Uploaded image for project: 'WiredTiger'
  1. WiredTiger
  2. WT-3134

Coverity scan reports 1368529 and 1368528

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor - P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: WT2.9.2, 3.2.13, 3.4.3, 3.5.2
    • Component/s: None
    • Labels:
      None
    • Sprint:
      Storage 2017-01-23

      Description

      *** CID 1368529:  Security best practices violations  (TOCTOU)
      /test/recovery/random-abort.c: 355 in main()
      349
      350             absent = count = 0;
      351             fatal = false;
      352             for (i = 0; i < nth; ++i) {
      353                     middle = 0;
      354                     snprintf(fname, sizeof(fname), RECORDS_FILE, i);
      >>>     CID 1368529:  Security best practices violations  (TOCTOU)
      >>>     Calling function "fopen" that uses "fname" after a check function. This can cause a time-of-check, time-of-use race condition.
      355                     if ((fp = fopen(fname, "r")) == NULL) {
      356                             fprintf(stderr,
      357                                 "Failed to open %s. i %" PRIu32 "\n", fname, i);
      358                             testutil_die(errno, "fopen");
      359                     }
      360
      


      *** CID 1368528:    (DEADCODE)
      /bench/wtperf/wtperf.c: 2533 in main()
      2527                    req_len += (user_cconfig != NULL ? strlen(user_cconfig) : 0);
      2528                    req_len += (debug_cconfig != NULL ? strlen(debug_cconfig) : 0);
      2529                    cc_buf = dmalloc(req_len);
      2530
      2531                    if (wtperf->async_config != NULL &&
      2532                        strlen(wtperf->async_config)) {
      >>>     CID 1368528:    (DEADCODE)
      >>>     Execution cannot reach the expression "","" inside this statement: "pos += (uint32_t)snprintf(c...".
      2533                            pos += (uint32_t)snprintf(
      2534                                cc_buf + pos, req_len - pos, "%s%s",
      2535                                append_comma ? "," : "", wtperf->async_config);
      2536                            append_comma = true;
      2537                    }
      2538                    if (wtperf->compress_ext != NULL &&
      /bench/wtperf/wtperf.c: 2585 in main()
      2579                    req_len += (user_tconfig != NULL ? strlen(user_tconfig) : 0);
      2580                    req_len += (debug_tconfig != NULL ? strlen(debug_tconfig) : 0);
      2581                    tc_buf = dmalloc(req_len);
      2582
      2583                    if (wtperf->compress_table != NULL &&
      2584                        strlen(wtperf->compress_table)) {
      >>>     CID 1368528:    (DEADCODE)
      >>>     Execution cannot reach the expression "","" inside this statement: "pos += (uint32_t)snprintf(t...".
      2585                            pos += (uint32_t)snprintf(
      2586                                tc_buf + pos, req_len - pos, "%s%s",
      2587                                append_comma ? "," : "", wtperf->compress_table);
      2588                            append_comma = true;
      2589                    }
      2590                    if (opts->index) {
      

        Attachments

          Activity

            People

            • Assignee:
              keith.bostic Keith Bostic
              Reporter:
              keith.bostic Keith Bostic
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: