Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-6021

5 new static analysis issues in lnetconfig

Details

    • Bug
    • Resolution: Fixed
    • Major
    • Lustre 2.7.0
    • Lustre 2.7.0
    • 3
    • 16773

    Description

      Found 5 new static analysis issues in 2.6.91-26-g6b0fa76:

      1. Result of function that may return NULL will be dereferenced
        • lnet/utils/cyaml/cyaml.c: in print_value, Pointer 'node' returned from call to function 'cYAML_ll_pop' at line 886 may be NULL and will be dereferenced at line 888.
      2. Null pointer may be dereferenced
        • lnet/utils/lnetconfig/liblnetconfig.c: in lustre_lnet_show_stats, Null pointer 'root' that comes from line 1120 may be dereferenced at line 1197 (after "goto out" in 1133).
      3. Result of function that can return NULL may be dereferenced
        • lnet/utils/lnetconfig/liblnetconfig.c: in lustre_lnet_show_stats, Pointer 'root' returned from call to function 'cYAML_create_object' at line 1136 may be NULL and may be dereferenced at line 1197.
      4. Possible Buffer Overflow in Following String Operations
        • lnet/utils/lnetconfig/liblnetconfig.c: in liblnetconfig.c, function 'strncpy' will fill whole buffer 'data.cfg_config_u.cfg_net.net_intf' of fixed size (128) with string value and will not leave place for NULL-terminator. Possible buffer boundaries violation in following string operations.
      5. Pointer may be dereferenced after it was positively checked for NULL
        • lnet/utils/lnetconfig/liblnetconfig.c: in lustre_lnet_show_stats, Pointer 'root' checked for NULL at line 1137 may be dereferenced at line 1197.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-4629 Issues found by static analysis tools

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            [LU-6021] 5 new static analysis issues in lnetconfig
            adilger Andreas Dilger made changes -
            Link New: This issue is related to LU-4629 [ LU-4629 ]
            ashehata Amir Shehata (Inactive) made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
            ashehata Amir Shehata (Inactive) made changes -
            Status Original: Open [ 1 ] New: In Progress [ 3 ]
            ashehata Amir Shehata (Inactive) added a comment -

            http://review.whamcloud.com/#/c/13115/

            ashehata Amir Shehata (Inactive) added a comment - http://review.whamcloud.com/#/c/13115/
            ashehata Amir Shehata (Inactive) added a comment -

            1. fixed
            2. if root == NULL then rc == LUSTRE_CFG_RC_OUT_OF_MEM ad we will enter
            if (show_rc == NULL || rc != LUSTRE_CFG_RC_NO_ERR)
            cYAML_free_tree(root);
            and cYAML_free_tree(root) is written to handle NULL pointer.
            3. same as 2
            4. buf and ip2net are both checked to ensure they fit into net_intf
            5. same as 2

            ashehata Amir Shehata (Inactive) added a comment - 1. fixed 2. if root == NULL then rc == LUSTRE_CFG_RC_OUT_OF_MEM ad we will enter if (show_rc == NULL || rc != LUSTRE_CFG_RC_NO_ERR) cYAML_free_tree(root); and cYAML_free_tree(root) is written to handle NULL pointer. 3. same as 2 4. buf and ip2net are both checked to ensure they fit into net_intf 5. same as 2
            adilger Andreas Dilger made changes -
            Priority Original: Minor [ 4 ] New: Major [ 3 ]
            adilger Andreas Dilger made changes -
            Fix Version/s New: Lustre 2.7.0 [ 10631 ]
            adilger Andreas Dilger made changes -
            Affects Version/s New: Lustre 2.7.0 [ 10631 ]
            adilger Andreas Dilger made changes -
            Assignee Original: WC Triage [ wc-triage ] New: Amir Shehata [ ashehata ]
            dmiter Dmitry Eremin (Inactive) made changes -
            Description Original: Found 5 new static analysis issues in 2.6.91-26-g6b0fa76:
            # *Result of function that may return NULL will be dereferenced*
            #* {{lnet/utils/cyaml/cyaml.c}}: in _print_value_, Pointer 'node' returned from call to function 'cYAML\_ll\_pop' at line 886 may be NULL and will be dereferenced at line 888.
            # *Null pointer may be dereferenced*
            #* {{lnet/utils/lnetconfig/liblnetconfig.c}}: in _lustre_lnet_show_stats_, Null pointer 'root' that comes from line 1120 may be dereferenced at line 1197.
            # *Result of function that can return NULL may be dereferenced*
            #* {{lnet/utils/lnetconfig/liblnetconfig.c}}: in _lustre_lnet_show_stats_, Pointer 'root' returned from call to function 'cYAML\_create\_object' at line 1136 may be NULL and may be dereferenced at line 1197.
            # *Possible Buffer Overflow in Following String Operations*
            #* {{lnet/utils/lnetconfig/liblnetconfig.c}}: in _liblnetconfig.c_, function 'strncpy' will fill whole buffer 'data.cfg\_config\_u.cfg\_net.net\_intf' of fixed size (128) with string value and will not leave place for NULL\-terminator. Possible buffer boundaries violation in following string operations.
            # *Pointer may be dereferenced after it was positively checked for NULL*
            #* {{lnet/utils/lnetconfig/liblnetconfig.c}}: in _lustre_lnet_show_stats_, Pointer 'root' checked for NULL at line 1137 may be dereferenced at line 1197.
            		 New: Found 5 new static analysis issues in 2.6.91-26-g6b0fa76:
            # *Result of function that may return NULL will be dereferenced*
            #* {{lnet/utils/cyaml/cyaml.c}}: in _print_value_, Pointer 'node' returned from call to function 'cYAML\_ll\_pop' at line 886 may be NULL and will be dereferenced at line 888.
            # *Null pointer may be dereferenced*
            #* {{lnet/utils/lnetconfig/liblnetconfig.c}}: in _lustre_lnet_show_stats_, Null pointer 'root' that comes from line 1120 may be dereferenced at line 1197 (after "goto out" in 1133).
            # *Result of function that can return NULL may be dereferenced*
            #* {{lnet/utils/lnetconfig/liblnetconfig.c}}: in _lustre_lnet_show_stats_, Pointer 'root' returned from call to function 'cYAML\_create\_object' at line 1136 may be NULL and may be dereferenced at line 1197.
            # *Possible Buffer Overflow in Following String Operations*
            #* {{lnet/utils/lnetconfig/liblnetconfig.c}}: in _liblnetconfig.c_, function 'strncpy' will fill whole buffer 'data.cfg\_config\_u.cfg\_net.net\_intf' of fixed size (128) with string value and will not leave place for NULL\-terminator. Possible buffer boundaries violation in following string operations.
            # *Pointer may be dereferenced after it was positively checked for NULL*
            #* {{lnet/utils/lnetconfig/liblnetconfig.c}}: in _lustre_lnet_show_stats_, Pointer 'root' checked for NULL at line 1137 may be dereferenced at line 1197.

            People

              ashehata Amir Shehata (Inactive)
              dmiter Dmitry Eremin (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: