* [Tarantool-patches] Fwd: New Defects reported by Coverity Scan for tarantool/tarantool
@ 2020-10-05 13:18 Cyrill Gorcunov
0 siblings, 0 replies; only message in thread
From: Cyrill Gorcunov @ 2020-10-05 13:18 UTC (permalink / raw)
To: TML
Hi! Here is a report for latest master 2.6.0-136-g2711797be worth to take
a look and fix/triage.
----- Forwarded message from scan-admin@coverity.com -----
> Please find the latest report on new defect(s) introduced to tarantool/tarantool found with Coverity Scan.
>
> 150 new defect(s) introduced to tarantool/tarantool found with Coverity Scan.
> 40 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 20 of 150 defect(s)
>
>
> ** CID 1497676: (FORWARD_NULL)
>
>
> ________________________________________________________________________________________________________
> *** CID 1497676: (FORWARD_NULL)
> /projects/tarantool/tarantool.git/src/box/sql/legacy.c: 160 in sql_exec()
> 154 azCols = 0;
> 155 }
> 156
> 157 exec_out:
> 158 if (pStmt)
> 159 sqlVdbeFinalize((Vdbe *) pStmt);
> >>> CID 1497676: (FORWARD_NULL)
> >>> Passing null pointer "azCols" to "sqlDbFree", which dereferences it.
> 160 sqlDbFree(db, azCols);
> 161
> 162 assert(rc == 0);
> 163 return rc;
> /projects/tarantool/tarantool.git/src/box/sql/legacy.c: 160 in sql_exec()
> 154 azCols = 0;
> 155 }
> 156
> 157 exec_out:
> 158 if (pStmt)
> 159 sqlVdbeFinalize((Vdbe *) pStmt);
> >>> CID 1497676: (FORWARD_NULL)
> >>> Passing null pointer "azCols" to "sqlDbFree", which dereferences it.
> 160 sqlDbFree(db, azCols);
> 161
> 162 assert(rc == 0);
> 163 return rc;
> /projects/tarantool/tarantool.git/src/box/sql/legacy.c: 160 in sql_exec()
> 154 azCols = 0;
> 155 }
> 156
> 157 exec_out:
> 158 if (pStmt)
> 159 sqlVdbeFinalize((Vdbe *) pStmt);
> >>> CID 1497676: (FORWARD_NULL)
> >>> Passing null pointer "azCols" to "sqlDbFree", which dereferences it.
> 160 sqlDbFree(db, azCols);
> 161
> 162 assert(rc == 0);
> 163 return rc;
> /projects/tarantool/tarantool.git/src/box/sql/legacy.c: 153 in sql_exec()
> 147 while (sqlIsspace(zSql[0]))
> 148 zSql++;
> 149 break;
> 150 }
> 151 }
> 152
> >>> CID 1497676: (FORWARD_NULL)
> >>> Passing null pointer "azCols" to "sqlDbFree", which dereferences it.
> 153 sqlDbFree(db, azCols);
> 154 azCols = 0;
> 155 }
> 156
> 157 exec_out:
> 158 if (pStmt)
>
> ** CID 1497675: Security best practices violations (TOCTOU)
> /projects/tarantool/tarantool.git/src/box/func.c: 291 in module_load()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497675: Security best practices violations (TOCTOU)
> /projects/tarantool/tarantool.git/src/box/func.c: 291 in module_load()
> 285 if (rc < 0 || (size_t) rc >= sizeof(dir_name)) {
> 286 diag_set(SystemError, "failed to generate path to DSO");
> 287 goto error;
> 288 }
> 289
> 290 struct stat st;
> >>> CID 1497675: Security best practices violations (TOCTOU)
> >>> Calling function "stat" to perform check on "path".
> 291 if (stat(path, &st) < 0) {
> 292 diag_set(SystemError, "failed to stat() module %s", path);
> 293 goto error;
> 294 }
> 295
> 296 int source_fd = open(path, O_RDONLY);
>
> ** CID 1497674: Resource leaks (RESOURCE_LEAK)
> /projects/tarantool/tarantool.git/src/box/vinyl.c: 4034 in vy_build_recover_stmt()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497674: Resource leaks (RESOURCE_LEAK)
> /projects/tarantool/tarantool.git/src/box/vinyl.c: 4034 in vy_build_recover_stmt()
> 4028 if (insert == NULL)
> 4029 return -1;
> 4030 } else if (type == IPROTO_UPSERT) {
> 4031 struct tuple *new_tuple = vy_apply_upsert(mem_stmt, old_tuple,
> 4032 pk->cmp_def, true);
> 4033 if (new_tuple == NULL)
> >>> CID 1497674: Resource leaks (RESOURCE_LEAK)
> >>> Variable "delete" going out of scope leaks the storage it points to.
> 4034 return -1;
> 4035 uint32_t data_len;
> 4036 const char *data = tuple_data_range(new_tuple, &data_len);
> 4037 insert = vy_stmt_new_insert(lsm->mem_format,
> 4038 data, data + data_len);
> 4039 tuple_unref(new_tuple);
>
> ** CID 1497673: Error handling issues (CHECKED_RETURN)
> /projects/tarantool/tarantool.git/test/unit/ratelimit.c: 70 in main()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497673: Error handling issues (CHECKED_RETURN)
> /projects/tarantool/tarantool.git/test/unit/ratelimit.c: 70 in main()
> 64 for (int i = 0; i < count; i++) {
> 65 if (ratelimit_check(&rl, now, &suppressed))
> 66 emitted++;
> 67 now += interval_count * interval / count;
> 68 }
> 69 now += interval;
> >>> CID 1497673: Error handling issues (CHECKED_RETURN)
> >>> Calling "ratelimit_check" without checking return value (as is done elsewhere 9 out of 10 times).
> 70 ratelimit_check(&rl, now, &suppressed);
> 71 check(interval_count * burst, count - interval_count * burst);
> 72
> 73 check_plan();
> 74 footer();
> 75
> 76 return 0;
>
> ** CID 1497672: Error handling issues (CHECKED_RETURN)
> /projects/tarantool/tarantool.git/src/box/key_def.c: 212 in key_def_set_part_path()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497672: Error handling issues (CHECKED_RETURN)
> /projects/tarantool/tarantool.git/src/box/key_def.c: 212 in key_def_set_part_path()
> 206
> 207 /* Skip JSON_TOKEN_ANY token. */
> 208 struct json_lexer lexer;
> 209 struct json_token token;
> 210 json_lexer_create(&lexer, path + multikey_path_len,
> 211 path_len - multikey_path_len, TUPLE_INDEX_BASE);
> >>> CID 1497672: Error handling issues (CHECKED_RETURN)
> >>> Calling "json_lexer_next_token" without checking return value (as is done elsewhere 41 out of 48 times).
> 212 json_lexer_next_token(&lexer, &token);
> 213 assert(token.type == JSON_TOKEN_ANY);
> 214
> 215 /* The rest of JSON path couldn't be multikey. */
> 216 int multikey_path_suffix_len =
> 217 path_len - multikey_path_len - lexer.offset;
>
> ** CID 1497671: Memory - illegal accesses (OVERRUN)
>
>
> ________________________________________________________________________________________________________
> *** CID 1497671: Memory - illegal accesses (OVERRUN)
> /third_party/luajit/src/lj_api.c: 529 in lua_hashstring()
> 523 {
> 524 TValue *o = index2adr(L, idx);
> 525 lua_assert(tvisstr(o));
> 526 GCstr *s = strV(o);
> 527 if (! strsmart(s))
> 528 return s->hash;
> >>> CID 1497671: Memory - illegal accesses (OVERRUN)
> >>> Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer "(char const *)(s + 1)".
> 529 return lua_hash(strdata(s), s->len);
> 530 }
> 531
> 532 LUALIB_API const char *luaL_checklstring(lua_State *L, int idx, size_t *len)
> 533 {
> 534 TValue *o = index2adr(L, idx);
>
> ** CID 1497670: Resource leaks (RESOURCE_LEAK)
> /projects/tarantool/tarantool.git/src/box/sql/select.c: 2342 in sql_multiselect_orderby_to_key_info()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497670: Resource leaks (RESOURCE_LEAK)
> /projects/tarantool/tarantool.git/src/box/sql/select.c: 2342 in sql_multiselect_orderby_to_key_info()
> 2336 uint32_t id;
> 2337 bool unused;
> 2338 if ((term->flags & EP_Collate) != 0) {
> 2339 struct coll *unused_coll;
> 2340 if (sql_expr_coll(parse, term, &unused, &id,
> 2341 &unused_coll) != 0)
> >>> CID 1497670: Resource leaks (RESOURCE_LEAK)
> >>> Variable "key_info" going out of scope leaks the storage it points to.
> 2342 return 0;
> 2343 } else {
> 2344 id = multi_select_coll_seq(parse, s,
> 2345 item->u.x.iOrderByCol - 1);
> 2346 if (id != COLL_NONE) {
> 2347 const char *name = coll_by_id(id)->name;
>
> ** CID 1497669: (CONSTANT_EXPRESSION_RESULT)
> /projects/tarantool/tarantool.git/src/box/sql/vdbe.c: 4323 in sqlVdbeExec()
> /projects/tarantool/tarantool.git/src/box/sql/vdbe.c: 4326 in sqlVdbeExec()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497669: (CONSTANT_EXPRESSION_RESULT)
> /projects/tarantool/tarantool.git/src/box/sql/vdbe.c: 4323 in sqlVdbeExec()
> 4317 assert(pOp->opcode!=OP_NextIfOpen || pOp->p4.xAdvance == sqlCursorNext);
> 4318 assert(pOp->opcode!=OP_PrevIfOpen || pOp->p4.xAdvance == sqlCursorPrevious);
> 4319
> 4320 /* The Next opcode is only used after SeekGT, SeekGE, and Rewind.
> 4321 * The Prev opcode is only used after SeekLT, SeekLE, and Last.
> 4322 */
> >>> CID 1497669: (CONSTANT_EXPRESSION_RESULT)
> >>> The "or" condition "pOp->opcode != 8 || pOp->opcode != 3 || pC->seekOp == 40 || pC->seekOp == 39 || pC->seekOp == 48 || pC->seekOp == 43" will always be true because "pOp->opcode" cannot be equal to two different values at the same time, so it must be not equal to at least one of them.
> 4323 assert(pOp->opcode!=OP_Next || pOp->opcode!=OP_NextIfOpen
> 4324 || pC->seekOp==OP_SeekGT || pC->seekOp==OP_SeekGE
> 4325 || pC->seekOp==OP_Rewind || pC->seekOp==OP_Found);
> 4326 assert(pOp->opcode!=OP_Prev || pOp->opcode!=OP_PrevIfOpen
> 4327 || pC->seekOp==OP_SeekLT || pC->seekOp==OP_SeekLE
> 4328 || pC->seekOp==OP_Last);
> /projects/tarantool/tarantool.git/src/box/sql/vdbe.c: 4326 in sqlVdbeExec()
> 4320 /* The Next opcode is only used after SeekGT, SeekGE, and Rewind.
> 4321 * The Prev opcode is only used after SeekLT, SeekLE, and Last.
> 4322 */
> 4323 assert(pOp->opcode!=OP_Next || pOp->opcode!=OP_NextIfOpen
> 4324 || pC->seekOp==OP_SeekGT || pC->seekOp==OP_SeekGE
> 4325 || pC->seekOp==OP_Rewind || pC->seekOp==OP_Found);
> >>> CID 1497669: (CONSTANT_EXPRESSION_RESULT)
> >>> The "or" condition "pOp->opcode != 4 || pOp->opcode != 2 || pC->seekOp == 37 || pC->seekOp == 38 || pC->seekOp == 44" will always be true because "pOp->opcode" cannot be equal to two different values at the same time, so it must be not equal to at least one of them.
> 4326 assert(pOp->opcode!=OP_Prev || pOp->opcode!=OP_PrevIfOpen
> 4327 || pC->seekOp==OP_SeekLT || pC->seekOp==OP_SeekLE
> 4328 || pC->seekOp==OP_Last);
> 4329
> 4330 if (pOp->p4.xAdvance(pC->uc.pCursor, &res) != 0)
> 4331 goto abort_due_to_error;
>
> ** CID 1497668: API usage errors (PRINTF_ARGS)
>
>
> ________________________________________________________________________________________________________
> *** CID 1497668: API usage errors (PRINTF_ARGS)
> /projects/tarantool/tarantool.git/src/box/memtx_rtree.c: 402 in memtx_rtree_index_new()
> 396 assert(def->key_def->part_count == 1);
> 397 assert(def->key_def->parts[0].type == FIELD_TYPE_ARRAY);
> 398 assert(def->opts.is_unique == false);
> 399
> 400 if (def->opts.dimension < 1 ||
> 401 def->opts.dimension > RTREE_MAX_DIMENSION) {
> >>> CID 1497668: API usage errors (PRINTF_ARGS)
> >>> Argument "def->opts.dimension" to format specifier "%lld" was expected to have type "long long" but has type "long".
