-------- Original Message --------
Hi,
Please find the latest report on new defect(s) introduced to GlusterFS found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 20 of 36 defect(s)
** CID 1128913: Argument cannot be negative (NEGATIVE_RETURNS)
/xlators/storage/bd/src/bd.c: 693 in bd_open()
** CID 1128912: Argument cannot be negative (NEGATIVE_RETURNS)
/xlators/storage/bd/src/bd.c: 693 in bd_open()
** CID 1128911: Argument cannot be negative (NEGATIVE_RETURNS)
/xlators/storage/bd/src/bd-helper.c: 273 in __bd_fd_ctx_get()
** CID 1128910: Argument cannot be negative (NEGATIVE_RETURNS)
/xlators/storage/bd/src/bd-helper.c: 273 in __bd_fd_ctx_get()
** CID 1128926: Unused pointer value (UNUSED_VALUE)
/xlators/storage/bd/src/bd.c: 1446 in bd_fsetxattr()
** CID 1128914: Thread deadlock (ORDER_REVERSAL)
/xlators/storage/bd/src/bd-helper.c: 285 in bd_fd_ctx_get()
** CID 1174824: Resource leak (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-store.c: 2616 in glusterd_store_retrieve_peers()
** CID 1174825: Resource leak (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-store.c: 1854 in glusterd_store_retrieve_node_state()
/xlators/mgmt/glusterd/src/glusterd-store.c: 1854 in glusterd_store_retrieve_node_state()
** CID 1174763: Read from pointer after free (USE_AFTER_FREE)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 5594 in glusterd_brick_stop()
** CID 1134005: Ignoring number of bytes read (CHECKED_RETURN)
/xlators/storage/bd/src/bd-helper.c: 921 in bd_do_ioctl_zerofill()
** CID 1128907: Dereference after null check (FORWARD_NULL)
/xlators/storage/bd/src/bd.c: 1594 in bd_trunc_setxattr_cbk()
** CID 1128922: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 164 in bd_lookup_cbk()
** CID 1128921: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 1165 in bd_offload_getx_cbk()
** CID 1128920: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 245 in bd_readdirp_cbk()
** CID 1128919: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 1961 in bd_setattr()
** CID 1128918: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 1060 in bd_setx_stat_cbk()
** CID 1128917: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 1607 in bd_trunc_setxattr_cbk()
** CID 1128923: Dereference before null check (REVERSE_INULL)
/xlators/storage/bd/src/bd-aio.c: 276 in bd_aio_writev_complete()
** CID 1134020: String not null terminated (STRING_NULL)
/xlators/storage/bd/src/bd-helper.c: 913 in bd_do_ioctl_zerofill()
/xlators/storage/bd/src/bd-helper.c: 907 in bd_do_ioctl_zerofill()
** CID 1128916: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd-helper.c: 345 in bd_validate_bd_xattr()
________________________________________________________________________________________________________
*** CID 1128913: Argument cannot be negative (NEGATIVE_RETURNS)
/xlators/storage/bd/src/bd.c: 693 in bd_open()
687 return 0;
688 out:
689 BD_STACK_UNWIND (open, frame, -1, ret, fd, NULL);
690
691 FREE (devpath);
692 if (ret) {
>>> CID 1128913: Argument cannot be negative (NEGATIVE_RETURNS)
>>> "_fd" is passed to a parameter that cannot be negative.
693 close (_fd);
694 GF_FREE (bd_fd);
695 }
696
697 return 0;
698 }
________________________________________________________________________________________________________
*** CID 1128912: Argument cannot be negative (NEGATIVE_RETURNS)
/xlators/storage/bd/src/bd.c: 693 in bd_open()
687 return 0;
688 out:
689 BD_STACK_UNWIND (open, frame, -1, ret, fd, NULL);
690
691 FREE (devpath);
692 if (ret) {
>>> CID 1128912: Argument cannot be negative (NEGATIVE_RETURNS)
>>> "_fd" is passed to a parameter that cannot be negative.
693 close (_fd);
694 GF_FREE (bd_fd);
695 }
696
697 return 0;
698 }
________________________________________________________________________________________________________
*** CID 1128911: Argument cannot be negative (NEGATIVE_RETURNS)
/xlators/storage/bd/src/bd-helper.c: 273 in __bd_fd_ctx_get()
267 *bdfd_p = bdfd;
268
269 ret = 0;
270 out:
271 FREE (devpath);
272 if (ret) {
>>> CID 1128911: Argument cannot be negative (NEGATIVE_RETURNS)
>>> "_fd" is passed to a parameter that cannot be negative.
273 close (_fd);
274 GF_FREE (bdfd);
275 }
276 return ret;
277 }
278
________________________________________________________________________________________________________
*** CID 1128910: Argument cannot be negative (NEGATIVE_RETURNS)
/xlators/storage/bd/src/bd-helper.c: 273 in __bd_fd_ctx_get()
267 *bdfd_p = bdfd;
268
269 ret = 0;
270 out:
271 FREE (devpath);
272 if (ret) {
>>> CID 1128910: Argument cannot be negative (NEGATIVE_RETURNS)
>>> "_fd" is passed to a parameter that cannot be negative.
273 close (_fd);
274 GF_FREE (bdfd);
275 }
276 return ret;
277 }
278
________________________________________________________________________________________________________
*** CID 1128926: Unused pointer value (UNUSED_VALUE)
/xlators/storage/bd/src/bd.c: 1446 in bd_fsetxattr()
1440 VALIDATE_OR_GOTO (this, out);
1441 VALIDATE_OR_GOTO (this->private, out);
1442 VALIDATE_OR_GOTO (fd, out);
1443
1444 bd_inode_ctx_get (fd->inode, this, &bdatt);
1445
>>> CID 1128926: Unused pointer value (UNUSED_VALUE)
>>> Pointer "data" returned by "dict_get(dict, "user.glusterfs.bd")" is never used.
1446 data = "" (dict, BD_XATTR);
1447 if ((data = "" (dict, BD_XATTR)))
1448 cl_type = BD_OF_NONE;
1449 else if ((data = "" (dict, BD_CLONE)))
1450 cl_type = BD_OF_CLONE;
1451 else if ((data = "" (dict, BD_SNAPSHOT)))
________________________________________________________________________________________________________
*** CID 1128914: Thread deadlock (ORDER_REVERSAL)
/xlators/storage/bd/src/bd-helper.c: 285 in bd_fd_ctx_get()
279 int
280 bd_fd_ctx_get (xlator_t *this, fd_t *fd, bd_fd_t **bdfd)
281 {
282 int ret;
283
284 /* FIXME: Is it ok to fd->lock here ? */
>>> CID 1128914: Thread deadlock (ORDER_REVERSAL)
>>> Calling function "pthread_spin_lock(pthread_spinlock_t *)" acquires lock "_fd.lock".
285 LOCK (&fd->lock);
286 {
287 ret = __bd_fd_ctx_get (this, fd, bdfd);
288 }
289 UNLOCK (&fd->lock);
290
________________________________________________________________________________________________________
*** CID 1174824: Resource leak (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-store.c: 2616 in glusterd_store_retrieve_peers()
2610
2611 out:
2612 if (dir)
2613 closedir (dir);
2614 gf_log ("", GF_LOG_DEBUG, "Returning with %d", ret);
2615
>>> CID 1174824: Resource leak (RESOURCE_LEAK)
>>> Variable "iter" going out of scope leaks the storage it points to.
2616 return ret;
2617 }
2618
2619 int32_t
2620 glusterd_resolve_all_bricks (xlator_t *this)
2621 {
________________________________________________________________________________________________________
*** CID 1174825: Resource leak (RESOURCE_LEAK)
/xlators/mgmt/glusterd/src/glusterd-store.c: 1854 in glusterd_store_retrieve_node_state()
1848 if (ret && volinfo->rebal.dict)
1849 dict_unref (volinfo->rebal.dict);
1850 if (tmp_dict)
1851 dict_unref (tmp_dict);
1852 gf_log ("", GF_LOG_DEBUG, "Returning with %d", ret);
1853
>>> CID 1174825: Resource leak (RESOURCE_LEAK)
>>> Variable "iter" going out of scope leaks the storage it points to.
1854 return ret;
1855 }
1856
1857 int32_t
1858 glusterd_store_retrieve_volume (char *volname)
1859 {
/xlators/mgmt/glusterd/src/glusterd-store.c: 1854 in glusterd_store_retrieve_node_state()
1848 if (ret && volinfo->rebal.dict)
1849 dict_unref (volinfo->rebal.dict);
1850 if (tmp_dict)
1851 dict_unref (tmp_dict);
1852 gf_log ("", GF_LOG_DEBUG, "Returning with %d", ret);
1853
>>> CID 1174825: Resource leak (RESOURCE_LEAK)
>>> Variable "iter" going out of scope leaks the storage it points to.
1854 return ret;
1855 }
1856
1857 int32_t
1858 glusterd_store_retrieve_volume (char *volname)
1859 {
________________________________________________________________________________________________________
*** CID 1174763: Read from pointer after free (USE_AFTER_FREE)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 5594 in glusterd_brick_stop()
5588
5589 gf_log (this->name, GF_LOG_DEBUG, "About to stop glusterfs"
5590 " for brick %s:%s", brickinfo->hostname,
5591 brickinfo->path);
5592 ret = glusterd_volume_stop_glusterfs (volinfo, brickinfo, del_brick);
5593 if (ret) {
>>> CID 1174763: Read from pointer after free (USE_AFTER_FREE)
>>> Dereferencing freed pointer "brickinfo".
