<div><br></div><div><br><div class="gmail_quote"><div dir="ltr">---------- Пересылаемое сообщение ---------<br>От: <<a href="mailto:scan-admin@coverity.com">scan-admin@coverity.com</a>><br>Дата: чт, 16 авг. 2018 г. в 17:21<br>Тема: New Defects reported by Coverity Scan for avagin/criu<br>Кому: <<a href="mailto:avagin@gmail.com">avagin@gmail.com</a>><br></div><br><br>Hi,<br>
<br>
Please find the latest report on new defect(s) introduced to avagin/criu found with Coverity Scan.<br>
<br>
3 new defect(s) introduced to avagin/criu found with Coverity Scan.<br>
8 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.<br>
<br>
New defect(s) Reported-by: Coverity Scan<br>
Showing 3 of 3 defect(s)<br>
<br>
<br>
** CID 191305: (RESOURCE_LEAK)<br>
/criu/parasite-syscall.c: 480 in parasite_prepare_threads()<br>
/criu/parasite-syscall.c: 492 in parasite_prepare_threads()<br>
/criu/parasite-syscall.c: 492 in parasite_prepare_threads()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 191305: (RESOURCE_LEAK)<br>
/criu/parasite-syscall.c: 480 in parasite_prepare_threads()<br>
474 thread_ctls = xzalloc(sizeof(*thread_ctls) * item->nr_threads);<br>
475 if (!thread_ctls)<br>
476 return -1;<br>
477 <br>
478 thread_sp = xzalloc(sizeof(*thread_sp) * item->nr_threads);<br>
479 if (!thread_sp)<br>
>>> CID 191305: (RESOURCE_LEAK)<br>
>>> Variable "thread_ctls" going out of scope leaks the storage it points to.<br>
480 return -1;<br>
481 <br>
482 for (i = 0; i < item->nr_threads; i++) {<br>
483 struct pid *tid = &item->threads[i];<br>
484 <br>
485 if (item->pid->real == tid->real) {<br>
/criu/parasite-syscall.c: 492 in parasite_prepare_threads()<br>
486 thread_sp[i] = compel_get_leader_sp(ctl);<br>
487 continue;<br>
488 }<br>
489 <br>
490 thread_ctls[i] = compel_prepare_thread(ctl, tid->real);<br>
491 if (!thread_ctls[i])<br>
>>> CID 191305: (RESOURCE_LEAK)<br>
>>> Variable "thread_ctls" going out of scope leaks the storage it points to.<br>
492 return -1;<br>
493 <br>
494 thread_sp[i] = compel_get_thread_sp(thread_ctls[i]);<br>
495 }<br>
496 <br>
497 dmpi(item)->thread_ctls = thread_ctls;<br>
/criu/parasite-syscall.c: 492 in parasite_prepare_threads()<br>
486 thread_sp[i] = compel_get_leader_sp(ctl);<br>
487 continue;<br>
488 }<br>
489 <br>
490 thread_ctls[i] = compel_prepare_thread(ctl, tid->real);<br>
491 if (!thread_ctls[i])<br>
>>> CID 191305: (RESOURCE_LEAK)<br>
>>> Variable "thread_sp" going out of scope leaks the storage it points to.<br>
492 return -1;<br>
493 <br>
494 thread_sp[i] = compel_get_thread_sp(thread_ctls[i]);<br>
495 }<br>
496 <br>
497 dmpi(item)->thread_ctls = thread_ctls;<br>
<br>
** CID 191304: Security best practices violations (STRING_OVERFLOW)<br>
/criu/cr-service.c: 1244 in cr_service()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 191304: Security best practices violations (STRING_OVERFLOW)<br>
/criu/cr-service.c: 1244 in cr_service()<br>
1238 <br>
1239 if (opts.addr == NULL) {<br>
1240 pr_warn("Binding to local dir address!\n");<br>
1241 SET_CHAR_OPTS(addr, CR_DEFAULT_SERVICE_ADDRESS);<br>
1242 }<br>
1243 <br>
>>> CID 191304: Security best practices violations (STRING_OVERFLOW)<br>
>>> You might overrun the 108-character fixed-size string "server_addr.sun_path" by copying "opts.addr" without checking the length.<br>
1244 strcpy(server_addr.sun_path, opts.addr);<br>
1245 <br>
1246 server_addr_len = strlen(server_addr.sun_path)<br>
1247 + sizeof(server_addr.sun_family);<br>
1248 client_addr_len = sizeof(client_addr);<br>
1249 <br>
<br>
** CID 164715: (BUFFER_SIZE_WARNING)<br>
/criu/cr-restore.c: 3471 in sigreturn_restore()<br>
/criu/cr-restore.c: 3473 in sigreturn_restore()<br>
<br>
<br>
________________________________________________________________________________________________________<br>
*** CID 164715: (BUFFER_SIZE_WARNING)<br>
/criu/cr-restore.c: 3471 in sigreturn_restore()<br>
3465 sigframe = (struct rt_sigframe *)&mz[i].rt_sigframe;<br>
3466 <br>
3467 if (construct_sigframe(sigframe, sigframe, blkset, tcore))<br>
3468 goto err;<br>
3469 <br>
3470 if (tcore->thread_core->comm)<br>
>>> CID 164715: (BUFFER_SIZE_WARNING)<br>
>>> Calling strncpy with a maximum size argument of 16 bytes on destination array "thread_args[i].comm" of size 16 bytes might leave the destination string unterminated.<br>
3471 strncpy(thread_args[i].comm, tcore->thread_core->comm, TASK_COMM_LEN);<br>
3472 else<br>
3473 strncpy(thread_args[i].comm, core->tc->comm, TASK_COMM_LEN);<br>
3474 <br>
3475 if (thread_args[i].pid != pid)<br>
3476 core_entry__free_unpacked(tcore, NULL);<br>
/criu/cr-restore.c: 3473 in sigreturn_restore()<br>
3467 if (construct_sigframe(sigframe, sigframe, blkset, tcore))<br>
3468 goto err;<br>
3469 <br>
3470 if (tcore->thread_core->comm)<br>
3471 strncpy(thread_args[i].comm, tcore->thread_core->comm, TASK_COMM_LEN);<br>
3472 else<br>
>>> CID 164715: (BUFFER_SIZE_WARNING)<br>
>>> Calling strncpy with a maximum size argument of 16 bytes on destination array "thread_args[i].comm" of size 16 bytes might leave the destination string unterminated.<br>
3473 strncpy(thread_args[i].comm, core->tc->comm, TASK_COMM_LEN);<br>
3474 <br>
3475 if (thread_args[i].pid != pid)<br>
3476 core_entry__free_unpacked(tcore, NULL);<br>
3477 <br>
3478 pr_info("Thread %4d stack %8p rt_sigframe %8p\n",<br>
<br>
<br>
________________________________________________________________________________________________________<br>
To view the defects in Coverity Scan visit, <a href="https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRadE4HtGX0xZfM5m05cAqwSn9QqlIeVw-2FkcLgYpA0lPa4-2FPFHPsi12cWgYDDPc-2BEFA-3D_7XGyd8wnBKQKOUX2qhR2S3Y7QuldqTTvWwLYtKkICxW3y3l6qm7bIyDTDZoVpYU7bJRXuxdjm2EeiGJkKUYp7PwzioztceqLfTyQU9-2FJVrlmmorjjlp1tEchYBXVwy5nRoglCoDhCOPHPg7G7dxUIkX81sA4cPQ3ywBrvqQgTFlVnKy2d8Nh8ZEDZOESjxTmzfx1UwYSa685pObX-2B8AKEw-3D-3D" rel="noreferrer" target="_blank">https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRadE4HtGX0xZfM5m05cAqwSn9QqlIeVw-2FkcLgYpA0lPa4-2FPFHPsi12cWgYDDPc-2BEFA-3D_7XGyd8wnBKQKOUX2qhR2S3Y7QuldqTTvWwLYtKkICxW3y3l6qm7bIyDTDZoVpYU7bJRXuxdjm2EeiGJkKUYp7PwzioztceqLfTyQU9-2FJVrlmmorjjlp1tEchYBXVwy5nRoglCoDhCOPHPg7G7dxUIkX81sA4cPQ3ywBrvqQgTFlVnKy2d8Nh8ZEDZOESjxTmzfx1UwYSa685pObX-2B8AKEw-3D-3D</a><br>
<br>
To manage Coverity Scan email notifications for "<a href="mailto:avagin@gmail.com" target="_blank">avagin@gmail.com</a>", click <a href="https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq44kXajrJ468k-2Fv66mxYCIPsDiUCv-2B4KWm4khKJsFIPV5Ax9D4yYQUTik4CXrp0zKb-2B58ffTkdow6VNvG3RJ5t0Etx-2BiRAJHZZFXBSHBHLrQE-3D_7XGyd8wnBKQKOUX2qhR2S3Y7QuldqTTvWwLYtKkICxW3y3l6qm7bIyDTDZoVpYU7JBjb-2BRtUBGXPN7yCSq4DCB4ocQCeb6ZJk8Tpy4PaoGD4NlRwcnT0XRir9hvZYEzkUwHHjIFgVt5rtG2uDik-2FYaFu9VVzE2DnXwcRce3RGRC-2B3Glfh9M-2FieDi7mc8Zk9GvZGNAUVJEuBkKnEbRKx9Dg-3D-3D" rel="noreferrer" target="_blank">https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq44kXajrJ468k-2Fv66mxYCIPsDiUCv-2B4KWm4khKJsFIPV5Ax9D4yYQUTik4CXrp0zKb-2B58ffTkdow6VNvG3RJ5t0Etx-2BiRAJHZZFXBSHBHLrQE-3D_7XGyd8wnBKQKOUX2qhR2S3Y7QuldqTTvWwLYtKkICxW3y3l6qm7bIyDTDZoVpYU7JBjb-2BRtUBGXPN7yCSq4DCB4ocQCeb6ZJk8Tpy4PaoGD4NlRwcnT0XRir9hvZYEzkUwHHjIFgVt5rtG2uDik-2FYaFu9VVzE2DnXwcRce3RGRC-2B3Glfh9M-2FieDi7mc8Zk9GvZGNAUVJEuBkKnEbRKx9Dg-3D-3D</a><br>
<br>
</div></div>