> 402 diag_set(UnsupportedIndexFeature, def,
> 403 tt_sprintf("dimension (%lld): must belong to "
> 404 "range [%u, %u]", def->opts.dimension,
> 405 1, RTREE_MAX_DIMENSION));
> 406 return NULL;
> 407 }
>
> ** CID 1497667: API usage errors (PRINTF_ARGS)
>
>
> ________________________________________________________________________________________________________
> *** CID 1497667: API usage errors (PRINTF_ARGS)
> /projects/tarantool/tarantool.git/extra/lemon.c: 2661 in parseonetoken()
> 2655 }
> 2656 }
> 2657 break;
> 2658 case WAITING_FOR_CLASS_ID:
> 2659 if( !ISLOWER(x[0]) ){
> 2660 ErrorMsg(psp->filename, psp->tokenlineno,
> >>> CID 1497667: API usage errors (PRINTF_ARGS)
> >>> This argument was not used by the format string: "x".
> 2661 "%%token_class must be followed by an identifier: ", x);
> 2662 psp->errorcnt++;
> 2663 psp->state = RESYNC_AFTER_DECL_ERROR;
> 2664 }else if( Symbol_find(x) ){
> 2665 ErrorMsg(psp->filename, psp->tokenlineno,
> 2666 "Symbol \"%s\" already used", x);
>
> ** CID 1497666: Integer handling issues (BAD_SHIFT)
> /projects/tarantool/tarantool.git/src/box/iproto_constants.h: 174 in iproto_dml_body_has_key()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497666: Integer handling issues (BAD_SHIFT)
> /projects/tarantool/tarantool.git/src/box/iproto_constants.h: 174 in iproto_dml_body_has_key()
> 168 }
> 169
> 170 static inline bool
> 171 iproto_dml_body_has_key(const char *pos, const char *end)
> 172 {
> 173 unsigned char key = pos < end ? *pos : (unsigned char) IPROTO_KEY_MAX;
> >>> CID 1497666: Integer handling issues (BAD_SHIFT)
> >>> In expression "1ULL << key", left shifting by more than 63 bits has undefined behavior. The shift amount, "key", is as much as 82.
> 174 return key < IPROTO_KEY_MAX && IPROTO_DML_BODY_BMAP & (1ULL<<key);
> 175 }
> 176
> 177 #undef bit
> 178
> 179 static inline uint64_t
>
> ** CID 1497665: Resource leaks (RESOURCE_LEAK)
> /projects/tarantool/tarantool.git/src/box/vy_lsm.c: 1217 in vy_lsm_split_range()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497665: Resource leaks (RESOURCE_LEAK)
> /projects/tarantool/tarantool.git/src/box/vy_lsm.c: 1217 in vy_lsm_split_range()
> 1211 vy_range_str(range), tuple_str(split_key.stmt));
> 1212
> 1213 rlist_foreach_entry(slice, &range->slices, in_range)
> 1214 vy_slice_wait_pinned(slice);
> 1215 vy_range_delete(range);
> 1216 tuple_unref(split_key.stmt);
> >>> CID 1497665: Resource leaks (RESOURCE_LEAK)
> >>> Variable "new_slice" going out of scope leaks the storage it points to.
> 1217 return true;
> 1218 fail:
> 1219 for (int i = 0; i < n_parts; i++) {
> 1220 if (parts[i] != NULL)
> 1221 vy_range_delete(parts[i]);
> 1222 }
>
> ** CID 1497664: Resource leaks (RESOURCE_LEAK)
> /projects/tarantool/tarantool.git/test/unit/sio.c: 110 in check_auto_bind()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497664: Resource leaks (RESOURCE_LEAK)
> /projects/tarantool/tarantool.git/test/unit/sio.c: 110 in check_auto_bind()
> 104 is(sio_getsockname(fd, (struct sockaddr *) &addr, &addrlen), 0,
> 105 "getsockname works on 0 bind");
> 106 isnt(addr.sin_port, 0, "a real port is returned");
> 107
> 108 check_plan();
> 109 footer();
> >>> CID 1497664: Resource leaks (RESOURCE_LEAK)
> >>> Handle variable "fd" going out of scope leaks the handle.
> 110 }
> 111
> 112 int
> 113 main(void)
> 114 {
> 115 memory_init();
>
> ** CID 1497663: Memory - corruptions (OVERLAPPING_COPY)
> /projects/tarantool/tarantool.git/src/box/sql/vdbemem.c: 601 in vdbe_mem_numerify()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497663: Memory - corruptions (OVERLAPPING_COPY)
> /projects/tarantool/tarantool.git/src/box/sql/vdbemem.c: 601 in vdbe_mem_numerify()
> 595 int
> 596 vdbe_mem_numerify(struct Mem *mem)
> 597 {
> 598 if ((mem->flags & (MEM_Int | MEM_UInt | MEM_Real | MEM_Null)) != 0)
> 599 return 0;
> 600 if ((mem->flags & MEM_Bool) != 0) {
> >>> CID 1497663: Memory - corruptions (OVERLAPPING_COPY)
> >>> Assigning "mem->u.b" to "mem->u.u", which have overlapping memory locations and different types.
> 601 mem->u.u = mem->u.b;
> 602 MemSetTypeFlag(mem, MEM_UInt);
> 603 return 0;
> 604 }
> 605 assert((mem->flags & (MEM_Blob | MEM_Str)) != 0);
> 606 bool is_neg;
>
> ** CID 1497662: Error handling issues (CHECKED_RETURN)
> /projects/tarantool/tarantool.git/src/box/sql/vdbeapi.c: 533 in createAggContext()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497662: Error handling issues (CHECKED_RETURN)
> /projects/tarantool/tarantool.git/src/box/sql/vdbeapi.c: 533 in createAggContext()
> 527 Mem *pMem = p->pMem;
> 528 assert((pMem->flags & MEM_Agg) == 0);
> 529 if (nByte <= 0) {
> 530 sqlVdbeMemSetNull(pMem);
> 531 pMem->z = 0;
> 532 } else {
> >>> CID 1497662: Error handling issues (CHECKED_RETURN)
> >>> Calling "sqlVdbeMemClearAndResize" without checking return value (as is done elsewhere 8 out of 9 times).
> 533 sqlVdbeMemClearAndResize(pMem, nByte);
> 534 pMem->flags = MEM_Agg;
> 535 pMem->u.func = p->func;
> 536 if (pMem->z) {
> 537 memset(pMem->z, 0, nByte);
> 538 }
>
> ** CID 1497661: Null pointer dereferences (FORWARD_NULL)
>
>
> ________________________________________________________________________________________________________
> *** CID 1497661: Null pointer dereferences (FORWARD_NULL)
> /projects/tarantool/tarantool.git/src/box/sql/build.c: 2057 in sql_create_foreign_key()
> 2051 }
> 2052
> 2053 exit_create_fk:
> 2054 sql_expr_list_delete(db, child_cols);
> 2055 if (!is_self_referenced)
> 2056 sql_expr_list_delete(db, parent_cols);
> >>> CID 1497661: Null pointer dereferences (FORWARD_NULL)
> >>> Passing null pointer "parent_name" to "sqlDbFree", which dereferences it.
> 2057 sqlDbFree(db, parent_name);
> 2058 sqlDbFree(db, constraint_name);
> 2059 return;
> 2060 tnt_error:
> 2061 parse_context->is_aborted = true;
> 2062 goto exit_create_fk;
>
> ** CID 1497660: Memory - corruptions (USE_AFTER_FREE)
> /projects/tarantool/tarantool.git/src/box/sql/func.c: 1624 in replaceFunc()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497660: Memory - corruptions (USE_AFTER_FREE)
> /projects/tarantool/tarantool.git/src/box/sql/func.c: 1624 in replaceFunc()
> 1618 return;
> 1619 }
> 1620 zOld = zOut;
> 1621 zOut = sql_realloc64(zOut, (int)nOut);
> 1622 if (zOut == 0) {
> 1623 context->is_aborted = true;
> >>> CID 1497660: Memory - corruptions (USE_AFTER_FREE)
> >>> Calling "sql_free" frees pointer "zOld" which has already been freed.
