From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lj1-f179.google.com (mail-lj1-f179.google.com [209.85.208.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 2B1B7469719 for ; Mon, 5 Oct 2020 16:19:03 +0300 (MSK) Received: by mail-lj1-f179.google.com with SMTP id r24so7391120ljm.3 for ; Mon, 05 Oct 2020 06:19:02 -0700 (PDT) Date: Mon, 5 Oct 2020 16:18:58 +0300 From: Cyrill Gorcunov Message-ID: <20201005131858.GF2069@grain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [Tarantool-patches] Fwd: New Defects reported by Coverity Scan for tarantool/tarantool List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: TML Hi! Here is a report for latest master 2.6.0-136-g2711797be worth to take a look and fix/triage. ----- Forwarded message from scan-admin@coverity.com ----- > Please find the latest report on new defect(s) introduced to tarantool/tarantool found with Coverity Scan. > > 150 new defect(s) introduced to tarantool/tarantool found with Coverity Scan. > 40 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. > > New defect(s) Reported-by: Coverity Scan > Showing 20 of 150 defect(s) > > > ** CID 1497676: (FORWARD_NULL) > > > ________________________________________________________________________________________________________ > *** CID 1497676: (FORWARD_NULL) > /projects/tarantool/tarantool.git/src/box/sql/legacy.c: 160 in sql_exec() > 154 azCols = 0; > 155 } > 156 > 157 exec_out: > 158 if (pStmt) > 159 sqlVdbeFinalize((Vdbe *) pStmt); > >>> CID 1497676: (FORWARD_NULL) > >>> Passing null pointer "azCols" to "sqlDbFree", which dereferences it. > 160 sqlDbFree(db, azCols); > 161 > 162 assert(rc == 0); > 163 return rc; > /projects/tarantool/tarantool.git/src/box/sql/legacy.c: 160 in sql_exec() > 154 azCols = 0; > 155 } > 156 > 157 exec_out: > 158 if (pStmt) > 159 sqlVdbeFinalize((Vdbe *) pStmt); > >>> CID 1497676: (FORWARD_NULL) > >>> Passing null pointer "azCols" to "sqlDbFree", which dereferences it. > 160 sqlDbFree(db, azCols); > 161 > 162 assert(rc == 0); > 163 return rc; > /projects/tarantool/tarantool.git/src/box/sql/legacy.c: 160 in sql_exec() > 154 azCols = 0; > 155 } > 156 > 157 exec_out: > 158 if (pStmt) > 159 sqlVdbeFinalize((Vdbe *) pStmt); > >>> CID 1497676: (FORWARD_NULL) > >>> Passing null pointer "azCols" to "sqlDbFree", which dereferences it. > 160 sqlDbFree(db, azCols); > 161 > 162 assert(rc == 0); > 163 return rc; > /projects/tarantool/tarantool.git/src/box/sql/legacy.c: 153 in sql_exec() > 147 while (sqlIsspace(zSql[0])) > 148 zSql++; > 149 break; > 150 } > 151 } > 152 > >>> CID 1497676: (FORWARD_NULL) > >>> Passing null pointer "azCols" to "sqlDbFree", which dereferences it. > 153 sqlDbFree(db, azCols); > 154 azCols = 0; > 155 } > 156 > 157 exec_out: > 158 if (pStmt) > > ** CID 1497675: Security best practices violations (TOCTOU) > /projects/tarantool/tarantool.git/src/box/func.c: 291 in module_load() > > > ________________________________________________________________________________________________________ > *** CID 1497675: Security best practices violations (TOCTOU) > /projects/tarantool/tarantool.git/src/box/func.c: 291 in module_load() > 285 if (rc < 0 || (size_t) rc >= sizeof(dir_name)) { > 286 diag_set(SystemError, "failed to generate path to DSO"); > 287 goto error; > 288 } > 289 > 290 struct stat st; > >>> CID 1497675: Security best practices violations (TOCTOU) > >>> Calling function "stat" to perform check on "path". > 291 if (stat(path, &st) < 0) { > 292 diag_set(SystemError, "failed to stat() module %s", path); > 293 goto error; > 294 } > 295 > 296 int source_fd = open(path, O_RDONLY); > > ** CID 1497674: Resource leaks (RESOURCE_LEAK) > /projects/tarantool/tarantool.git/src/box/vinyl.c: 4034 in vy_build_recover_stmt() > > > ________________________________________________________________________________________________________ > *** CID 1497674: Resource leaks (RESOURCE_LEAK) > /projects/tarantool/tarantool.git/src/box/vinyl.c: 4034 in vy_build_recover_stmt() > 4028 if (insert == NULL) > 4029 return -1; > 4030 } else if (type == IPROTO_UPSERT) { > 4031 struct tuple *new_tuple = vy_apply_upsert(mem_stmt, old_tuple, > 4032 pk->cmp_def, true); > 4033 if (new_tuple == NULL) > >>> CID 1497674: Resource leaks (RESOURCE_LEAK) > >>> Variable "delete" going out of scope leaks the storage it points to. > 4034 return -1; > 4035 uint32_t data_len; > 4036 const char *data = tuple_data_range(new_tuple, &data_len); > 4037 insert = vy_stmt_new_insert(lsm->mem_format, > 4038 data, data + data_len); > 4039 tuple_unref(new_tuple); > > ** CID 1497673: Error handling issues (CHECKED_RETURN) > /projects/tarantool/tarantool.git/test/unit/ratelimit.c: 70 in main() > > > ________________________________________________________________________________________________________ > *** CID 1497673: Error handling issues (CHECKED_RETURN) > /projects/tarantool/tarantool.git/test/unit/ratelimit.c: 70 in main() > 64 for (int i = 0; i < count; i++) { > 65 if (ratelimit_check(&rl, now, &suppressed)) > 66 emitted++; > 67 now += interval_count * interval / count; > 68 } > 69 now += interval; > >>> CID 1497673: Error handling issues (CHECKED_RETURN) > >>> Calling "ratelimit_check" without checking return value (as is done elsewhere 9 out of 10 times). > 70 ratelimit_check(&rl, now, &suppressed); > 71 check(interval_count * burst, count - interval_count * burst); > 72 > 73 check_plan(); > 74 footer(); > 75 > 76 return 0; > > ** CID 1497672: Error handling issues (CHECKED_RETURN) > /projects/tarantool/tarantool.git/src/box/key_def.c: 212 in key_def_set_part_path() > > > ________________________________________________________________________________________________________ > *** CID 1497672: Error handling issues (CHECKED_RETURN) > /projects/tarantool/tarantool.git/src/box/key_def.c: 212 in key_def_set_part_path() > 206 > 207 /* Skip JSON_TOKEN_ANY token. */ > 208 struct json_lexer lexer; > 209 struct json_token token; > 210 json_lexer_create(&lexer, path + multikey_path_len, > 211 path_len - multikey_path_len, TUPLE_INDEX_BASE); > >>> CID 1497672: Error handling issues (CHECKED_RETURN) > >>> Calling "json_lexer_next_token" without checking return value (as is done elsewhere 41 out of 48 times). > 212 json_lexer_next_token(&lexer, &token); > 213 assert(token.type == JSON_TOKEN_ANY); > 214 > 215 /* The rest of JSON path couldn't be multikey. */ > 216 int multikey_path_suffix_len = > 217 path_len - multikey_path_len - lexer.offset; > > ** CID 1497671: Memory - illegal accesses (OVERRUN) > > > ________________________________________________________________________________________________________ > *** CID 1497671: Memory - illegal accesses (OVERRUN) > /third_party/luajit/src/lj_api.c: 529 in lua_hashstring() > 523 { > 524 TValue *o = index2adr(L, idx); > 525 lua_assert(tvisstr(o)); > 526 GCstr *s = strV(o); > 527 if (! strsmart(s)) > 528 return s->hash; > >>> CID 1497671: Memory - illegal accesses (OVERRUN) > >>> Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer "(char const *)(s + 1)". > 529 return lua_hash(strdata(s), s->len); > 530 } > 531 > 532 LUALIB_API const char *luaL_checklstring(lua_State *L, int idx, size_t *len) > 533 { > 534 TValue *o = index2adr(L, idx); > > ** CID 1497670: Resource leaks (RESOURCE_LEAK) > /projects/tarantool/tarantool.git/src/box/sql/select.c: 2342 in sql_multiselect_orderby_to_key_info() > > > ________________________________________________________________________________________________________ > *** CID 1497670: Resource leaks (RESOURCE_LEAK) > /projects/tarantool/tarantool.git/src/box/sql/select.c: 2342 in sql_multiselect_orderby_to_key_info() > 2336 uint32_t id; > 2337 bool unused; > 2338 if ((term->flags & EP_Collate) != 0) { > 2339 struct coll *unused_coll; > 2340 if (sql_expr_coll(parse, term, &unused, &id, > 2341 &unused_coll) != 0) > >>> CID 1497670: Resource leaks (RESOURCE_LEAK) > >>> Variable "key_info" going out of scope leaks the storage it points to. > 2342 return 0; > 2343 } else { > 2344 id = multi_select_coll_seq(parse, s, > 2345 item->u.x.iOrderByCol - 1); > 2346 if (id != COLL_NONE) { > 2347 const char *name = coll_by_id(id)->name; > > ** CID 1497669: (CONSTANT_EXPRESSION_RESULT) > /projects/tarantool/tarantool.git/src/box/sql/vdbe.c: 4323 in sqlVdbeExec() > /projects/tarantool/tarantool.git/src/box/sql/vdbe.c: 4326 in sqlVdbeExec() > > > ________________________________________________________________________________________________________ > *** CID 1497669: (CONSTANT_EXPRESSION_RESULT) > /projects/tarantool/tarantool.git/src/box/sql/vdbe.c: 4323 in sqlVdbeExec() > 4317 assert(pOp->opcode!=OP_NextIfOpen || pOp->p4.xAdvance == sqlCursorNext); > 4318 assert(pOp->opcode!=OP_PrevIfOpen || pOp->p4.xAdvance == sqlCursorPrevious); > 4319 > 4320 /* The Next opcode is only used after SeekGT, SeekGE, and Rewind. > 4321 * The Prev opcode is only used after SeekLT, SeekLE, and Last. > 4322 */ > >>> CID 1497669: (CONSTANT_EXPRESSION_RESULT) > >>> The "or" condition "pOp->opcode != 8 || pOp->opcode != 3 || pC->seekOp == 40 || pC->seekOp == 39 || pC->seekOp == 48 || pC->seekOp == 43" will always be true because "pOp->opcode" cannot be equal to two different values at the same time, so it must be not equal to at least one of them. > 4323 assert(pOp->opcode!=OP_Next || pOp->opcode!=OP_NextIfOpen > 4324 || pC->seekOp==OP_SeekGT || pC->seekOp==OP_SeekGE > 4325 || pC->seekOp==OP_Rewind || pC->seekOp==OP_Found); > 4326 assert(pOp->opcode!=OP_Prev || pOp->opcode!=OP_PrevIfOpen > 4327 || pC->seekOp==OP_SeekLT || pC->seekOp==OP_SeekLE > 4328 || pC->seekOp==OP_Last); > /projects/tarantool/tarantool.git/src/box/sql/vdbe.c: 4326 in sqlVdbeExec() > 4320 /* The Next opcode is only used after SeekGT, SeekGE, and Rewind. > 4321 * The Prev opcode is only used after SeekLT, SeekLE, and Last. > 4322 */ > 4323 assert(pOp->opcode!=OP_Next || pOp->opcode!=OP_NextIfOpen > 4324 || pC->seekOp==OP_SeekGT || pC->seekOp==OP_SeekGE > 4325 || pC->seekOp==OP_Rewind || pC->seekOp==OP_Found); > >>> CID 1497669: (CONSTANT_EXPRESSION_RESULT) > >>> The "or" condition "pOp->opcode != 4 || pOp->opcode != 2 || pC->seekOp == 37 || pC->seekOp == 38 || pC->seekOp == 44" will always be true because "pOp->opcode" cannot be equal to two different values at the same time, so it must be not equal to at least one of them. > 4326 assert(pOp->opcode!=OP_Prev || pOp->opcode!=OP_PrevIfOpen > 4327 || pC->seekOp==OP_SeekLT || pC->seekOp==OP_SeekLE > 4328 || pC->seekOp==OP_Last); > 4329 > 4330 if (pOp->p4.xAdvance(pC->uc.pCursor, &res) != 0) > 4331 goto abort_due_to_error; > > ** CID 1497668: API usage errors (PRINTF_ARGS) > > > ________________________________________________________________________________________________________ > *** CID 1497668: API usage errors (PRINTF_ARGS) > /projects/tarantool/tarantool.git/src/box/memtx_rtree.c: 402 in memtx_rtree_index_new() > 396 assert(def->key_def->part_count == 1); > 397 assert(def->key_def->parts[0].type == FIELD_TYPE_ARRAY); > 398 assert(def->opts.is_unique == false); > 399 > 400 if (def->opts.dimension < 1 || > 401 def->opts.dimension > RTREE_MAX_DIMENSION) { > >>> CID 1497668: API usage errors (PRINTF_ARGS) > >>> Argument "def->opts.dimension" to format specifier "%lld" was expected to have type "long long" but has type "long". > 402 diag_set(UnsupportedIndexFeature, def, > 403 tt_sprintf("dimension (%lld): must belong to " > 404 "range [%u, %u]", def->opts.dimension, > 405 1, RTREE_MAX_DIMENSION)); > 406 return NULL; > 407 } > > ** CID 1497667: API usage errors (PRINTF_ARGS) > > > ________________________________________________________________________________________________________ > *** CID 1497667: API usage errors (PRINTF_ARGS) > /projects/tarantool/tarantool.git/extra/lemon.c: 2661 in parseonetoken() > 2655 } > 2656 } > 2657 break; > 2658 case WAITING_FOR_CLASS_ID: > 2659 if( !ISLOWER(x[0]) ){ > 2660 ErrorMsg(psp->filename, psp->tokenlineno, > >>> CID 1497667: API usage errors (PRINTF_ARGS) > >>> This argument was not used by the format string: "x". > 2661 "%%token_class must be followed by an identifier: ", x); > 2662 psp->errorcnt++; > 2663 psp->state = RESYNC_AFTER_DECL_ERROR; > 2664 }else if( Symbol_find(x) ){ > 2665 ErrorMsg(psp->filename, psp->tokenlineno, > 2666 "Symbol \"%s\" already used", x); > > ** CID 1497666: Integer handling issues (BAD_SHIFT) > /projects/tarantool/tarantool.git/src/box/iproto_constants.h: 174 in iproto_dml_body_has_key() > > > ________________________________________________________________________________________________________ > *** CID 1497666: Integer handling issues (BAD_SHIFT) > /projects/tarantool/tarantool.git/src/box/iproto_constants.h: 174 in iproto_dml_body_has_key() > 168 } > 169 > 170 static inline bool > 171 iproto_dml_body_has_key(const char *pos, const char *end) > 172 { > 173 unsigned char key = pos < end ? *pos : (unsigned char) IPROTO_KEY_MAX; > >>> CID 1497666: Integer handling issues (BAD_SHIFT) > >>> In expression "1ULL << key", left shifting by more than 63 bits has undefined behavior. The shift amount, "key", is as much as 82. > 174 return key < IPROTO_KEY_MAX && IPROTO_DML_BODY_BMAP & (1ULL< 175 } > 176 > 177 #undef bit > 178 > 179 static inline uint64_t > > ** CID 1497665: Resource leaks (RESOURCE_LEAK) > /projects/tarantool/tarantool.git/src/box/vy_lsm.c: 1217 in vy_lsm_split_range() > > > ________________________________________________________________________________________________________ > *** CID 1497665: Resource leaks (RESOURCE_LEAK) > /projects/tarantool/tarantool.git/src/box/vy_lsm.c: 1217 in vy_lsm_split_range() > 1211 vy_range_str(range), tuple_str(split_key.stmt)); > 1212 > 1213 rlist_foreach_entry(slice, &range->slices, in_range) > 1214 vy_slice_wait_pinned(slice); > 1215 vy_range_delete(range); > 1216 tuple_unref(split_key.stmt); > >>> CID 1497665: Resource leaks (RESOURCE_LEAK) > >>> Variable "new_slice" going out of scope leaks the storage it points to. > 1217 return true; > 1218 fail: > 1219 for (int i = 0; i < n_parts; i++) { > 1220 if (parts[i] != NULL) > 1221 vy_range_delete(parts[i]); > 1222 } > > ** CID 1497664: Resource leaks (RESOURCE_LEAK) > /projects/tarantool/tarantool.git/test/unit/sio.c: 110 in check_auto_bind() > > > ________________________________________________________________________________________________________ > *** CID 1497664: Resource leaks (RESOURCE_LEAK) > /projects/tarantool/tarantool.git/test/unit/sio.c: 110 in check_auto_bind() > 104 is(sio_getsockname(fd, (struct sockaddr *) &addr, &addrlen), 0, > 105 "getsockname works on 0 bind"); > 106 isnt(addr.sin_port, 0, "a real port is returned"); > 107 > 108 check_plan(); > 109 footer(); > >>> CID 1497664: Resource leaks (RESOURCE_LEAK) > >>> Handle variable "fd" going out of scope leaks the handle. > 110 } > 111 > 112 int > 113 main(void) > 114 { > 115 memory_init(); > > ** CID 1497663: Memory - corruptions (OVERLAPPING_COPY) > /projects/tarantool/tarantool.git/src/box/sql/vdbemem.c: 601 in vdbe_mem_numerify() > > > ________________________________________________________________________________________________________ > *** CID 1497663: Memory - corruptions (OVERLAPPING_COPY) > /projects/tarantool/tarantool.git/src/box/sql/vdbemem.c: 601 in vdbe_mem_numerify() > 595 int > 596 vdbe_mem_numerify(struct Mem *mem) > 597 { > 598 if ((mem->flags & (MEM_Int | MEM_UInt | MEM_Real | MEM_Null)) != 0) > 599 return 0; > 600 if ((mem->flags & MEM_Bool) != 0) { > >>> CID 1497663: Memory - corruptions (OVERLAPPING_COPY) > >>> Assigning "mem->u.b" to "mem->u.u", which have overlapping memory locations and different types. > 601 mem->u.u = mem->u.b; > 602 MemSetTypeFlag(mem, MEM_UInt); > 603 return 0; > 604 } > 605 assert((mem->flags & (MEM_Blob | MEM_Str)) != 0); > 606 bool is_neg; > > ** CID 1497662: Error handling issues (CHECKED_RETURN) > /projects/tarantool/tarantool.git/src/box/sql/vdbeapi.c: 533 in createAggContext() > > > ________________________________________________________________________________________________________ > *** CID 1497662: Error handling issues (CHECKED_RETURN) > /projects/tarantool/tarantool.git/src/box/sql/vdbeapi.c: 533 in createAggContext() > 527 Mem *pMem = p->pMem; > 528 assert((pMem->flags & MEM_Agg) == 0); > 529 if (nByte <= 0) { > 530 sqlVdbeMemSetNull(pMem); > 531 pMem->z = 0; > 532 } else { > >>> CID 1497662: Error handling issues (CHECKED_RETURN) > >>> Calling "sqlVdbeMemClearAndResize" without checking return value (as is done elsewhere 8 out of 9 times). > 533 sqlVdbeMemClearAndResize(pMem, nByte); > 534 pMem->flags = MEM_Agg; > 535 pMem->u.func = p->func; > 536 if (pMem->z) { > 537 memset(pMem->z, 0, nByte); > 538 } > > ** CID 1497661: Null pointer dereferences (FORWARD_NULL) > > > ________________________________________________________________________________________________________ > *** CID 1497661: Null pointer dereferences (FORWARD_NULL) > /projects/tarantool/tarantool.git/src/box/sql/build.c: 2057 in sql_create_foreign_key() > 2051 } > 2052 > 2053 exit_create_fk: > 2054 sql_expr_list_delete(db, child_cols); > 2055 if (!is_self_referenced) > 2056 sql_expr_list_delete(db, parent_cols); > >>> CID 1497661: Null pointer dereferences (FORWARD_NULL) > >>> Passing null pointer "parent_name" to "sqlDbFree", which dereferences it. > 2057 sqlDbFree(db, parent_name); > 2058 sqlDbFree(db, constraint_name); > 2059 return; > 2060 tnt_error: > 2061 parse_context->is_aborted = true; > 2062 goto exit_create_fk; > > ** CID 1497660: Memory - corruptions (USE_AFTER_FREE) > /projects/tarantool/tarantool.git/src/box/sql/func.c: 1624 in replaceFunc() > > > ________________________________________________________________________________________________________ > *** CID 1497660: Memory - corruptions (USE_AFTER_FREE) > /projects/tarantool/tarantool.git/src/box/sql/func.c: 1624 in replaceFunc() > 1618 return; > 1619 } > 1620 zOld = zOut; > 1621 zOut = sql_realloc64(zOut, (int)nOut); > 1622 if (zOut == 0) { > 1623 context->is_aborted = true; > >>> CID 1497660: Memory - corruptions (USE_AFTER_FREE) > >>> Calling "sql_free" frees pointer "zOld" which has already been freed. > 1624 