qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Rolke <cro...@redhat.com>
Subject Re: New Defects reported by Coverity Scan for Apache-Qpid
Date Mon, 12 Jan 2015 18:00:40 GMT


----- Original Message -----
> From: "Gordon Sim" <gsim@redhat.com>
> To: dev@qpid.apache.org
> Sent: Monday, January 12, 2015 7:55:23 AM
> Subject: Re: New Defects reported by Coverity Scan for Apache-Qpid
> 
> On 01/11/2015 10:06 PM, scan-admin@coverity.com wrote:
> > Please find the latest report on new defect(s) introduced to Apache-Qpid
> > found with Coverity Scan.
> >
> > 1 new defect(s) introduced to Apache-Qpid found with Coverity Scan.
> > 7 defect(s), reported by Coverity Scan earlier, were marked fixed in the
> > recent build analyzed by Coverity Scan.
> >
> > New defect(s) Reported-by: Coverity Scan
> > Showing 1 of 1 defect(s)
> >
> >
> > ** CID 1262251:  Double free  (USE_AFTER_FREE)
> >
> >
> > ________________________________________________________________________________________________________
> > *** CID 1262251:  Double free  (USE_AFTER_FREE)
> > /qpidbuilds/trunk/qpid/cpp/src/qpid/broker/LossyLvq.h: 34 in
> > qpid::broker::LossyLvq::~LossyLvq()()
> > 28     namespace broker {
> > 29     class MessageMap;
> > 30
> > 31     /**
> > 32      * Combination of LossyQueue and Lvq behaviours.
> > 33      */
> >>>>      CID 1262251:  Double free  (USE_AFTER_FREE)
> >>>>      Calling "qpid::broker::LossyQueue::~LossyQueue()" frees pointer
> >>>>      "this->externalQueueStore" which has already been freed.
> 
> I think coverity is wrong here. It seems to believe that the destructor
> for PersistableQueue will be called twice for the same instance. However
> this is not my understanding of the way c++ works or the behaviour I see
> in practice.
> 
> Lvq and LossyQueue use virtual inheritance when extending the Queue so
> the LossyLvq that inherits from each of them will still have one
> instance of Queue as its superclass, and the constructor and destructor
> of Queue will be called only once.
> 
> Am I wrong in any of this? Is there a platform where the destructor for
> PersistableQueue is called twice when freeing a given instance of LossyLvq?
> 
> > 34     class LossyLvq : public Lvq, public LossyQueue
> > 35     {
> > 36       public:
> > 37         LossyLvq(const std::string&, std::auto_ptr<MessageMap>, const
> > QueueSettings&, MessageStore* const, management::Manageable*, Broker*);
> > 38     };
> > 39     }} // namespace qpid::broker
> > 40
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
> For additional commands, e-mail: dev-help@qpid.apache.org
> 
> 

Visual Studio 2010 x64 generates five new warnings compiling LossyLvq code. 
The code may be correct and the compiler is known to warn on correct code.
That said, if the code could be reorganized to avoid the warnings maybe
Coverity would stop complaining as well.

3>d:\users\crolke\git\rh-qpid\qpid\cpp\src\qpid\broker\LossyLvq.h(38): 
      warning C4250: 'qpid::broker::LossyLvq' : 
            inherits 'qpid::broker::Lvq::qpid::broker::Lvq::push' via dominance
3>         D:\Users\crolke\git\rh-qpid\qpid\cpp\src\qpid/broker/Lvq.h(39) : 
      see declaration of 'qpid::broker::Lvq::push'

3>d:\users\crolke\git\rh-qpid\qpid\cpp\src\qpid\broker\LossyLvq.h(38): 
       warning C4250: 'qpid::broker::LossyLvq' : 
             inherits 'qpid::broker::LossyQueue::qpid::broker::LossyQueue::checkDepth' via
dominance
3>          D:\Users\crolke\git\rh-qpid\qpid\cpp\src\qpid/broker/LossyQueue.h(36) : 
      see declaration of 'qpid::broker::LossyQueue::checkDepth'

3>C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\include\memory(931): 
       warning C4150: deletion of pointer to incomplete type 'qpid::broker::MessageMap'; no
destructor called
3>          D:\Users\crolke\git\rh-qpid\qpid\cpp\src\qpid/broker/QueueCursor.h(65) : 
      see declaration of 'qpid::broker::MessageMap'
3>          C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\include\memory(930)
: while compiling class template member function 'std::auto_ptr<_Ty>::~auto_ptr(void)'
3>          with
3>          [
3>              _Ty=qpid::broker::MessageMap
3>          ]
3>          ..\..\cpp\src\qpid\broker\LossyLvq.cpp(27) : see reference to class template
instantiation 'std::auto_ptr<_Ty>' being compiled
3>          with
3>          [
3>              _Ty=qpid::broker::MessageMap
3>          ]
3>  QueueFactory.cpp


3>D:\Users\crolke\git\rh-qpid\qpid\cpp\src\qpid/broker/LossyLvq.h(38): warning C4250: 'qpid::broker::LossyLvq'
: inherits 'qpid::broker::Lvq::qpid::broker::Lvq::push' via dominance
3>          D:\Users\crolke\git\rh-qpid\qpid\cpp\src\qpid/broker/Lvq.h(39) : see declaration
of 'qpid::broker::Lvq::push'

3>D:\Users\crolke\git\rh-qpid\qpid\cpp\src\qpid/broker/LossyLvq.h(38): warning C4250: 'qpid::broker::LossyLvq'
: inherits 'qpid::broker::LossyQueue::qpid::broker::LossyQueue::checkDepth' via dominance
3>          D:\Users\crolke\git\rh-qpid\qpid\cpp\src\qpid/broker/LossyQueue.h(36) : see
declaration of 'qpid::broker::LossyQueue::checkDepth'

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message