Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: Lustre 2.17.0
Affects Version/s: Lustre 2.17.0
Labels:
- mount

Severity:
3
Rank (Obsolete):
9223372036854775807

Description

After patching ~~LU-9936~~, Coverity reports issues:

  
    
    *** CID 451701:  Memory - illegal accesses  (OVERRUN)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223     			filepnm, strerror(errno));
224     		ret = errno;
225     		goto out_umnt;
226     	}
227     	total_written = 0;
228     	while (total_written < sizeof(mop->mo_ldd)) {
   CID 451701:  Memory - illegal accesses  (OVERRUN)
   Overrunning array of 12288 bytes at byte offset 150982656 by dereferencing pointer "&mop->mo_ldd + total_written".
229     		write_cnt = write(fd, &mop->mo_ldd + total_written,
230     				  sizeof(mop->mo_ldd) - total_written);
231     		if (write_cnt < 0) {
232     			fprintf(stderr,
233     				"%s: Unable to write to file (%s): %s\n",
234     				progname, filepnm, strerror(errno));
  
    
    
*** CID 451700:  Insecure data handling  (INTEGER_OVERFLOW)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223     			filepnm, strerror(errno));
224     		ret = errno;
225     		goto out_umnt;
226     	}
227     	total_written = 0;
228     	while (total_written < sizeof(mop->mo_ldd)) {
   CID 451700:  Insecure data handling  (INTEGER_OVERFLOW)
   "12288UL - total_written", which might have underflowed, is passed to "write(fd, &mop->mo_ldd + total_written, 12288UL - total_written)".
229     		write_cnt = write(fd, &mop->mo_ldd + total_written,
230     				  sizeof(mop->mo_ldd) - total_written);
231     		if (write_cnt < 0) {
232     			fprintf(stderr,
233     				"%s: Unable to write to file (%s): %s\n",
234     				progname, filepnm, strerror(errno));
  
    
    *** CID 451721:  Control flow issues  (NO_EFFECT)
/lustre/utils/libmount_utils_ldiskfs.c: 231 in ldiskfs_write_ldd()
225     		goto out_umnt;
226     	}
227     	total_written = 0;
228     	while (total_written < sizeof(mop->mo_ldd)) {
229     		write_cnt = write(fd, &mop->mo_ldd + total_written,
230     				  sizeof(mop->mo_ldd) - total_written);
   CID 451721:  Control flow issues  (NO_EFFECT)
   This less-than-zero comparison of an unsigned value is never true. "write_cnt < 0UL".
231     		if (write_cnt < 0) {
232     			fprintf(stderr,
233     				"%s: Unable to write to file (%s): %s\n",
234     				progname, filepnm, strerror(errno));
235     			ret = errno;
236     			goto close_fd;
  
    
    *** CID 451718:  Memory - corruptions  (ARRAY_VS_SINGLETON)
/lustre/utils/libmount_utils_ldiskfs.c: 229 in ldiskfs_write_ldd()
223     			filepnm, strerror(errno));
224     		ret = errno;
225     		goto out_umnt;
226     	}
227     	total_written = 0;
228     	while (total_written < sizeof(mop->mo_ldd)) {
   CID 451718:  Memory - corruptions  (ARRAY_VS_SINGLETON)
   Using "&mop->mo_ldd" as an array.  This might corrupt or misinterpret adjacent memory locations.
229     		write_cnt = write(fd, &mop->mo_ldd + total_written,
230     				  sizeof(mop->mo_ldd) - total_written);
231     		if (write_cnt < 0) {
232     			fprintf(stderr,
233     				"%s: Unable to write to file (%s): %s\n",
234     				progname, filepnm, strerror(errno));

Attachments

Issue Links

is related to

LU-18818 remove mount+open+write+close from ldiskfs_write_ldd()

In Progress

is related to

LU-9936 ldiskfs_write_ldd() calls fsync(filep->_fileno) but doesn't fflush() flip first

Resolved

LU-17000 Coverity static analysis issues

Open

Activity

People

Assignee:: Marc Vef

Reporter:: Marc Vef

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 15/Dec/24 8:01 PM

Updated:: 16/Mar/25 10:50 AM

Resolved:: 19/Jan/25 3:02 AM