Red Hat Bugzilla – Bug 611790
fix coverity Defect Type: Null pointer dereferences issues 11940 - 12166
Last modified: 2015-01-04 18:43:11 EST
Created attachment 429893 [details] 0001-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429894 [details] 0002-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429895 [details] 0003-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429896 [details] 0004-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429897 [details] 0005-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429898 [details] 0006-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429899 [details] 0007-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429900 [details] 0008-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429901 [details] 0009-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429902 [details] 0010-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429903 [details] 0011-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429904 [details] 0012-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429906 [details] 0013-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429907 [details] 0014-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429908 [details] 0015-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429909 [details] 0016-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429910 [details] 0017-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429911 [details] 0018-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429912 [details] 0019-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429913 [details] 0020-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 429914 [details] 0021-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment on attachment 429893 [details] 0001-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch I just pushed a patch that removes lexer.h and lexer.cpp commit 4a103859b7100bc30046ecba3efca2e8f0b09c7d Author: Rich Megginson <rmeggins@redhat.com> Date: Thu Jul 1 11:39:02 2010 -0600
Comment on attachment 429894 [details] 0002-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch I think noriko has a patch that conflicts with this one - you should coordinate with her
Comment on attachment 429896 [details] 0004-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch I think this will leak macro_str and working_list
Comment on attachment 429897 [details] 0005-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch This will leak macro_prefix
Comment on attachment 429899 [details] 0007-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch in general, it's not a good idea to change the formatting - this one was ok, not too big, and easy to find the actual bug fix intermixed with the formatting changes - but for large patches, with many lines of formatting changes, it makes it difficult to read I know the formatting is really bad in a lot of files - I have to resist the urge to reformat things constantly . . .
Comment on attachment 429900 [details] 0008-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch This change: @@ -4781,6 +4775,12 @@ static int _cl5GetRUV2Purge2 (Object *fileObj, RUV **ruv) rObj = replica_get_by_name (dbFile->replName); PR_ASSERT (rObj); + + if (!rObj) { + rc = CL5_MEMORY_ERROR; + goto out; + } + skips line 4800 object_release (supRUVObj); is this ok to do?
Created attachment 430107 [details] 0004a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 430108 [details] 0005a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Comment on attachment 429903 [details] 0011-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch need to init value in my_ber_scanf_attr: Slapi_Value *value = NULL;
Comment on attachment 429904 [details] 0012-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch The caller may expect *entry = NULL even if !windows_conn_connected(conn) just do something like this at the beginning of the function: if (!entry) { log error message return CONN_LOCAL_ERROR; /* entry should never == NULL here */ } *entry = NULL; ....
Created attachment 430165 [details] 0008a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 430166 [details] 0011a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 430167 [details] 0012a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch
Created attachment 431250 [details] 0011b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch Fixed a problem during merging.
Created attachment 440076 [details] 0004b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=11961&streamDefectId=12147&defectInstanceId=14012&evidenceId=35035&fileInstanceId=49276 I propose a new patch for 0004a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch Description: Caller aclutil_evaluate_macro was not checking the NULL return. Added the check to the patch. Also, another error case could just return NULL.
Comment on attachment 440076 [details] 0004b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch You could use LDAPDebug1Arg here, and use slapi_ch_free_string(¯o_str);
Comment on attachment 430108 [details] 0005a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=11960&streamDefectId=12146&defectInstanceId=14011&evidenceId=35027&fileInstanceId=49281
Comment on attachment 430165 [details] 0008a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch _cl5NewDBFile http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12149&streamDefectId=12335&defectInstanceId=14223&fileInstanceId=49476 _cl5GetRUV2Purge2 http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12150&streamDefectId=12336&defectInstanceId=14224&fileInstanceId=49476 http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12151&streamDefectId=12337&defectInstanceId=14225&fileInstanceId=49476 _cl5GetOperation http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12152&streamDefectId=12338&defectInstanceId=14226&fileInstanceId=49476 _cl5PositionCursorForReplay http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12153&streamDefectId=12339&defectInstanceId=14227&fileInstanceId=49476 cl5CreateReplayIterator http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12154&streamDefectId=12340&defectInstanceId=14228&fileInstanceId=49476 http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12155&streamDefectId=12341&defectInstanceId=14229&fileInstanceId=49476
Comment on attachment 430167 [details] 0012a-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12160&streamDefectId=12346&defectInstanceId=14235&fileInstanceId=49539
Comment on attachment 431250 [details] 0011b-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch my_ber_scanf_value http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12158&streamDefectId=12344&defectInstanceId=14232&fileInstanceId=49533 my_ber_scanf_value http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12159&streamDefectId=12345&defectInstanceId=14234&fileInstanceId=49533
Comment on attachment 429910 [details] 0017-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12138&streamDefectId=12324&defectInstanceId=14211&fileInstanceId=49058
Comment on attachment 429911 [details] 0018-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=12140&streamDefectId=12326&defectInstanceId=14214&fileInstanceId=49073
Comment on attachment 429912 [details] 0019-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=11941&streamDefectId=12127&defectInstanceId=13992&fileInstanceId=48875
Comment on attachment 429913 [details] 0020-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=11945&streamDefectId=12131&defectInstanceId=13996&fileInstanceId=49199
Comment on attachment 429914 [details] 0021-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch http://10.16.47.145:8080/sourcebrowser.htm?projectId=10030#mergedDefectId=11946&streamDefectId=12132&defectInstanceId=13997&fileInstanceId=49265
Comment on attachment 429894 [details] 0002-Bug-611790-fix-coverify-Defect-Type-Null-pointer-der.patch Subset of this change. 609255 - fix coverity Defect Type: Memory - illegal accesses issues https://bugzilla.redhat.com/show_bug.cgi?id=609255 12241 Triaged Unassigned Bug Minor Fix Required delete_acl_from_file(char *, char *…) ds/lib/libaccess/acltools.cpp 12242 UNINIT Triaged Unassigned Bug Minor Fix Required get_acl_from_file(char *, char *, ACLListHandle **…) ds/lib/libaccess/acltools.cpp 12243 UNINIT Triaged Unassigned Bug Minor Fix Required ACL_FileGetNameList() ds/lib/libaccess/acltools.cpp 12244 UNINIT Triaged Unassigned Bug Minor Fix Required ACL_FileGetNameList() ds/lib/libaccess/acltools.cpp 12245 UNINIT Triaged Unassigned Bug Minor Fix Required rename_acl_in_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp 12246 UNINIT Triaged Unassigned Bug Minor Fix Required append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp 12247 UNINIT Triaged Unassigned Bug Minor Fix Required append_acl_to_file(char *, char *, char *…) ds/lib/libaccess/acltools.cpp Comment: ACL_FileRenameAcl, ACL_FileDeleteAcl, ACL_FileGetAcl, ACL_FileSetAcl, ACL_FileMergeAcl, ACL_FileMergeFile and their helper functions are not used. These functions and their helper functions plus libaccess test programs under the directory ./utest are eliminated.
On behalf of Endi (edewata@redhat.com), pushed to master. $ git merge coverity Updating e5fe26a..0712904 Fast-forward ldap/servers/plugins/acl/acl.c | 7 ++- ldap/servers/plugins/acl/acllas.c | 56 +++++++------ ldap/servers/plugins/acl/aclutil.c | 29 +++++--- ldap/servers/plugins/cos/cos_cache.c | 12 +++- ldap/servers/plugins/http/http_impl.c | 81 +++++++++++--------- ldap/servers/plugins/replication/cl5_api.c | 52 ++++++++----- ldap/servers/plugins/replication/repl5_replica.c | 16 ++++ ldap/servers/plugins/replication/repl5_ruv.c | 8 ++- ldap/servers/plugins/replication/repl5_total.c | 11 ++- .../plugins/replication/windows_connection.c | 7 ++ .../plugins/replication/windows_protocol_util.c | 41 ++++++---- ldap/servers/plugins/retrocl/retrocl_trim.c | 15 +++- ldap/servers/plugins/roles/roles_cache.c | 19 ++++- ldap/servers/slapd/back-ldbm/dblayer.c | 2 + ldap/servers/slapd/plugin.c | 60 ++++++--------- ldap/servers/slapd/result.c | 4 +- lib/ldaputil/certmap.c | 1 + lib/libaccess/lasip.cpp | 16 +++- lib/libsi18n/reshash.c | 21 +++++- 19 files changed, 292 insertions(+), 166 deletions(-) $ git push Counting objects: 160, done. Delta compression using up to 4 threads. Compressing objects: 100% (125/125), done. Writing objects: 100% (125/125), 14.05 KiB, done. Total 125 (delta 106), reused 0 (delta 0) To ssh://git.fedorahosted.org/git/389/ds.git e5fe26a..0712904 master -> master