#47892 coverity defects found in 1.3.3.x
Closed: wontfix None Opened 6 years ago by nhosoi.

  1. Defect type: FORWARD_NULL

    1. 389-ds-base-1.3.3.1/ldap/servers/plugins/memberof/memberof.c:2079:var_compare_op – Comparing "group_norm_vals" to null implies that "group_norm_vals" might be null.
    2. 389-ds-base-1.3.3.1/ldap/servers/plugins/memberof/memberof.c:2099:var_deref_model – Passing null pointer "group_norm_vals" to function "slapi_valueset_add_value_ext(Slapi_ValueSet , Slapi_Value const , unsigned long)", which dereferences it.
    3. 389-ds-base-1.3.3.1/ldap/servers/slapd/valueset.c:896:2:deref_parm_in_call – Function "slapi_valueset_add_attr_valuearray_ext(Slapi_Attr const , Slapi_ValueSet , Slapi_Value *, int, unsigned long, int )" dereferences "vs".
    4. 389-ds-base-1.3.3.1/ldap/servers/slapd/valueset.c:1075:2:deref_parm – Directly dereferencing parameter "vs".
  2. Defect type: COMPILER_WARNING

    1. 389-ds-base-1.3.3.1/lib/libaccess/aclcache.cpp:136:60:warning – deprecated conversion from string constant to 'char*' [-Wwrite-strings]

    2. 389-ds-base-1.3.3.1/lib/base/pool.cpp:411:79:warning – deprecated conversion from string constant to 'char*' [-Wwrite-strings]

    3. 389-ds-base-1.3.3.1/lib/base/pool.cpp:389:77:warning – deprecated conversion from string constant to 'char*' [-Wwrite-strings]

    4. 389-ds-base-1.3.3.1/lib/base/pool.cpp:283:77:warning – deprecated conversion from string constant to 'char*' [-Wwrite-strings]

    5. 389-ds-base-1.3.3.1/lib/base/pool.cpp:262:77:warning – deprecated conversion from string constant to 'char*' [-Wwrite-strings]

    6. 389-ds-base-1.3.3.1/lib/base/pool.cpp:181:82:warning – deprecated conversion from string constant to 'char*' [-Wwrite-strings]

    7. 389-ds-base-1.3.3.1/ldap/servers/slapd/back-ldbm/ldif2ldbm.c:2198:78:warning – 'j' may be used uninitialized in this function [-Wmaybe-uninitialized]

    8. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/aclparse.c:538:28:warning – 'is_target_to' may be used uninitialized in this function [-Wmaybe-uninitialized]

    9. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/acl.c:2493:26:warning – 'attrFilterArray' may be used uninitialized in this function [-Wmaybe-uninitialized]

  3. Defect type: CLANG_WARNING

    1. 389-ds-base-1.3.3.1/ldap/servers/slapd/tools/rsearch/nametable.c:161:5:warning – Potential leak of memory pointed to by 's'

    PR_Close(fd);

    ^~~~

    1. 389-ds-base-1.3.3.1/ldap/servers/slapd/tools/migratecred.c:204:30:warning – Potential leak of memory pointed to by 'pluginpath'

    libpath[sizeof(libpath)-1] = 0;

    ~^

    1. 389-ds-base-1.3.3.1/ldap/servers/slapd/tools/migratecred.c:164:8:warning – Potential leak of memory pointed to by 'prefixCred'

    if ( !oldpath || !newpath || !cred )

    ^~~

    1. 389-ds-base-1.3.3.1/ldap/servers/slapd/tools/ldif.c:185:3:warning – Potential leak of memory pointed to by 'buf'

    free( buf );

    ^~~~

    1. 389-ds-base-1.3.3.1/ldap/servers/slapd/tools/ldif.c:145:8:warning – Potential leak of memory pointed to by 'val'

    perror( "ldif_type_and_value" );

    ^~


  1. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/aclparse.c:538:28:warning – 'is_target_to' may be used uninitialized in this function [-Wmaybe-uninitialized]

This is a false positive. is_target_to is only used if type & ACI_TARGET_MODDN, and it is always set if type & ACI_TARGET_MODDN.

  1. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/acl.c:2493:26:warning – 'attrFilterArray' may be used uninitialized in this function [-Wmaybe-uninitialized]

This is a false positive. attrFilterArray will always be set in this case.

To ssh://git.fedorahosted.org/git/389/ds.git
2ea6c3a..6dc23ec 389-ds-base-1.3.3 -> 389-ds-base-1.3.3
commit 6dc23ec
Author: Rich Megginson rmeggins@redhat.com
Date: Fri Sep 12 13:11:26 2014 -0600
52e57de..66e43ae master -> master
commit 66e43ae
Author: Rich Megginson rmeggins@redhat.com
Date: Fri Sep 12 13:11:26 2014 -0600

Defect type: COMPILER_WARNING ¶

{{{
1. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/aclparse.c:0:scope_hint – In function 'acl_parse'
389-ds-base-1.3.3.1/ldap/servers/plugins/acl/aclparse.c:538:28:warning – 'is_target_to' may be used uninitialized in this function [-Wmaybe-uninitialized]

if (is_target_to) {

^

389-ds-base-1.3.3.1/ldap/servers/plugins/acl/aclparse.c:259:17:note – 'is_target_to' was declared here

PRBool is_target_to;

^

}}}

{{{
1. 389-ds-base-1.3.3.1/ldap/servers/plugins/acl/acl.c:0:scope_hint – In function 'acl__resource_match_aci'
389-ds-base-1.3.3.1/ldap/servers/plugins/acl/acl.c:2493:26:warning – 'attrFilterArray' may be used uninitialized in this function [-Wmaybe-uninitialized]

while (attrFilterArray[num_attrs] && attr_matched) {

}}}

git patch file (master) -- fixing compiler warnings reported by covscan on 1.3.3.4.
0001-Ticket-47892-coverity-defects-found-in-1.3.3.x.patch

Reviewed by Mark (Thank you!!)

Pushed to master:
ce73789..afc8b06 master -> master
commit afc8b06

Pushed to 389-ds-base-1.3.3:
2483043..5353f9f 389-ds-base-1.3.3 -> 389-ds-base-1.3.3
commit 5353f9f

82d9a1b..5f3aaa2 master -> master
commit 5f3aaa2
Author: Mark Reynolds mreynolds@redhat.com
Date: Tue Oct 7 15:38:34 2014 -0400

8683000..0f29b5e 389-ds-base-1.3.3 -> 389-ds-base-1.3.3
commit 0f29b5e

Metadata Update from @rmeggins:
- Issue assigned to rmeggins
- Issue set to the milestone: 1.3.3 - 8/14 (August)

3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1223

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

16 days ago

Login to comment on this ticket.

Metadata