qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scan-ad...@coverity.com
Subject New Defects reported by Coverity Scan for Apache-Qpid
Date Sun, 18 Jan 2015 22:48:45 GMT

Hi,

Please find the latest report on new defect(s) introduced to Apache-Qpid found with Coverity
Scan.

7 new defect(s) introduced to Apache-Qpid found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 400915:  Resource leak in object  (CTOR_DTOR_LEAK)
/qpidbuilds/trunk/qpid/cpp/src/qpid/sys/Shlib.h: 39 in qpid::sys::Shlib::Shlib(const char
*)()

** CID 400954:  Dereference after null check  (FORWARD_NULL)
/qpidbuilds/trunk/qpid/cpp/src/qpid/xml/XmlExchange.cpp: 150 in qpid::broker::XmlExchange::bind(boost::shared_ptr<qpid::broker::Queue>,
const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&,
const qpid::framing::FieldTable *)()
/qpidbuilds/trunk/qpid/cpp/src/qpid/xml/XmlExchange.cpp: 150 in qpid::broker::XmlExchange::bind(boost::shared_ptr<qpid::broker::Queue>,
const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&,
const qpid::framing::FieldTable *)()

** CID 400955:  Unchecked dynamic_cast  (FORWARD_NULL)
/qpidbuilds/trunk/qpid/cpp/src/tests/logging.cpp: 445 in qpid::tests::testQuoteNonPrintable()()

** CID 401229:  Uncaught exception  (UNCAUGHT_EXCEPT)
/qpidbuilds/trunk/qpid/cpp/src/posix/QpiddBroker.cpp: 221 in main()

** CID 401297:  Uninitialized scalar field  (UNINIT_CTOR)
/qpidbuilds/trunk/qpid/cpp/src/tests/TimerTest.cpp: 64 in qpid::tests::TestTask::TestTask(qpid::sys::Duration,
qpid::tests::Counter &)()

** CID 1033539:  Uninitialized pointer field  (UNINIT_CTOR)
/qpidbuilds/trunk/qpid/cpp/src/qpidd.h: 55 in qpid::broker::QpiddOptionsPrivate::QpiddOptionsPrivate()()

** CID 1127840:  Use of untrusted string value  (TAINTED_STRING)


________________________________________________________________________________________________________
*** CID 400915:  Resource leak in object  (CTOR_DTOR_LEAK)
/qpidbuilds/trunk/qpid/cpp/src/qpid/sys/Shlib.h: 39 in qpid::sys::Shlib::Shlib(const char
*)()
33     /** Encapsulates a shared library handle.
34      *@see AutoShlib
35      */
36     class Shlib {
37       public:
38         /** Load a shared library */
>>>     CID 400915:  Resource leak in object  (CTOR_DTOR_LEAK)
>>>     The constructor allocates field "handle" of "qpid::sys::Shlib" but there
is no destructor.
39         Shlib(const char* libname) { load(libname); }
40     
41         /** Load a shared library */
42         Shlib(const std::string& libname) { load(libname.c_str()); }
43     
44         /** Unload shared library. */

________________________________________________________________________________________________________
*** CID 400954:  Dereference after null check  (FORWARD_NULL)
/qpidbuilds/trunk/qpid/cpp/src/qpid/xml/XmlExchange.cpp: 150 in qpid::broker::XmlExchange::bind(boost::shared_ptr<qpid::broker::Queue>,
const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&,
const qpid::framing::FieldTable *)()
144         // federated requests are done by calling the relevent methods.
145     
146         std::string fedOp;
147         std::string fedTags;
148         std::string fedOrigin;
149         
>>>     CID 400954:  Dereference after null check  (FORWARD_NULL)
>>>     Comparing "args" to null implies that "args" might be null.
150         if (args) 
151             fedOp = args->getAsString(qpidFedOp);
152         if (! fedOp.empty())  {
153             fedTags =  args->getAsString(qpidFedTags);
154             fedOrigin = args->getAsString(qpidFedOrigin);
155         }
/qpidbuilds/trunk/qpid/cpp/src/qpid/xml/XmlExchange.cpp: 150 in qpid::broker::XmlExchange::bind(boost::shared_ptr<qpid::broker::Queue>,
const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&,
const qpid::framing::FieldTable *)()
144         // federated requests are done by calling the relevent methods.
145     
146         std::string fedOp;
147         std::string fedTags;
148         std::string fedOrigin;
149         
>>>     CID 400954:  Dereference after null check  (FORWARD_NULL)
>>>     Comparing "args" to null implies that "args" might be null.
150         if (args) 
151             fedOp = args->getAsString(qpidFedOp);
152         if (! fedOp.empty())  {
153             fedTags =  args->getAsString(qpidFedTags);
154             fedOrigin = args->getAsString(qpidFedOrigin);
155         }

________________________________________________________________________________________________________
*** CID 400955:  Unchecked dynamic_cast  (FORWARD_NULL)
/qpidbuilds/trunk/qpid/cpp/src/tests/logging.cpp: 445 in qpid::tests::testQuoteNonPrintable()()
439         qpid::log::windows::SinkOptions *sinks =
440           dynamic_cast<qpid::log::windows::SinkOptions *>(opts.sinkOptions.get());
441     #else
442         qpid::log::posix::SinkOptions *sinks =
443           dynamic_cast<qpid::log::posix::SinkOptions *>(opts.sinkOptions.get());
444     #endif
>>>     CID 400955:  Unchecked dynamic_cast  (FORWARD_NULL)
>>>     Dereferencing null pointer "sinks".
445         sinks->logToStderr = false;
446         sinks->logFile = "logging.tmp";
447         l.configure(opts);
448     
449         char s[] = "null\0tab\tspace newline\nret\r\x80\x99\xff";
450         string str(s, sizeof(s));

________________________________________________________________________________________________________
*** CID 401229:  Uncaught exception  (UNCAUGHT_EXCEPT)
/qpidbuilds/trunk/qpid/cpp/src/posix/QpiddBroker.cpp: 221 in main()
215         }
216         return 0;
217     }
218     
219     }} // namespace qpid::Broker
220     
>>>     CID 401229:  Uncaught exception  (UNCAUGHT_EXCEPT)
>>>     In function "main" an exception of type "qpid::Options::Exception" is thrown
and never caught.
221     int main(int argc, char* argv[])
222     {
223         return qpid::broker::run_broker(argc, argv);

________________________________________________________________________________________________________
*** CID 401297:  Uninitialized scalar field  (UNINIT_CTOR)
/qpidbuilds/trunk/qpid/cpp/src/tests/TimerTest.cpp: 64 in qpid::tests::TestTask::TestTask(qpid::sys::Duration,
qpid::tests::Counter &)()
58         uint position;
59         Monitor monitor;
60         Counter& counter;
61     
62       public:
63         TestTask(Duration timeout, Counter& _counter)
>>>     CID 401297:  Uninitialized scalar field  (UNINIT_CTOR)
>>>     Non-static class member "position" is not initialized in this constructor
nor in any functions that it calls.
64             : TimerTask(timeout, "Test"), start(now()), expected(timeout), end(start),
fired(false), counter(_counter) {}
65     
66         void fire()
67         {
68             Monitor::ScopedLock l(monitor);
69             fired = true;

________________________________________________________________________________________________________
*** CID 1033539:  Uninitialized pointer field  (UNINIT_CTOR)
/qpidbuilds/trunk/qpid/cpp/src/qpidd.h: 55 in qpid::broker::QpiddOptionsPrivate::QpiddOptionsPrivate()()
49     struct QpiddOptions;
50     struct QpiddOptionsPrivate {
51         QpiddOptions *options;
52         QpiddOptionsPrivate(QpiddOptions *parent) : options(parent) {}
53         virtual ~QpiddOptionsPrivate() {}
54     protected:
>>>     CID 1033539:  Uninitialized pointer field  (UNINIT_CTOR)
>>>     Non-static class member "options" is not initialized in this constructor
nor in any functions that it calls.
55         QpiddOptionsPrivate() {}
56     };
57     
58     struct QpiddOptions : public qpid::Options {
59         qpid::CommonOptions common;
60         qpid::ModuleOptions module;

________________________________________________________________________________________________________
*** CID 1127840:  Use of untrusted string value  (TAINTED_STRING)
/qpidbuilds/trunk/qpid/cpp/src/tests/XmlClientSessionTest.cpp: 49 in qpid::tests::XmlFixture::XmlFixture()()
43     namespace tests {
44     
45     QPID_AUTO_TEST_SUITE(XmlClientSessionTest)
46     
47     struct XmlFixture {
48         XmlFixture() {
>>>     CID 1127840:  Use of untrusted string value  (TAINTED_STRING)
>>>     Passing tainted string "std::string(getLibPath("XML_LIB", NULL))" to "qpid::sys::Shlib::Shlib(std::string
const &)", which cannot accept tainted data.
49             qpid::sys::Shlib shlib(getLibPath("XML_LIB"));
50         }
51         ~XmlFixture() {}
52     };
53     
54     using namespace qpid::client;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/6?tab=overview

To manage Coverity Scan email notifications for "dev@qpid.apache.org", click http://scan.coverity.com/subscriptions/edit?email=dev%40qpid.apache.org&token=60991677ffaf52c2eed1d29bf727edf0
.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message