Details
-
Bug
-
Resolution: Fixed
-
Minor
-
Lustre 2.17.0
-
3
-
9223372036854775807
Description
After patching LU-9936, Coverity reports issues:
*** CID 451701: Memory - illegal accesses (OVERRUN)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223 filepnm, strerror(errno));
224 ret = errno;
225 goto out_umnt;
226 }
227 total_written = 0;
228 while (total_written < sizeof(mop->mo_ldd)) {
CID 451701: Memory - illegal accesses (OVERRUN)
Overrunning array of 12288 bytes at byte offset 150982656 by dereferencing pointer "&mop->mo_ldd + total_written".
229 write_cnt = write(fd, &mop->mo_ldd + total_written,
230 sizeof(mop->mo_ldd) - total_written);
231 if (write_cnt < 0) {
232 fprintf(stderr,
233 "%s: Unable to write to file (%s): %s\n",
234 progname, filepnm, strerror(errno));
*** CID 451700: Insecure data handling (INTEGER_OVERFLOW)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223 filepnm, strerror(errno));
224 ret = errno;
225 goto out_umnt;
226 }
227 total_written = 0;
228 while (total_written < sizeof(mop->mo_ldd)) {
CID 451700: Insecure data handling (INTEGER_OVERFLOW)
"12288UL - total_written", which might have underflowed, is passed to "write(fd, &mop->mo_ldd + total_written, 12288UL - total_written)".
229 write_cnt = write(fd, &mop->mo_ldd + total_written,
230 sizeof(mop->mo_ldd) - total_written);
231 if (write_cnt < 0) {
232 fprintf(stderr,
233 "%s: Unable to write to file (%s): %s\n",
234 progname, filepnm, strerror(errno));
*** CID 451721: Control flow issues (NO_EFFECT)
/lustre/utils/libmount_utils_ldiskfs.c: 231 in ldiskfs_write_ldd()
225 goto out_umnt;
226 }
227 total_written = 0;
228 while (total_written < sizeof(mop->mo_ldd)) {
229 write_cnt = write(fd, &mop->mo_ldd + total_written,
230 sizeof(mop->mo_ldd) - total_written);
CID 451721: Control flow issues (NO_EFFECT)
This less-than-zero comparison of an unsigned value is never true. "write_cnt < 0UL".
231 if (write_cnt < 0) {
232 fprintf(stderr,
233 "%s: Unable to write to file (%s): %s\n",
234 progname, filepnm, strerror(errno));
235 ret = errno;
236 goto close_fd;
*** CID 451718: Memory - corruptions (ARRAY_VS_SINGLETON)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223 filepnm, strerror(errno));
224 ret = errno;
225 goto out_umnt;
226 }
227 total_written = 0;
228 while (total_written < sizeof(mop->mo_ldd)) {
CID 451718: Memory - corruptions (ARRAY_VS_SINGLETON)
Using "&mop->mo_ldd" as an array. This might corrupt or misinterpret adjacent memory locations.
229 write_cnt = write(fd, &mop->mo_ldd + total_written,
230 sizeof(mop->mo_ldd) - total_written);
231 if (write_cnt < 0) {
232 fprintf(stderr,
233 "%s: Unable to write to file (%s): %s\n",
234 progname, filepnm, strerror(errno));
Attachments
Issue Links
Activity
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/57449/
Subject: LU-18560 utils: Fix ldiskfs_write_dd Coverity warnings
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 52105a555f55b399a115f3158b3827eb0db726f6
Thanks, Andreas, and will do for the future. Do you have a patch at hand that refreshes an already landed patch? I'm wondering what that looks like.
Note that it is OK to re-use the original patch that introduced the issue for minor follow-on fixes like this. Alternately, there is LU-17000 for generic Coverity fixes, so that we don't have a proliferation of Jira tickets for the thousands of Coverity issues outstanding.
"Marc Vef <mvef@whamcloud.com>" uploaded a new patch: https://review.whamcloud.com/c/fs/lustre-release/+/57449
Subject: LU-18560 utils: Fix ldiskfs_write_dd Coverity warnings
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: baaccd0cc41f7b1fa1b7ffb30eddccc37ee3397d
Merged for 2.17