> 1624 sql_free(zOld);
> 1625 return;
> 1626 }
> 1627 memcpy(&zOut[j], zRep, nRep);
> 1628 j += nRep;
> 1629 i += nPattern - 1;
>
> ** CID 1497659: Null pointer dereferences (REVERSE_INULL)
> /projects/tarantool/tarantool.git/src/box/vy_write_iterator.c: 964 in vy_read_view_merge()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497659: Null pointer dereferences (REVERSE_INULL)
> /projects/tarantool/tarantool.git/src/box/vy_write_iterator.c: 964 in vy_read_view_merge()
> 958 */
> 959 struct tuple *copy = vy_stmt_dup(rv->entry.stmt);
> 960 if (is_first_insert)
> 961 vy_stmt_set_type(copy, IPROTO_INSERT);
> 962 else
> 963 vy_stmt_set_type(copy, IPROTO_REPLACE);
> >>> CID 1497659: Null pointer dereferences (REVERSE_INULL)
> >>> Null-checking "copy" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
> 964 if (copy == NULL)
> 965 return -1;
> 966 vy_stmt_set_lsn(copy, vy_stmt_lsn(rv->entry.stmt));
> 967 vy_stmt_unref_if_possible(rv->entry.stmt);
> 968 rv->entry.stmt = copy;
> 969 }
>
> ** CID 1497658: Security best practices violations (TOCTOU)
> /projects/tarantool/tarantool.git/src/box/wal.c: 480 in wal_open()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497658: Security best practices violations (TOCTOU)
> /projects/tarantool/tarantool.git/src/box/wal.c: 480 in wal_open()
> 474 */
> 475 static int
> 476 wal_open(struct wal_writer *writer)
> 477 {
> 478 const char *path = xdir_format_filename(&writer->wal_dir,
> 479 vclock_sum(&writer->vclock), NONE);
> >>> CID 1497658: Security best practices violations (TOCTOU)
> >>> Calling function "access" to perform check on "path".
> 480 if (access(path, F_OK) != 0) {
> 481 if (errno == ENOENT) {
> 482 /* No WAL, nothing to do. */
> 483 return 0;
> 484 }
> 485 diag_set(SystemError, "failed to access %s", path);
>
> ** CID 1497657: (CHECKED_RETURN)
> /projects/tarantool/tarantool.git/src/box/xrow.c: 630 in xrow_decode_sql()
> /projects/tarantool/tarantool.git/src/box/xrow.c: 629 in xrow_decode_sql()
>
>
> ________________________________________________________________________________________________________
> *** CID 1497657: (CHECKED_RETURN)
> /projects/tarantool/tarantool.git/src/box/xrow.c: 630 in xrow_decode_sql()
> 624 request->stmt_id = NULL;
> 625 for (uint32_t i = 0; i < map_size; ++i) {
> 626 uint8_t key = *data;
> 627 if (key != IPROTO_SQL_BIND && key != IPROTO_SQL_TEXT &&
> 628 key != IPROTO_STMT_ID) {
> 629 mp_check(&data, end); /* skip the key */
> >>> CID 1497657: (CHECKED_RETURN)
> >>> Calling "mp_check" without checking return value (as is done elsewhere 206 out of 208 times).
> 630 mp_check(&data, end); /* skip the value */
> 631 continue;
> 632 }
> 633 const char *value = ++data; /* skip the key */
> 634 if (mp_check(&data, end) != 0) /* check the value */
> 635 goto error;
> /projects/tarantool/tarantool.git/src/box/xrow.c: 629 in xrow_decode_sql()
> 623 request->bind = NULL;
> 624 request->stmt_id = NULL;
> 625 for (uint32_t i = 0; i < map_size; ++i) {
> 626 uint8_t key = *data;
> 627 if (key != IPROTO_SQL_BIND && key != IPROTO_SQL_TEXT &&
> 628 key != IPROTO_STMT_ID) {
> >>> CID 1497657: (CHECKED_RETURN)
> >>> Calling "mp_check" without checking return value (as is done elsewhere 206 out of 208 times).
> 629 mp_check(&data, end); /* skip the key */
> 630 mp_check(&data, end); /* skip the value */
> 631 continue;
> 632 }
> 633 const char *value = ++data; /* skip the key */
> 634 if (mp_check(&data, end) != 0) /* check the value */
>
>
----- End forwarded message -----
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-10-05 13:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-05 13:18 [Tarantool-patches] Fwd: New Defects reported by Coverity Scan for tarantool/tarantool Cyrill Gorcunov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox