[CRIU] Fwd: New Defects reported by Coverity Scan for avagin/criu
Andrei Vagin
avagin at gmail.com
Mon Oct 23 05:36:58 MSK 2017
---------- Forwarded message ----------
From: <scan-admin at coverity.com>
Date: Sun, Oct 22, 2017 at 7:33 PM
Subject: New Defects reported by Coverity Scan for avagin/criu
To: avagin at gmail.com
Hi,
Please find the latest report on new defect(s) introduced to
avagin/criu found with Coverity Scan.
8 new defect(s) introduced to avagin/criu found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in
the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 8 of 8 defect(s)
** CID 185305: Resource leaks (RESOURCE_LEAK)
/criu/sk-unix.c: 942 in unix_note_scm_rights()
________________________________________________________________________________________________________
*** CID 185305: Resource leaks (RESOURCE_LEAK)
/criu/sk-unix.c: 942 in unix_note_scm_rights()
936 if (!sfle)
937 return -1;
938
939 sfle->fle = get_fle_for_scm(tgt, owner);
940 if (!sfle->fle) {
941 pr_err("Can't request new fle for scm\n");
>>> CID 185305: Resource leaks (RESOURCE_LEAK)
>>> Variable "sfle" going out of scope leaks the storage it points to.
942 return -1;
943 }
944
945 list_add_tail(&sfle->l, &ui->scm_fles);
946 fds[i] = sfle->fle->fe->fd;
947 }
** CID 185304: Error handling issues (NEGATIVE_RETURNS)
/test/zdtm/lib/test.c: 225 in test_init()
________________________________________________________________________________________________________
*** CID 185304: Error handling issues (NEGATIVE_RETURNS)
/test/zdtm/lib/test.c: 225 in test_init()
219 exit(1);
220 }
221
222 setup_outfile();
223 redir_stdfds();
224
>>> CID 185304: Error handling issues (NEGATIVE_RETURNS)
>>> "(unsigned int)sysconf(_SC_PAGESIZE)" is passed to a parameter that cannot be negative.
225 test_shared_state = mmap(NULL, PAGE_SIZE, PROT_READ |
PROT_WRITE, MAP_ANONYMOUS | MAP_SHARED, 0, 0);
226 if (test_shared_state == MAP_FAILED) {
227 pr_perror("Unable to map a shared memory");
228 exit(1);
229 }
230
** CID 185303: Resource leaks (RESOURCE_LEAK)
/criu/file-lock.c: 678 in restore_file_lock()
________________________________________________________________________________________________________
*** CID 185303: Resource leaks (RESOURCE_LEAK)
/criu/file-lock.c: 678 in restore_file_lock()
672 goto err;
673 } else {
674 pr_err("Unknown file lock style!\n");
675 goto err;
676 }
677
>>> CID 185303: Resource leaks (RESOURCE_LEAK)
>>> Handle variable "ret" going out of scope leaks the handle.
678 return 0;
679 err:
680 return ret;
681 }
682
683 static int restore_file_locks(int pid)
** CID 185302: Null pointer dereferences (NULL_RETURNS)
/test/zdtm/static/cgroup_ifpriomap.c: 107 in read_one_priomap()
________________________________________________________________________________________________________
*** CID 185302: Null pointer dereferences (NULL_RETURNS)
/test/zdtm/static/cgroup_ifpriomap.c: 107 in read_one_priomap()
101 pr_err("Broken ifpriomap file line: `%s'\n", prop_line);
102 return -1;
103 }
104 len = space - prop_line;
105
106 out->ifname = malloc(len + 1);
>>> CID 185302: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "out->ifname" when calling "strncpy".
107 strncpy(out->ifname, prop_line, len);
108 out->ifname[len] = '\0'; /* poor man's strlcpy() */
109 out->prio = (uint32_t)strtol(space + 1, NULL, 10);
110
111 return 0;
112 }
** CID 185301: Security best practices violations (DC.WEAK_CRYPTO)
/test/zdtm/static/cgroup_ifpriomap.c: 192 in randomize_map()
________________________________________________________________________________________________________
*** CID 185301: Security best practices violations (DC.WEAK_CRYPTO)
/test/zdtm/static/cgroup_ifpriomap.c: 192 in randomize_map()
186 for (i = 0; i < out_sz; i++) {
187 struct ifpriomap_t *p = &out[i];
188
189 if (!p->ifname)
190 return;
191
>>> CID 185301: Security best practices violations (DC.WEAK_CRYPTO)
>>> "rand" should not be used for security related applications, as linear congruential algorithms are too easy to break.
192 p->prio += rand();
193 }
194 }
195
196 static int compare_maps(void)
197 {
** CID 185300: Resource leaks (RESOURCE_LEAK)
/criu/file-lock.c: 588 in restore_file_lease()
________________________________________________________________________________________________________
*** CID 185300: Resource leaks (RESOURCE_LEAK)
/criu/file-lock.c: 588 in restore_file_lease()
582 }
583
584 ret = restore_breaking_file_lease(fle);
585
586 if (sigprocmask(SIG_SETMASK, &oldmask, NULL)) {
587 pr_perror("Can't restore sigmask\n");
>>> CID 185300: Resource leaks (RESOURCE_LEAK)
>>> Overwriting handle "ret" in "ret = -1" leaks the handle.
588 ret = -1;
589 }
590 return ret;
591 } else {
592 ret = set_file_lease(fle->fd, fle->type);
593 if (ret < 0)
** CID 179032: Error handling issues (CHECKED_RETURN)
/criu/sysctl.c: 324 in __userns_sysctl_op()
________________________________________________________________________________________________________
*** CID 179032: Error handling issues (CHECKED_RETURN)
/criu/sysctl.c: 324 in __userns_sysctl_op()
318
319 if (waitpid(worker, &status, 0) != worker) {
320 pr_perror("worker didn't die?");
321 kill(worker, SIGKILL);
322 goto out;
323 }
>>> CID 179032: Error handling issues (CHECKED_RETURN)
>>> Calling "sigprocmask" without checking return value (as is done elsewhere 8 out of 10 times).
324 sigprocmask(SIG_SETMASK, &oldmask, NULL);
325
326 if (!WIFEXITED(status) || WEXITSTATUS(status)) {
327 pr_err("worker failed: %d\n", status);
328 goto out;
329 }
** CID 179031: Error handling issues (CHECKED_RETURN)
/criu/namespaces.c: 1899 in stop_usernsd()
________________________________________________________________________________________________________
*** CID 179031: Error handling issues (CHECKED_RETURN)
/criu/namespaces.c: 1899 in stop_usernsd()
1893 if (WIFEXITED(status))
1894 ret = WEXITSTATUS(status);
1895 else
1896 ret = -1;
1897
1898 usernsd_pid = 0;
>>> CID 179031: Error handling issues (CHECKED_RETURN)
>>> Calling "sigprocmask" without checking return value (as is done elsewhere 8 out of 10 times).
1899 sigprocmask(SIG_SETMASK, &oldmask, NULL);
1900
1901 if (ret != 0)
1902 pr_err("uns: daemon exited abnormally\n");
1903 else
1904 pr_info("uns: daemon stopped\n");
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRadE4HtGX0xZfM5m05cAqwSn9QqlIeVw-2FkcLgYpA0lPa4-2FPFHPsi12cWgYDDPc-2BEFA-3D_7XGyd8wnBKQKOUX2qhR2S3Y7QuldqTTvWwLYtKkICxU2IIo9lHTrhIifbL9n8uNhnZwsUgtoaSsGaEyfRMmEFFvODMZH30hr6kV6x36lgpUMocKa-2Bcx0D-2Frs0GEQpOAA0O1mJ9Eu5OAlpeCEgVoVu0PVMA2wCph-2BacDfFfnmhg-2Bf-2BR492ERJsIGssYeD-2B0vcD-2B5ielE0IbEX3-2Fi-2BpxR65w-3D-3D
To manage Coverity Scan email notifications for "avagin at gmail.com",
click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq44kXajrJ468k-2Fv66mxYCIPsDiUCv-2B4KWm4khKJsFIPV5Ax9D4yYQUTik4CXrp0zKb-2B58ffTkdow6VNvG3RJ5t0Etx-2BiRAJHZZFXBSHBHLrQE-3D_7XGyd8wnBKQKOUX2qhR2S3Y7QuldqTTvWwLYtKkICxU2IIo9lHTrhIifbL9n8uNh7cA-2Fv1-2FHyMogx5LFM7mSmj4BNtCMrmrnvCp7Gj1ZAPyO4zGeC-2FsLl4pDlyC2835U8bJpN6ycF-2F10EhyRBnm9mGL-2FlXD3gAsgFeBufIPjfyJF585NBDTPTkzOaYhG0OLxkLcJceuGeaszSqo2Fm1-2BMg-3D-3D
More information about the CRIU
mailing list