(strings_size);
Copy link
Contributor

@alejandro-colomar alejandro-colomar Sep 1, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you move p after the other goto done, you'll arrive at nxt_free() with an uninitialized pointer, which will result in Undefined Behavior.

That is, consider you jump to done from line 125 after this patch. You'll free p, which is uninitialized, and contains a random value. That will likely crash.

@alejandro-colomar
Copy link
Contributor

alejandro-colomar commented Oct 24, 2022
edited
Loading

@raniervf There are some fixes that seem likely to be correct. Would you mind revisiting this pull request and fixing the issues I mentioned?

ac000

This comment was marked as duplicate.

Sign in to view

ac000
ac000 reviewed Nov 14, 2023
View reviewed changes
src/nxt_php_sapi.c
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps not too surprisingly this code no longer exists. nxt_mp_create() is no longer called and was removed by

commit 349717fb90edaf50ae2846db7b72a2da4285541b
Author: Max Romanov <[email protected]>
Date:   Thu Jan 11 22:14:20 2018 +0300

    Changing relative php scripts paths to real ones.
    
    This is required to run phpMyAdmin.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... and as such is no longer flagged by coverity...

ac000
ac000 reviewed Nov 14, 2023
View reviewed changes
src/nxt_conn_write.c
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This still looks valid, though likely has a pretty slim chance of triggering due to

#if (NXT_HAVE_LINUX_SENDFILE)                                                   
    .old_sendbuf = nxt_linux_event_conn_io_sendfile,                            
#elif (NXT_HAVE_FREEBSD_SENDFILE)                                               
    .old_sendbuf = nxt_freebsd_event_conn_io_sendfile,                          
#elif (NXT_HAVE_MACOSX_SENDFILE)                                                
    .old_sendbuf = nxt_macosx_event_conn_io_sendfile,                           
#elif (NXT_HAVE_SOLARIS_SENDFILEV)                                              
    .old_sendbuf = nxt_solaris_event_conn_io_sendfilev,                         
#elif (NXT_HAVE_AIX_SEND_FILE)                                                  
    .old_sendbuf = nxt_aix_event_conn_io_send_file,                             
#elif (NXT_HAVE_HPUX_SENDFILE)                                                  
    .old_sendbuf = nxt_hpux_event_conn_io_sendfile,                             
#else                                                                           
    .old_sendbuf = nxt_event_conn_io_sendbuf,                                   
#endif

and we only possibly take the problematic code path if we are using nxt_event_conn_io_sendbuf().

ac000
ac000 reviewed Nov 15, 2023
View reviewed changes
src/nxt_linux_sendfile.c
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks valid, assuming that we can go

nxt_linux_event_conn_io_sendfile(() -> nxt_sendbuf_mem_coalesce()

and then

if (nxt_buf_is_mem(b)) {

can be false

@callahad
Copy link
Collaborator

Not entirely sure why this has lingered for so long.

@ac000 Do you think we can resolve this as-is this week, or should we close this and start anew with a fresh Coverity run?

ac000
ac000 reviewed Sep 23, 2024
View reviewed changes
Copy link
Member

@ac000 ac000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file was removed in commit 22c5100 and as such is no longer flagged by coverity.

ac000
ac000 reviewed Sep 23, 2024
View reviewed changes
Copy link
Member

@ac000 ac000 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While that would certainly placate the analysers. I think a slightly larger cleanup is in order.

@callahad
Copy link
Collaborator

callahad commented Oct 14, 2024
edited
Loading

With #1441 merged, do we still need this PR open?

@ac000
Copy link
Member

ac000 commented Oct 29, 2024

With #1441 merged, do we still need this PR open?

That was only one part of this.

Probably need to go through this PR and see what is still open in Coverity...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alejandro-colomar alejandro-colomar alejandro-colomar left review comments

@ac000 ac000 ac000 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@RanierV @alejandro-colomar @callahad @ac000 @VBart