Re: New Defects reported by Coverity Scan for git

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Stefan Beller <sbeller@google.com>
To: Duy Nguyen <pclouds@gmail.com>
Cc: Jeff King <peff@peff.net>, Git Mailing List <git@vger.kernel.org>
Subject: Re: New Defects reported by Coverity Scan for git
Date: Fri, 31 Jul 2015 09:58:58 -0700	[thread overview]
Message-ID: <CAGZ79kYKykLBD9VddmuV7BXJGF5YncJbn8pvs-wdEy-=1ucpuA@mail.gmail.com> (raw)
In-Reply-To: <CAGZ79kZMzy7x7HufeM1dotmhKn5HEw_Yoo5p8bYOfUKLbjxSww@mail.gmail.com>

On Fri, Jul 31, 2015 at 9:11 AM, Stefan Beller <sbeller@google.com> wrote:
> On Fri, Jul 31, 2015 at 4:24 AM, Duy Nguyen <pclouds@gmail.com> wrote:
>> Jeff, I suppose you are the admin of git on scan.coverity, or knows
>> him/her, perhaps we can add a model for xmalloc to suppress these
>> "null pointer deferences" reports? We are sure xmalloc() never returns
>> NULL. Qemu did it [1] and it looks simple.. I think something like
>> this would do
>>
>> void *xmalloc(size_t size)
>> {
>>    void *mem = malloc(size);
>>    if (!mem) __coverity_panic__();
>>    return mem;
>> }
>>
>> [1] http://git.qemu.org/?p=qemu.git;a=blob;f=scripts/coverity-model.c;h=4c99a85cfc292caa9edd9d041e2683ee53490a8d;hb=e40cdb0e6efb795e4d19368987d53e3e4ae19cf7#l104
>>
>
> Taking just that excerpt doesn't work. Upload fails with
> "modeling_file.c", line 12: error #20:
>           identifier "malloc" is undefined
>   void *mem = malloc(size);
>
> I'll look into your reference[1] a bit more and try to follow it as a guidance.

So I put in these lines into the modeling file:
void *malloc(size_t);
void *calloc(size_t, size_t);
void *realloc(void *, size_t);
void free(void *);


void *xrealloc(void *ptr, size_t size)
{
  void *ret = realloc(ptr, size);
  if (!ret) __coverity_panic__();
  return ret;
}

void *xmalloc(size_t size)
{
  void *mem = malloc(size);
  if (!mem) __coverity_panic__();
  return mem;
}

void xcalloc(size_t num, size_t size)
{
  void *ret = calloc(num, size);
  if (!ret)  __coverity_panic__();
  return ret;
}

and there seem to be 42 new defects and 20 fixed defects by the modeling of
memory allocations. We'd need to check if coverity understood the modeling
as we intended it. Looking at the first few issues, they seem to be
correctly finding
leaks.


>
>
>>
>> ---------- Forwarded message ----------
>> From:  <scan-admin@coverity.com>
>> Date: Fri, Jul 31, 2015 at 5:54 PM
>> Subject: New Defects reported by Coverity Scan for git
>> To: pclouds@gmail.com
>>
>> _______________________________________________________________________________________________________
>> *** CID 1313836:  Null pointer dereferences  (FORWARD_NULL)
>> /rerere.c: 150 in find_rerere_dir()
>> 144                     return NULL; /* BUG */
>> 145             pos = sha1_pos(sha1, rerere_dir, rerere_dir_nr,
>> rerere_dir_sha1);
>> 146             if (pos < 0) {
>> 147                     rr_dir = xmalloc(sizeof(*rr_dir));
>> 148                     hashcpy(rr_dir->sha1, sha1);
>> 149                     rr_dir->status_nr = rr_dir->status_alloc = 0;
>>>>>     CID 1313836:  Null pointer dereferences  (FORWARD_NULL)
>>>>>     Assigning: "rr_dir->status" = "NULL".
>> 150                     rr_dir->status = NULL;
>> 151                     pos = -1 - pos;
>> 152
>> 153                     /* Make sure the array is big enough ... */
>> 154                     ALLOC_GROW(rerere_dir, rerere_dir_nr + 1,
>> rerere_dir_alloc);
>> 155                     /* ... and add it in. */
>>
>> ** CID 1313835:  Null pointer dereferences  (FORWARD_NULL)
>> /builtin/fetch.c: 795 in prune_refs()
>> --
>> Duy
>> --
>> To unsubscribe from this list: send the line "unsubscribe git" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2015-07-31 16:59 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <55bb53d17f78c_2d71521318537c@scan.mail>
2015-07-31 11:24 ` Fwd: New Defects reported by Coverity Scan for git Duy Nguyen
2015-07-31 16:11   ` Stefan Beller
2015-07-31 16:58     ` Stefan Beller [this message]
     [not found] <558151df465a5_4fafe3b3182568a@scan.mail>
2015-06-17 13:54 ` Fwd: " Duy Nguyen
2015-06-17 14:39   ` Paul Tan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAGZ79kYKykLBD9VddmuV7BXJGF5YncJbn8pvs-wdEy-=1ucpuA@mail.gmail.com' \
    --to=sbeller@google.com \
    --cc=git@vger.kernel.org \
    --cc=pclouds@gmail.com \
    --cc=peff@peff.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).