5594 gf_log (this->name, GF_LOG_CRITICAL, "Unable to stop"
5595 " brick: %s:%s", brickinfo->hostname,
5596 brickinfo->path);
5597 goto out;
5598 }
5599
________________________________________________________________________________________________________
*** CID 1134005: Ignoring number of bytes read (CHECKED_RETURN)
/xlators/storage/bd/src/bd-helper.c: 921 in bd_do_ioctl_zerofill()
915 if (sysfd < 0) {
916 gf_log ("bd_do_ioctl_zerofill", GF_LOG_DEBUG,
917 "sysfs file %s does not exist", lvname);
918 goto skip;
919 }
920
>>> CID 1134005: Ignoring number of bytes read (CHECKED_RETURN)
>>> "read(int, void *, size_t)" returns the number of bytes read, but it is ignored.
921 read (sysfd, buff, sizeof (buff));
922 close (sysfd);
923
924 max_bytes = atoll (buff);
925
926 skip:
________________________________________________________________________________________________________
*** CID 1128907: Dereference after null check (FORWARD_NULL)
/xlators/storage/bd/src/bd.c: 1594 in bd_trunc_setxattr_cbk()
1588 return 0;
1589
1590 revert_xattr:
1591 /* revert setxattr */
1592 op_ret = dict_get_str (local->dict, BD_XATTR, &bd);
1593 GF_FREE (bd);
>>> CID 1128907: Dereference after null check (FORWARD_NULL)
>>> Dereferencing null pointer "bdatt".
1594 gf_asprintf (&bd, "%s:%ld", bdatt->type, bdatt->iatt.ia_size);
1595
1596 if (local->fd)
1597 STACK_WIND (frame, bd_trunc_setxattr_setx_cbk,
1598 FIRST_CHILD(this),
1599 FIRST_CHILD(this)->fops->fsetxattr,
________________________________________________________________________________________________________
*** CID 1128922: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 164 in bd_lookup_cbk()
158 dict_del (xattr, GF_CONTENT_KEY);
159 memcpy (buf, &bdatt->iatt, sizeof (struct iatt));
160
161 out:
162 BD_STACK_UNWIND (lookup, frame, op_ret, op_errno, inode, buf,
163 xattr, postparent);
>>> CID 1128922: Resource leak (RESOURCE_LEAK)
>>> Variable "type" going out of scope leaks the storage it points to.
164 return 0;
165 }
166
167 /*
168 * bd_lookup: Issues posix_lookup to find out if file is mapped to BD
169 * bd_lookup -> posix_lookup -> bd_lookup_cbk
________________________________________________________________________________________________________
*** CID 1128921: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 1165 in bd_offload_getx_cbk()
1159 }
1160
1161 STACK_WIND (frame, bd_offload_setx_cbk, FIRST_CHILD(this),
1162 FIRST_CHILD(this)->fops->setxattr,
1163 local->dloc, local->dict, 0, NULL);
1164
>>> CID 1128921: Resource leak (RESOURCE_LEAK)
>>> Variable "type" going out of scope leaks the storage it points to.
1165 return 0;
1166
1167 out:
1168 if (local->fd)
1169 BD_STACK_UNWIND (fsetxattr, frame, -1, op_errno, NULL);
1170 else
________________________________________________________________________________________________________
*** CID 1128920: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 245 in bd_readdirp_cbk()
239 FREE (type);
240 }
241 }
242
243 out:
244 BD_STACK_UNWIND (readdirp, frame, op_ret, op_errno, entries, xdata);
>>> CID 1128920: Resource leak (RESOURCE_LEAK)
>>> Variable "type" going out of scope leaks the storage it points to.
245 return 0;
246 }
247
248 /*
249 * bd_readdirp: In bd_readdirp_cbk if the file and BD_XATTR_SIZE is set
250 * ia_size is updated with the LV(BD_XATTR_SIZE) size
________________________________________________________________________________________________________
*** CID 1128919: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 1961 in bd_setattr()
1955 *ck_valid = valid;
1956
1957 STACK_WIND_COOKIE (frame, bd_setattr_cbk, ck_valid, FIRST_CHILD(this),
1958 FIRST_CHILD(this)->fops->setattr,
1959 loc, stbuf, valid, xdata);
1960
>>> CID 1128919: Resource leak (RESOURCE_LEAK)
>>> Variable "ck_valid" going out of scope leaks the storage it points to.
1961 return 0;
1962 out:
1963 BD_STACK_UNWIND (setattr, frame, -1, ENOMEM, NULL, NULL, xdata);
1964 return 0;
1965 }
1966
________________________________________________________________________________________________________
*** CID 1128918: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 1060 in bd_setx_stat_cbk()
1054 local->fd, local->dict, 0, NULL);
1055 else
1056 STACK_WIND (frame, bd_setx_setx_cbk, FIRST_CHILD(this),
1057 FIRST_CHILD(this)->fops->setxattr,
1058 &local->loc, local->dict, 0, NULL);
1059
>>> CID 1128918: Resource leak (RESOURCE_LEAK)
>>> Variable "param" going out of scope leaks the storage it points to.
1060 return 0;
1061
1062 out:
1063 if (local->fd)
1064 BD_STACK_UNWIND (fsetxattr, frame, -1, op_errno, xdata);
1065 else
________________________________________________________________________________________________________
*** CID 1128917: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd.c: 1607 in bd_trunc_setxattr_cbk()
1601 else
1602 STACK_WIND (frame, bd_trunc_setxattr_setx_cbk,
1603 FIRST_CHILD(this),
1604 FIRST_CHILD(this)->fops->setxattr,
1605 &local->loc, local->dict, 0, NULL);
1606
>>> CID 1128917: Resource leak (RESOURCE_LEAK)
>>> Variable "bd" going out of scope leaks the storage it points to.
1607 return 0;
1608 out:
1609 if (local->fd)
1610 BD_STACK_UNWIND (ftruncate, frame, -1, EIO, NULL, NULL, NULL);
1611 else
1612 BD_STACK_UNWIND (truncate, frame, -1, EIO, NULL, NULL, NULL);
________________________________________________________________________________________________________
*** CID 1128923: Dereference before null check (REVERSE_INULL)
/xlators/storage/bd/src/bd-aio.c: 276 in bd_aio_writev_complete()
270 op_errno = 0;
271
272 out:
273 STACK_UNWIND_STRICT (writev, frame, op_ret, op_errno, &prebuf, &postbuf,
274 NULL);
275
>>> CID 1128923: Dereference before null check (REVERSE_INULL)
>>> Null-checking "paiocb" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
276 if (paiocb) {
277 if (paiocb->iobref)
278 iobref_unref (paiocb->iobref);
279 GF_FREE (paiocb);
280 }
281
________________________________________________________________________________________________________
*** CID 1134020: String not null terminated (STRING_NULL)
/xlators/storage/bd/src/bd-helper.c: 913 in bd_do_ioctl_zerofill()
907 p = strrchr (dmname, '/');
908 if (p)
909 dm = p + 1;
910 else
911 dm = dmname;
912
>>> CID 1134020: String not null terminated (STRING_NULL)
>>> Passing unterminated string "dm" to "sprintf(char * restrict, char const * restrict, ...)".
913 sprintf(sysfs, "/sys/block/%s/queue/write_same_max_bytes", dm);
914 sysfd = open (sysfs, O_RDONLY);
915 if (sysfd < 0) {
916 gf_log ("bd_do_ioctl_zerofill", GF_LOG_DEBUG,
917 "sysfs file %s does not exist", lvname);
918 goto skip;
/xlators/storage/bd/src/bd-helper.c: 907 in bd_do_ioctl_zerofill()
901
902 uuid_utoa_r (bdatt->iatt.ia_gfid, uuid);
903 sprintf (lvname, "/dev/%s/%s", vg, uuid);
904
905 readlink (lvname, dmname, sizeof (dmname));
906
>>> CID 1134020: String not null terminated (STRING_NULL)
>>> Passing unterminated string "dmname" to "strrchr(char const *, int)", which expects a null-terminated string.
907 p = strrchr (dmname, '/');
908 if (p)
909 dm = p + 1;
910 else
911 dm = dmname;
912
________________________________________________________________________________________________________
*** CID 1128916: Resource leak (RESOURCE_LEAK)
/xlators/storage/bd/src/bd-helper.c: 345 in bd_validate_bd_xattr()
339 }
340
341 /* Destination file does not exist */
342 if (stat (path, &stbuf)) {
343 gf_log (this->name, GF_LOG_WARNING,
344 "lstat failed for path %s", path);
>>> CID 1128916: Resource leak (RESOURCE_LEAK)
>>> Variable "path" going out of scope leaks the storage it points to.
345 return -1;
346 }
347
348 vg = lvm_vg_open (priv->handle, priv->vg, "r", 0);
349 if (!vg) {
350 gf_log (this->name, GF_LOG_WARNING,
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/987?tab=Overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py