Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-10528

New static analysis issues in v2_10_56_0-122-gdfe60d0

    XMLWordPrintable

Details

    • Bug
    • Resolution: Incomplete
    • Trivial
    • None
    • Lustre 2.11.0
    • 3
    • 9223372036854775807

    Description

      Found 120 new static analysis issues in v2_10_56_0-122-gdfe60d0:

      1. Use of Unvalidated Integer as Array Index by Function Call
        • lustre/tests/directio.c: in main, Unvalidated integer value 'len' is received from 'strtoul' at line 103 and can be used to access an array through call to 'memset' at line 120. Also there are 3 similar errors on lines 120, 142.
      2. Command Injection into Shell Execution
        • lustre/tests/llapi_layout_test.c: in test4, function 'system' possibly accepts command line that may be influenced by user, causing execution of arbitrary code. Arbitrary commands can be executed by an attacker. Check the length and content of strings used for command execution.
      3. Buffer Overflow - Array Index Out of Bounds
        • lustre/tests/ll_dirstripe_verify.c: in main, Array 'root' of size 4096 may use index value(s) 4096..INT_MAX
      4. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/openunlink.c: in main, Unvalidated string 'fname2' is received from an external function through call to 'main' at line 44 can be used for path traversal through call to 'unlink' at line 78. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      5. Result of function that may return NULL will be dereferenced
        • lustre/tests/ll_sparseness_verify.c: in main, Pointer 'offsets' returned from call to function 'calloc' at line 88 may be NULL and will be dereferenced at line 90.
      6. Use of Unvalidated Data in a Format String
        • lustre/tests/createmany.c: in main, Unvalidated string 'fmt' is received from an external function through call to 'main' at line 81 can be used as a format string through call to 'get_file_name' at line 174. This can lead to buffer overflows within the string buffer which in turn can lead to arbitrary code execution from user input. Check the length and content of strings used in format string operations.
      7. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/tchmod.c: in main, Unvalidated string '*argv' is received from an external function through call to 'main' at line 37 can be used for path traversal through call to 'chmod' at line 47. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      8. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/mmap_cat.c: in main, Unvalidated string '*argv' is received from an external function through call to 'main' at line 61 can be used for path traversal through call to 'getFilesize' at line 73. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      9. Use of Unvalidated Integer in Memory Allocation
        • lustre/tests/multiop.c: in main, Unvalidated integer value 'len' is received from 'atoi' at line 512 and can be used to alter memory allocation size through call to 'read' at line 530. Also there is one similar error on line 627.
      10. Use of Dangerous Process Creation
        • lustre/tests/sendfile.c: in main, It is easy to run arbitrary commands through environment variables. Use fork, execve, and pipes instead.
      11. Resource leak
        • lustre/tests/multifstat.c: in main, Resource acquired to 'fd2' at line 56 may be lost here. Also there are 6 similar errors on lines 71, 76, 83, 89, 95, 98.
      12. Command Injection
        • lustre/tests/llapi_layout_test.c: in test27, Unvalidated string 'cmd' is received from an external function through a call to 'getenv' at line 1129 that can be run as command line through call to 'system' at line 1150. User input can be used to cause arbitrary command execution on the host system. Check strings for length and content when used for command execution.
      13. Format String Vulnerability
        • lustre/tests/unlinkmany.c: in main, function 'sprintf' possibly accepts format string that may be influenced by user, causing format string vulnerability. Undefined string lengths can lead to buffer overflows and potential exploitation by attackers. Use a defined value for string lengths.
      14. Uninitialized Variable - possible
        • lustre/tests/multiop.c: in main, 'flags' might be used uninitialized in this function.
      15. Buffer Overflow - Non-null Terminated String
        • lustre/tests/llapi_layout_test.c: in test19, Buffer overflow of 'mypool' due to non null terminated string 'mypool'
      16. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/mlink.c: in main, Unvalidated string '*argv' is received from an external function through call to 'main' at line 41 can be used for path traversal through call to 'link' at line 50. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      17. Use of Unvalidated Integer in Memory Allocation
        • lustre/tests/fsx.c: in main, Unvalidated integer value 'maxfilelen' is received from 'getnum' at line 1209 and can be used to alter memory allocation size through call to 'malloc' at line 1364.
      18. Use of Unvalidated Integer in Loop Condition
        • lustre/tests/fsx.c: in main, Unvalidated integer value 'numops' is received from 'getnum' at line 1273 and can be used in a loop condition at line 1415.
      19. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/writemany.c: in main, Unvalidated string 'directory' is received from an external function through call to 'main' at line 239 can be used for path traversal through call to 'run_one_child' at line 292. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      20. Command Injection into Shell Execution
        • lustre/tests/llapi_fid_test.c: in cleanup, function 'system' possibly accepts command line that may be influenced by user, causing execution of arbitrary code. Arbitrary commands can be executed by an attacker. Check the length and content of strings used for command execution.
      21. Use of Unvalidated Data in a Format String
        • lustre/tests/unlinkmany.c: in main, Unvalidated string 'fmt' is received from an external function through call to 'main' at line 47 can be used as a format string through call to 'sprintf' at line 91. This can lead to buffer overflows within the string buffer which in turn can lead to arbitrary code execution from user input. Check the length and content of strings used in format string operations.
      22. Command Injection into Shell Execution
        • lustre/tests/llapi_layout_test.c: in test26, function 'system' possibly accepts command line that may be influenced by user, causing execution of arbitrary code. Arbitrary commands can be executed by an attacker. Check the length and content of strings used for command execution.
      23. Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String
        • lustre/tests/small_write.c: in main, Buffer overflow of 'readbuf' caused by unvalidated user input due to non null terminated string 'readbuf'. Also there is one similar error on line 158.
      24. Uninitialized Heap Use - possible
        • lustre/tests/rename_many.c: in main, '*names->from' may get its value from uninitialized heap memory area. Also there is one similar error on line 232.
      25. Result of function that may return NULL will be dereferenced
        • lustre/tests/lockahead_test.c: in test15, Pointer 'advice' returned from call to function 'malloc' at line 428 may be NULL and will be dereferenced at line 436.
      26. Resource leak
        • lustre/tests/directio.c: in main, Resource acquired to 'fd' at line 96 may be lost here. Also there are 7 similar errors on lines 118, 125, 132, 139, 146, 151, 156.
      27. Result of function that can return NULL may be dereferenced
        • lustre/tests/check_fhandle_syscalls.c: in main, Pointer 'filename' returned from call to function 'rindex' at line 186 may be NULL and may be dereferenced at line 211. Also there are 3 similar errors on lines 234, 244, 272.
      28. Resource leak
        • lustre/tests/smalliomany.c: in main, Resource acquired to 'fd' at line 118 may be lost here.
      29. Resource leak
        • lustre/tests/test_brw.c: in main, Resource acquired to 'fd' at line 194 may be lost here. Also there are 11 similar errors on lines 215, 230, 236, 243, 253, 259, 263.
      30. Resource leak
        • lustre/tests/opendirunlink.c: in main, Resource acquired to 'fddir1' at line 75 may be lost here.
      31. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/openunlink.c: in main, Unvalidated string 'fname' is received from an external function through call to 'main' at line 44 can be used for path traversal through call to 'access' at line 89. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      32. Resource leak
        • lustre/tests/mmap_sanity.c: in mmap_tst6, Resource acquired to 'fd2' at line 577 may be lost here.
      33. Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String
        • lustre/tests/statmany.c: in main, Buffer overflow of 'parent' caused by unvalidated user input due to non null terminated string 'parent'
      34. Resource leak
        • lustre/tests/mmap_sanity.c: in mmap_tst6, Resource acquired to 'fd' at line 566 may be lost here.
      35. Resource leak
        • lustre/tests/llapi_layout_test.c: in test30, Resource acquired to 'fd' at line 1377 may be lost here.
      36. Buffer Overflow - Non-null Terminated String
        • lustre/tests/fsx.c: in main, Buffer overflow of 'logfile' due to non null terminated string 'logfile'
      37. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/opendirunlink.c: in main, Unvalidated string 'dname1' is received from an external function through call to 'main' at line 46 can be used for path traversal through call to 'mkdir' at line 66. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      38. Command Injection
        • lustre/tests/llapi_layout_test.c: in test4, Unvalidated string 'cmd' is received from an external function through a call to 'getenv' at line 235 that can be run as command line through call to 'system' at line 251. User input can be used to cause arbitrary command execution on the host system. Check strings for length and content when used for command execution.