sql_free(zOld); > 1625 return; > 1626 } > 1627 memcpy(&zOut[j], zRep, nRep); > 1628 j += nRep; > 1629 i += nPattern - 1; > > ** CID 1497659: Null pointer dereferences (REVERSE_INULL) > /projects/tarantool/tarantool.git/src/box/vy_write_iterator.c: 964 in vy_read_view_merge() > > > ________________________________________________________________________________________________________ > *** CID 1497659: Null pointer dereferences (REVERSE_INULL) > /projects/tarantool/tarantool.git/src/box/vy_write_iterator.c: 964 in vy_read_view_merge() > 958 */ > 959 struct tuple *copy = vy_stmt_dup(rv->entry.stmt); > 960 if (is_first_insert) > 961 vy_stmt_set_type(copy, IPROTO_INSERT); > 962 else > 963 vy_stmt_set_type(copy, IPROTO_REPLACE); > >>> CID 1497659: Null pointer dereferences (REVERSE_INULL) > >>> Null-checking "copy" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. > 964 if (copy == NULL) > 965 return -1; > 966 vy_stmt_set_lsn(copy, vy_stmt_lsn(rv->entry.stmt)); > 967 vy_stmt_unref_if_possible(rv->entry.stmt); > 968 rv->entry.stmt = copy; > 969 } > > ** CID 1497658: Security best practices violations (TOCTOU) > /projects/tarantool/tarantool.git/src/box/wal.c: 480 in wal_open() > > > ________________________________________________________________________________________________________ > *** CID 1497658: Security best practices violations (TOCTOU) > /projects/tarantool/tarantool.git/src/box/wal.c: 480 in wal_open() > 474 */ > 475 static int > 476 wal_open(struct wal_writer *writer) > 477 { > 478 const char *path = xdir_format_filename(&writer->wal_dir, > 479 vclock_sum(&writer->vclock), NONE); > >>> CID 1497658: Security best practices violations (TOCTOU) > >>> Calling function "access" to perform check on "path". > 480 if (access(path, F_OK) != 0) { > 481 if (errno == ENOENT) { > 482 /* No WAL, nothing to do. */ > 483 return 0; > 484 } > 485 diag_set(SystemError, "failed to access %s", path); > > ** CID 1497657: (CHECKED_RETURN) > /projects/tarantool/tarantool.git/src/box/xrow.c: 630 in xrow_decode_sql() > /projects/tarantool/tarantool.git/src/box/xrow.c: 629 in xrow_decode_sql() > > > ________________________________________________________________________________________________________ > *** CID 1497657: (CHECKED_RETURN) > /projects/tarantool/tarantool.git/src/box/xrow.c: 630 in xrow_decode_sql() > 624 request->stmt_id = NULL; > 625 for (uint32_t i = 0; i < map_size; ++i) { > 626 uint8_t key = *data; > 627 if (key != IPROTO_SQL_BIND && key != IPROTO_SQL_TEXT && > 628 key != IPROTO_STMT_ID) { > 629 mp_check(&data, end); /* skip the key */ > >>> CID 1497657: (CHECKED_RETURN) > >>> Calling "mp_check" without checking return value (as is done elsewhere 206 out of 208 times). > 630 mp_check(&data, end); /* skip the value */ > 631 continue; > 632 } > 633 const char *value = ++data; /* skip the key */ > 634 if (mp_check(&data, end) != 0) /* check the value */ > 635 goto error; > /projects/tarantool/tarantool.git/src/box/xrow.c: 629 in xrow_decode_sql() > 623 request->bind = NULL; > 624 request->stmt_id = NULL; > 625 for (uint32_t i = 0; i < map_size; ++i) { > 626 uint8_t key = *data; > 627 if (key != IPROTO_SQL_BIND && key != IPROTO_SQL_TEXT && > 628 key != IPROTO_STMT_ID) { > >>> CID 1497657: (CHECKED_RETURN) > >>> Calling "mp_check" without checking return value (as is done elsewhere 206 out of 208 times). > 629 mp_check(&data, end); /* skip the key */ > 630 mp_check(&data, end); /* skip the value */ > 631 continue; > 632 } > 633 const char *value = ++data; /* skip the key */ > 634 if (mp_check(&data, end) != 0) /* check the value */ > > ----- End forwarded message -----