      39. Command Injection into Shell Execution
        • lustre/tests/sendfile.c: in main, function 'system' possibly accepts command line that may be influenced by user, causing execution of arbitrary code. Arbitrary commands can be executed by an attacker. Check the length and content of strings used for command execution.
      40. Command Injection into Shell Execution
        • lustre/tests/swap_lock_test.c: in cleanup, function 'system' possibly accepts command line that may be influenced by user, causing execution of arbitrary code. Arbitrary commands can be executed by an attacker. Check the length and content of strings used for command execution.
      41. Use of Dangerous Process Creation
        • lustre/tests/llapi_layout_test.c: in test28, It is easy to run arbitrary commands through environment variables. Use fork, execve, and pipes instead.
      42. Command Injection
        • lustre/tests/llapi_layout_test.c: in test26, Unvalidated string 'cmd' is received from an external function through a call to 'getenv' at line 1081 that can be run as command line through call to 'system' at line 1099. User input can be used to cause arbitrary command execution on the host system. Check strings for length and content when used for command execution.
      43. Result of function that may return NULL will be dereferenced
        • lustre/tests/lockahead_test.c: in test18, Pointer 'advice' returned from call to function 'malloc' at line 711 may be NULL and will be dereferenced at line 718.
      44. Pointer may be dereferenced after it was positively checked for NULL
        • lustre/tests/rwv.c: in main, Pointer 'fname' checked for NULL at line 151 may be dereferenced at line 209.
      45. Buffer Overflow - Array Index Out of Bounds
        • lustre/tests/rename_many.c: in main, Array 'msg' of size 100 may use index value(s) 100..109
      46. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/mrename.c: in main, Unvalidated string '*argv' is received from an external function through call to 'main' at line 36 can be used for path traversal through call to 'rename' at line 45. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      47. Resource leak
        • lustre/tests/statone.c: in main, Resource acquired to 'fd' at line 64 may be lost here.
      48. Use of Unvalidated Integer in Memory Allocation
        • lustre/tests/test_brw.c: in main, Unvalidated integer value 'len' is received from 'strtoul' at line 164 and can be used to alter memory allocation size through call to 'read' at line 249.
      49. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/statmany.c: in main, Unvalidated string 'filename' is received from an external function through call to 'main' at line 69 can be used for path traversal through call to 'stat' at line 174. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      50. Use of Dangerous Process Creation
        • lustre/tests/llapi_fid_test.c: in cleanup, It is easy to run arbitrary commands through environment variables. Use fork, execve, and pipes instead.
      51. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/checkstat.c: in main, Unvalidated string 'fname' is received from an external function through call to 'main' at line 81 can be used for path traversal through call to 'readlink' at line 297. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      52. Resource leak
        • lustre/tests/ll_sparseness_verify.c: in main, Resource acquired to 'fd' at line 79 may be lost here. Also there is one similar error on line 129.
      53. Resource leak
        • lustre/tests/openfilleddirunlink.c: in main, Resource acquired to 'fddir1' at line 83 may be lost here.
      54. Use of Unvalidated Integer in Memory Allocation
        • lustre/tests/directio.c: in main, Unvalidated integer value 'len' is received from 'strtoul' at line 103 and can be used to alter memory allocation size through call to 'write' at line 128. Also there are 3 similar errors on lines 128, 143.
      55. Resource leak
        • lustre/tests/statmany.c: in main, Resource acquired to 'f' at line 126 may be lost here.
      56. Command Injection
        • lustre/tests/sendfile.c: in main, Unvalidated string 'cmd' is received from an external function through a call to 'main' at line 47 that can be run as command line through call to 'system' at line 143. User input can be used to cause arbitrary command execution on the host system. Check strings for length and content when used for command execution.
      57. Result of function that may return NULL will be dereferenced
        • lustre/tests/lockahead_test.c: in test14, Pointer 'advice' returned from call to function 'malloc' at line 366 may be NULL and will be dereferenced at line 367.
      58. Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String
        • lustre/tests/multiop.c: in main, Buffer overflow of 'buf_align' caused by unvalidated user input due to non null terminated string 'buf_align'
      59. Result of function that may return NULL will be dereferenced
        • lustre/tests/lockahead_test.c: in test22, Pointer 'advice' returned from call to function 'malloc' at line 990 may be NULL and will be dereferenced at line 993. Also there are 7 similar errors on lines 1003, 1013, 1024, 1035, 1046, 1057, 1068.
      60. Use of Unvalidated Data in a Format String
        • lustre/tests/chownmany.c: in main, Unvalidated string 'fmt' is received from an external function through call to 'main' at line 47 can be used as a format string through call to 'sprintf' at line 87. This can lead to buffer overflows within the string buffer which in turn can lead to arbitrary code execution from user input. Check the length and content of strings used in format string operations.
      61. Resource leak
        • lustre/tests/opendevunlink.c: in main, Resource acquired to 'fddev2' at line 82 may be lost here.
      62. Resource leak
        • lustre/tests/createmany.c: in main, Resource acquired to 'fd' at line 176 may be lost here. Also there are 2 similar errors on lines 187, 273.
      63. Use of Unvalidated Integer in Loop Condition
        • lustre/tests/test_brw.c: in main, Unvalidated integer value 'len' is received from 'strtoul' at line 164 and can be used in a loop condition at line 221.
      64. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/truncate.c: in main, Unvalidated string 'path' is received from an external function through call to 'main' at line 40 can be used for path traversal through call to 'truncate' at line 55. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      65. Result of function that can return NULL may be dereferenced
        • lustre/tests/lockahead_test.c: in test17, Pointer 'advice_noexpand' returned from call to function 'malloc' at line 611 may be NULL and may be dereferenced at line 634.
      66. Use of Unvalidated Integer in Memory Allocation
        • lustre/tests/reads.c: in main, Unvalidated integer value 'bsize' is received from 'strtol' at line 149 and can be used to alter memory allocation size through call to 'malloc' at line 219. Also there is one similar error on line 219.
      67. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/flocks_test.c: in main, Unvalidated string '*argv' is received from an external function through call to 'main' at line 572 can be used for path traversal through call to 't2' at line 588. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      68. Use of Unvalidated Integer in Loop Condition
        • lustre/tests/multiop.c: in main, Unvalidated integer value 'len' is received from 'atoi' at line 512 and can be used in a loop condition at line 529. Also there is one similar error on line 626.
      69. Result of function that may return NULL will be dereferenced
        • lustre/tests/lockahead_test.c: in test13, Pointer 'advice' returned from call to function 'malloc' at line 296 may be NULL and will be dereferenced at line 297.
      70. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/createmany.c: in main, Unvalidated string 'filename' is received from an external function through call to 'main' at line 81 can be used for path traversal through call to 'link' at line 188. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories. Also there are 3 similar errors on lines 196, 204, 217.
      71. Use of Dangerous Process Creation
        • lustre/tests/llapi_layout_test.c: in test4, It is easy to run arbitrary commands through environment variables. Use fork, execve, and pipes instead.
      72. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/createtest.c: in main, Unvalidated string 'name' is received from an external function through call to 'main' at line 50 can be used for path traversal through call to 'mknod' at line 65. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      73. Resource leak
        • lustre/tests/opendirunlink.c: in main, Resource acquired to 'fddir2' at line 83 may be lost here.
      74. Resource leak
        • lustre/tests/flocks_test.c: in t4, Resource acquired to 'fd2' at line 383 may be lost here.
      75. Use of Unvalidated Integer as Array Index by Function Call
        • lustre/tests/reads.c: in main, Unvalidated integer value 'seed+i++' is received from 'strtol' at line 160 and can be used to access an array through call to 'memset' at line 239.
      76. Buffer Overflow - Array Index Out of Bounds
        • lustre/tests/rename_many.c: in main, Array 'to' of size 35 may use index value(s) 35..41
      77. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/opendevunlink.c: in main, Unvalidated string 'dname1' is received from an external function through call to 'main' at line 45 can be used for path traversal through call to 'mknod' at line 65. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      78. Use of Dangerous Process Creation
        • lustre/tests/swap_lock_test.c: in cleanup, It is easy to run arbitrary commands through environment variables. Use fork, execve, and pipes instead.
      79. Use of Unvalidated Integer as Array Index by Function Call
        • lustre/tests/rwv.c: in main, Unvalidated integer value 'iv->iov_len' is received from 'strtoul' at line 191 and can be used to access an array through call to 'memset' at line 205.
      80. Partialy Uninitialized Array
        • lustre/tests/fsx.c: in output_line, 'ops' array elements are used uninitialized in this function with index range: [0,0] [4,4].
      81. Use of Dangerous Process Creation
        • lustre/tests/llapi_layout_test.c: in test26, It is easy to run arbitrary commands through environment variables. Use fork, execve, and pipes instead.
      82. Result of function that can return NULL may be dereferenced
        • lustre/tests/lockahead_test.c: in test19, Pointer 'advice' returned from call to function 'malloc' at line 774 may be NULL and may be dereferenced at line 790.
      83. Command Injection into Shell Execution
        • lustre/tests/llapi_layout_test.c: in test27, function 'system' possibly accepts command line that may be influenced by user, causing execution of arbitrary code. Arbitrary commands can be executed by an attacker. Check the length and content of strings used for command execution.
      84. Format String Vulnerability
        • lustre/tests/chownmany.c: in main, function 'sprintf' possibly accepts format string that may be influenced by user, causing format string vulnerability. Undefined string lengths can lead to buffer overflows and potential exploitation by attackers. Use a defined value for string lengths.
      85. Buffer Overflow - Non-null Terminated String
        • lustre/tests/fsx.c: in main, Buffer overflow of 'goodfile' due to non null terminated string 'goodfile'
      86. Use of Unvalidated Integer in Memory Allocation
        • lustre/tests/rename_many.c: in main, Unvalidated integer value 'sizeof(struct names) *file_count' is received from 'strtoul' at line 114 and can be used to alter memory allocation size through call to 'malloc' at line 157.
      87. Use of Dangerous Process Creation
        • lustre/tests/runas.c: in main, It is easy to run arbitrary commands through environment variables. Use fork, execve, and pipes instead.
      88. Buffer Overflow - Array Index Out of Bounds
        • lustre/tests/rename_many.c: in main, Array 'from' of size 35 may use index value(s) 35..41
      89. Resource leak
        • lustre/tests/rwv.c: in main, Resource acquired to 'fd' at line 209 may be lost here.
      90. Resource leak
        • lustre/tests/opendevunlink.c: in main, Resource acquired to 'fddev1' at line 74 may be lost here.
      91. Result of function that can return NULL may be dereferenced
        • lustre/tests/lockahead_test.c: in test16, Pointer 'advice_noexpand' returned from call to function 'malloc' at line 504 may be NULL and may be dereferenced at line 527.
      92. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/sendfile.c: in main, Unvalidated string 'sfile' is received from an external function through call to 'main' at line 47 can be used for path traversal through call to 'stat' at line 68. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      93. Resource leak
        • lustre/tests/multiop.c: in main, Resource acquired to 'fd' at line 504 may be lost here. Also there are 31 similar errors on lines 286, 302, 402, 491, 502, 504, 601, 711.
      94. Command Injection into Shell Execution
        • lustre/tests/llapi_layout_test.c: in test28, function 'system' possibly accepts command line that may be influenced by user, causing execution of arbitrary code. Arbitrary commands can be executed by an attacker. Check the length and content of strings used for command execution.
      95. Resource leak
        • lustre/tests/multiop.c: in main, Resource acquired to 'fd' at line 601 may be lost here. Also there are 7 similar errors on lines 302, 402, 491, 502, 504, 601, 711.
      96. Resource leak
        • lustre/tests/flocks_test.c: in t4, Resource acquired to 'fd' at line 379 may be lost here.
      97. Resource leak
        • lustre/tests/multiop.c: in main, Resource acquired to 'fd' at line 402 may be lost here. Also there are 27 similar errors on lines 286, 302, 402, 491, 502, 504, 601, 711.
      98. Use of Unvalidated Integer in Memory Allocation
        • lustre/tests/multiop.c: in main, Unvalidated integer value 'len+65535' is received from 'atoi' at line 512 and can be used to alter memory allocation size through call to 'realloc' at line 517. Also there is one similar error on line 613.
      99. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/openfilleddirunlink.c: in main, Unvalidated string 'dname1' is received from an external function through call to 'main' at line 49 can be used for path traversal through call to 'mkdir' at line 64. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      100. Command Injection
        • lustre/tests/llapi_layout_test.c: in test28, Unvalidated string 'cmd' is received from an external function through a call to 'getenv' at line 1179 that can be run as command line through call to 'system' at line 1195. User input can be used to cause arbitrary command execution on the host system. Check strings for length and content when used for command execution.
      101. Use of Unvalidated Integer as Array Index by Function Call
        • lustre/tests/fsx.c: in main, Unvalidated integer value 'maxoplen' is received from 'getnum' at line 1229 and can be used to access an array through call to 'memset' at line 1395.
      102. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/multiop.c: in main, Unvalidated string 'oldpath' is received from an external function through call to 'main' at line 205 can be used for path traversal through call to 'link' at line 420. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories. Also there is one similar error on line 474.
      103. Use of Dangerous Process Creation
        • lustre/tests/llapi_layout_test.c: in test27, It is easy to run arbitrary commands through environment variables. Use fork, execve, and pipes instead.
      104. Result of function that can return NULL may be dereferenced
        • lustre/tests/fsx.c: in main, Pointer 'original_buf' returned from call to function 'malloc' at line 1364 may be NULL and may be dereferenced at line 1366.
      105. Result of function that may return NULL will be dereferenced
        • lustre/tests/lockahead_test.c: in test12, Pointer 'advice' returned from call to function 'malloc' at line 230 may be NULL and will be dereferenced at line 235.
      106. Result of function that may return NULL will be dereferenced
        • lustre/tests/lockahead_test.c: in test17, Pointer 'advice' returned from call to function 'malloc' at line 610 may be NULL and will be dereferenced at line 614.
      107. Buffer Overflow - Array Index Out of Bounds
        • lustre/tests/badarea_io.c: in main, Array '&fd' of size 4 may use index value(s) 4..2097151. Also there are 2 similar errors on lines 63, 67.
      108. Use of Unvalidated Integer in Loop Condition
        • lustre/tests/fsx.c: in main, Unvalidated integer value 'maxfilelen' is received from 'getnum' at line 1209 and can be used in a loop condition at line 1365.
      109. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/multiop.c: in main, Unvalidated string 'newfile' is received from an external function through call to 'main' at line 205 can be used for path traversal through call to 'symlink' at line 430. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories. Also there are 2 similar errors on lines 441, 484.
      110. Resource leak
        • lustre/tests/rwv.c: in main, Resource acquired to 'out_fd' at line 152 may be lost here. Also there are 8 similar errors on lines 117, 125, 152, 169, 174, 179, 185, 212.
      111. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/orphan_linkea_check.c: in main, Unvalidated string '*argv' is received from an external function through call to 'main' at line 38 can be used for path traversal through call to 'unlink' at line 52. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      112. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/multiop.c: in main, Unvalidated string 'fname' is received from an external function through call to 'main' at line 205 can be used for path traversal through call to 'mkdir' at line 295. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories. Also there are 9 similar errors on lines 420, 430, 441, 448, 474, 484, 552, 582, 601.
      113. Uninitialized Heap Use - possible
        • lustre/tests/rename_many.c: in main, '*names->to' may get its value from uninitialized heap memory area. Also there are 2 similar errors on lines 246, 267.
      114. Result of function that may return NULL will be dereferenced
        • lustre/tests/lockahead_test.c: in test16, Pointer 'advice' returned from call to function 'malloc' at line 503 may be NULL and will be dereferenced at line 507.
      115. Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String
        • lustre/tests/statone.c: in main, Buffer overflow of 'parent' caused by unvalidated user input due to non null terminated string 'parent'
      116. Resource leak
        • lustre/tests/multifstat.c: in main, Resource acquired to 'fd1' at line 50 may be lost here. Also there are 7 similar errors on lines 66, 71, 76, 83, 89, 95, 98.
      117. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/utime.c: in main, Unvalidated string 'filename' is received from an external function through call to 'main' at line 52 can be used for path traversal through call to 'mknod' at line 83. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      118. Use of Unvalidated Data in a Path Traversal
        • lustre/tests/mkdirmany.c: in main, Unvalidated string 'dirname' is received from an external function through call to 'main' at line 41 can be used for path traversal through call to 'mkdir' at line 60. This can lead to access to undesired resource outside of restricted directory. Check the content of strings used for access to files and directories.
      119. Use of Unvalidated Integer in Loop Condition
        • lustre/tests/rename_many.c: in main, Unvalidated integer value 'file_count' is received from 'strtoul' at line 114 and can be used in a loop condition at line 204.
      120. Resource leak
        • lustre/tests/llapi_layout_test.c: in test31, Resource acquired to 'fd' at line 1455 may be lost here.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-4629 Issues found by static analysis tools

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              wc-triage WC Triage
              dmiter Dmitry Eremin (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: