Coverity Scan detects several issues

[mohandev2]

Coverity Scan detects several issues:

openhpi-Coverity-Scan.txt

Reported by: ngothan

Original Ticket: openhpi/bugs/1977

[mohandev2]

Coverity Scan detects several issues:

1. Defect type: STRING_OVERFLOW

2. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:611: fixed_size_dest: You might overrun the 255-character fixed-size string "temp->server" by copying "nw_info->ipAddress" without checking the length.

3. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:611: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. o 609| wrap_g_mutex_lock(temp->mutex); o 610| memset(temp->server, 0, MAX_URL_LEN); o 611|-> strncpy(temp->server, nw_info->ipAddress, o 612| strlen(nw_info->ipAddress)); o 613| wrap_g_mutex_unlock(temp->mutex);

4. Defect type: STRING_OVERFLOW

5. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4316: fixed_size_dest: You might overrun the 255-character fixed-size string "hpi_field.Field.Data" by copying "tmp" without checking the length. o 4314| return SA_ERR_HPI_OUT_OF_MEMORY; o 4315| } o 4316|-> strcpy ((char *)hpi_field.Field.Data, o 4317| tmp); o 4318|

6. Defect type: STRING_OVERFLOW

7. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4286: fixed_size_dest: You might overrun the 255-character fixed-size string "hpi_field.Field.Data" by copying "tmp" without checking the length. o 4284| return SA_ERR_HPI_OUT_OF_MEMORY; o 4285| } o 4286|-> strcpy ((char *)hpi_field.Field.Data, o 4287| tmp); o 4288|

8. Defect type: STRING_OVERFLOW

9. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4253: fixed_size_dest: You might overrun the 255-character fixed-size string "hpi_field.Field.Data" by copying "extra_data_info.value" without checking the length. o 4251| idr_area_head.AreaId; o 4252| hpi_field.Type = SAHPI_IDR_FIELDTYPE_PRODUCT_VERSION; o 4253|-> strcpy ((char *)hpi_field.Field.Data, o 4254| extra_data_info.value); o 4255|

10. Defect type: STRING_OVERFLOW

11. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:3767: fixed_size_dest: You might overrun the 255-character fixed-size string "hpi_field.Field.Data" by copying "blade_mp_response.fwVersion" without checking the length. o 3765| idr_area_head.AreaId; o 3766| hpi_field.Type = SAHPI_IDR_FIELDTYPE_PRODUCT_VERSION; o 3767|-> strcpy ((char *)hpi_field.Field.Data, o 3768| blade_mp_response.fwVersion); o 3769|

12. Defect type: BUFFER_SIZE_WARNING

13. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:3476: buffer_size_warning: Calling strncpy with a maximum size argument of 32 bytes on destination array "current_reading.Value.SensorBuffer" of size 32 bytes might leave the destination string unterminated. o 3474| current_reading.Type = o 3475| SAHPI_SENSOR_READING_TYPE_BUFFER; o 3476|-> strncpy((char *) current_reading.Value.SensorBuffer, log_desc, o 3477| SAHPI_SENSOR_BUFFER_LENGTH); o 3478| ev->event.EventDataUnion.SensorEvent.TriggerReading = current_reading;

14. Defect type: RESOURCE_LEAK

15. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4571: alloc_fn: Storage is returned from allocation function "g_malloc0".

16. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4571: var_assign: Assigning: "local_inventory" = storage returned from "g_malloc0(48UL)".

17. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4634: leaked_storage: Variable "local_inventory" going out of scope leaks the storage it points to. o 4632| if (rv != SA_OK) { o 4633| err("Add board area failed"); o 4634|-> return rv; o 4635| } o 4636| if (add_success_flag != SAHPI_FALSE) {

18. Defect type: RESOURCE_LEAK

19. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4571: alloc_fn: Storage is returned from allocation function "g_malloc0".

20. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4571: var_assign: Assigning: "local_inventory" = storage returned from "g_malloc0(48UL)".

21. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4610: leaked_storage: Variable "local_inventory" going out of scope leaks the storage it points to. o 4608| if (rv != SA_OK) { o 4609| err("Add product area failed"); o 4610|-> return rv; o 4611| } o 4612|

22. Defect type: RESOURCE_LEAK

23. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4438: alloc_fn: Storage is returned from allocation function "g_malloc0".

24. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4438: var_assign: Assigning: "local_inventory" = storage returned from "g_malloc0(48UL)".

25. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4486: leaked_storage: Variable "local_inventory" going out of scope leaks the storage it points to. o 4484| if (rv != SA_OK) { o 4485| err("Add board area failed"); o 4486|-> return rv; o 4487| } o 4488| if (add_success_flag != SAHPI_FALSE) {

26. Defect type: RESOURCE_LEAK

27. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4438: alloc_fn: Storage is returned from allocation function "g_malloc0".

28. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4438: var_assign: Assigning: "local_inventory" = storage returned from "g_malloc0(48UL)".

29. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4462: leaked_storage: Variable "local_inventory" going out of scope leaks the storage it points to. o 4460| if (rv != SA_OK) { o 4461| err("Add product area failed"); o 4462|-> return rv; o 4463| } o 4464|

30. Defect type: RESOURCE_LEAK

31. openhpi-3.7.0/plugins/oa_soap/oa_soap_discover.c:2950: alloc_arg: "build_interconnect_inv_rdr_arr" allocates memory that is stored into "inventory".

32. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4177:9: alloc_fn: Storage is returned from allocation function "g_malloc0".

33. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4177:9: var_assign: Assigning: "local_inventory" = "g_malloc0(48UL)".

34. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:4239:9: var_assign: Assigning: "*inventory" = "local_inventory".

35. openhpi-3.7.0/plugins/oa_soap/oa_soap_discover.c:2955: leaked_storage: Variable "inventory" going out of scope leaks the storage it points to. o 2953| if (rv != SA_OK) { o 2954| err("Failed to build interconnect inventory RDR"); o 2955|-> return SA_ERR_HPI_INTERNAL_ERROR; o 2956| } o 2957| rv = oh_add_rdr(oh_handler->rptcache, resource_id, &rdr, inventory, 0);

36. Defect type: RESOURCE_LEAK

37. openhpi-3.7.0/plugins/oa_soap/oa_soap_discover.c:2747: alloc_arg: "build_interconnect_inv_rdr" allocates memory that is stored into "inventory".

38. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:3886:9: alloc_fn: Storage is returned from allocation function "g_malloc0".

39. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:3886:9: var_assign: Assigning: "local_inventory" = "g_malloc0(48UL)".

40. openhpi-3.7.0/plugins/oa_soap/oa_soap_inventory.c:3948:9: var_assign: Assigning: "*inventory" = "local_inventory".

41. openhpi-3.7.0/plugins/oa_soap/oa_soap_discover.c:2751: leaked_storage: Variable "inventory" going out of scope leaks the storage it points to. o 2749| if (rv != SA_OK) { o 2750| err("Failed to get interconnect inventory RDR"); o 2751|-> return SA_ERR_HPI_INTERNAL_ERROR; o 2752| } o 2753| rv = oh_add_rdr(oh_handler->rptcache, resource_id, &rdr, inventory, 0);

42. Defect type: NO_EFFECT

43. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:2330: array_null: Comparing an array to null is not useful: "info_result->serialNumber == NULL", since the test will always evaluate as true.

44. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:2330: remediation: Was "info_result->serialNumber" formerly declared as a pointer? o 2328| state = RES_ABSENT; o 2329| } else { o 2330|-> if ((info_result->serialNumber == NULL || o 2331| info_result->serialNumber[0] == '\0')) { o 2332| strcpy(info_result->serialNumber,"No_Report");

45. Defect type: DEADCODE

46. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:1894: assignment: Assigning: "state" = "SAHPI_POWER_ON".

47. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:1897: assignment: Assigning: "state" = "SAHPI_POWER_OFF".

48. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:1904: assignment: Assigning: "state" = "SAHPI_POWER_OFF".

49. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:1913: between: When switching on "state", the value of "state" must be between 0 and 1.

50. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:1913: dead_error_condition: The switch value "state" cannot reach the default case.

51. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:1947: dead_error_begin: Execution cannot reach this statement: "default:". o 1945| break; o 1946|
    o 1947|-> default: o 1948| err("unexpected power state %d detected for " o 1949| "interconnect in bay %d",

52. Defect type: DEADCODE

53. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:1275: assignment: Assigning: "state" = "SAHPI_POWER_ON".

54. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:1278: assignment: Assigning: "state" = "SAHPI_POWER_OFF".

55. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:1294: between: When switching on "state", the value of "state" must be between 0 and 1.

56. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:1294: dead_error_condition: The switch value "state" cannot reach the default case.

57. openhpi-3.7.0/plugins/oa_soap/oa_soap_re_discover.c:1329: dead_error_begin: Execution cannot reach this statement: "default:". o 1327| break; o 1328|
    o 1329|-> default: o 1330| err("unknown Blade power state %d detected " o 1331| "in slot %d", state, info->bayNumber);

58. Defect type: DEADCODE

59. openhpi-3.7.0/plugins/oa_soap/oa_soap_discover.c:1604: assignment: Assigning: "state" = "SAHPI_POWER_ON".

60. openhpi-3.7.0/plugins/oa_soap/oa_soap_discover.c:1607: assignment: Assigning: "state" = "SAHPI_POWER_OFF".

61. openhpi-3.7.0/plugins/oa_soap/oa_soap_discover.c:1627: between: When switching on "state", the value of "state" must be between 0 and 1.

62. openhpi-3.7.0/plugins/oa_soap/oa_soap_discover.c:1627: dead_error_condition: The switch value "state" cannot reach the default case.

63. openhpi-3.7.0/plugins/oa_soap/oa_soap_discover.c:1645: dead_error_begin: Execution cannot reach this statement: "default:". o 1643| break; o 1644|
    o 1645|-> default: o 1646| err("Unknown power state %d detected for Blade" o 1647| " at bay %d", state,

64. Defect type: FORWARD_NULL

65. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:570: assign_zero: Assigning: "temp" = "NULL".

66. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:609: var_deref_op: Dereferencing null pointer "temp". o 607| } o 608| / Copy the server IP address to oa_info structure / o 609|-> wrap_g_mutex_lock(temp->mutex); o 610| memset(temp->server, 0, MAX_URL_LEN); o 611| strncpy(temp->server, nw_info->ipAddress,

67. Defect type: FORWARD_NULL

68. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:3449: var_compare_op: Comparing "description" to null implies that "description" might be null.

69. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:3453: var_deref_model: Passing null pointer "description" to "strncpy", which dereferences it. [Note: The source code implementation of the function has been overridden by a builtin model.] o 3451| else o 3452| dbg("description is NULL"); o 3453|-> strncpy(log_desc,(const char )description, o 3454| SAHPI_SENSOR_BUFFER_LENGTH-1); o 3455| ev->resource = rpt;

70. Defect type: REVERSE_INULL

71. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:3335: check_after_deref: Null-checking "last_update" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

72. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:3272: deref_ptr_in_call: Dereferencing pointer "last_update".

73. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:3296: deref_ptr_in_call: Dereferencing pointer "last_update". o 3294| last_update = xmlGetProp( n, (const xmlChar )"LAST_UPDATE"); o 3295| time = (struct tm){0,0,0,0,0,0,0,0,-1}; o 3296|-> strptime((const char) last_update,"%m/%d/%Y %H:%M", &time); o 3297| seconds = mktime( &time) * 1000000000LL; o 3298| if( seconds > ir_handler->iml_log_time)

74. Defect type: FORWARD_NULL

75. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:2041: var_compare_op: Comparing "stat" to null implies that "stat" might be null.

76. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:2033: var_deref_model: Passing null pointer "stat" to "ir_xml_record_psdata", which dereferences it.

77. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:2118:2: deref_parm_in_call: Function "strcmp" dereferences "psstat". o 2031| ((present != NULL) && o 2032| (xmlStrcmp( present, (xmlChar )"No"))))) { o 2033|-> ret = ir_xml_record_psdata( ir_handler, o 2034| (char )lbl, (char *)stat); o 2035| }

78. Defect type: FORWARD_NULL

79. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:1333: var_compare_op: Comparing "stat" to null implies that "stat" might be null.

80. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:1323: var_deref_model: Passing null pointer "stat" to "ir_xml_record_fandata", which dereferences it.

81. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_xml.c:1424:2: deref_parm_in_call: Function "strcmp" dereferences "fanstat". o 1321| } o 1322|
    o 1323|-> ret = ir_xml_record_fandata( ir_handler, (char )lbl, o 1324| (char )zone, (char )stat, (char )speed, o 1325| (char *)unit);

82. Defect type: FORWARD_NULL

83. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_discover.c:1184: var_compare_op: Comparing "psustatus" to null implies that "psustatus" might be null.

84. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_discover.c:1191: var_deref_model: Passing null pointer "psustatus" to "strcmp", which dereferences it. o 1189| } o 1190|
    o 1191|-> if(!strcmp(psustatus, "Not Installed") || o 1192| !strcmp(psustatus, "Unknown")){ o 1193| psudata->psuflags = ~IR_DISCOVERED;

85. Defect type: FORWARD_NULL

86. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_discover.c:1069: var_compare_op: Comparing "fanstatus" to null implies that "fanstatus" might be null.

87. openhpi-3.7.0/plugins/ilo2_ribcl/ilo2_ribcl_discover.c:1083: var_deref_model: Passing null pointer "fanstatus" to "strcmp", which dereferences it. o 1081| *
    o 1082| **/ o 1083|-> if(!strcmp(fanstatus, "Not Installed")|| !strcmp(fanstatus, "Unknown")){ o 1084| fandata->fanflags = ~IR_DISCOVERED; o 1085| }

88. Defect type: CLANG_WARNING

89. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:957:21: warning: Function call argument is an uninitialized value o oa_soap_parse_memory_sensor_reading(extra_data_info.value); o ^ ~~~~~

90. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:916:6: note: Assuming 'oh_handler' is not equal to null o if (oh_handler == NULL || con == NULL || status == NULL) { o ^~~~~~

91. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:916:6: note: Left side of '||' is false

92. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:916:28: note: Assuming 'con' is not equal to null o if (oh_handler == NULL || con == NULL || status == NULL) { o ^~~

93. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:916:6: note: Left side of '||' is false o if (oh_handler == NULL || con == NULL || status == NULL) { o ^

94. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:916:43: note: Assuming 'status' is not equal to null o if (oh_handler == NULL || con == NULL || status == NULL) { o ^~~~~~

95. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:916:2: note: Taking false branch o if (oh_handler == NULL || con == NULL || status == NULL) { o ^

96. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:927:6: note: Assuming 'rpt' is not equal to null o if (rpt == NULL) { o ^~~

97. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:927:2: note: Taking false branch o if (rpt == NULL) { o ^

98. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:939:2: note: Loop condition is false. Execution continues on line 951 o while (extra_data) { o ^

99. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:951:9: note: Taking true branch o if(oa_handler->memErrRecFlag[bay - 1]) { o ^

100. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:955:17: note: Taking true branch o if (memErrFlag[bay - 1]) { o ^

101. openhpi-3.7.0/plugins/oa_soap/oa_soap_server_event.c:957:21: note: Function call argument is an uninitialized value o oa_soap_parse_memory_sensor_reading(extra_data_info.value); o ^ ~~~~~ o 955| if (memErrFlag[bay - 1]) { o 956| mainMemoryError = (char *) o 957|-> oa_soap_parse_memory_sensor_reading(extra_data_info.value); o 958| rv = oa_soap_proc_mem_evt(oh_handler, resource_id, o 959| OA_SOAP_SEN_MAIN_MEMORY_ERRORS,

102. Defect type: CLANG_WARNING

103. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:609:20: warning: Access to field 'mutex' results in a dereference of a null pointer (loaded from variable 'temp') o wrap_g_mutex_lock(temp->mutex); o ^~~~

104. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:570:9: note: 'temp' initialized to a null pointer value o struct oa_info *temp = NULL; o ^~~~~~~~

105. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:573:13: note: Assuming 'oh_handler' is not equal to null o if (oh_handler == NULL || nw_info == NULL) { o ^~~~~~

106. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:573:13: note: Left side of '||' is false

107. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:573:35: note: Assuming 'nw_info' is not equal to null o if (oh_handler == NULL || nw_info == NULL) { o ^~~~~~~

108. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:573:9: note: Taking false branch o if (oh_handler == NULL || nw_info == NULL) { o ^

109. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:581:9: note: 'Default' branch taken. Execution continues on line 590 o switch (bay_number) { o ^

110. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:592:9: note: Loop condition is false. Execution continues on line 609 o while (extra_data) { o ^

111. openhpi-3.7.0/plugins/oa_soap/oa_soap_oa_event.c:609:20: note: Access to field 'mutex' results in a dereference of a null pointer (loaded from variable 'temp') o wrap_g_mutex_lock(temp->mutex); o ^~~~ o 607| } o 608| / Copy the server IP address to oa_info structure / o 609|-> wrap_g_mutex_lock(temp->mutex); o 610| memset(temp->server, 0, MAX_URL_LEN); o 611| strncpy(temp->server, nw_info->ipAddress,

112. Defect type: COMPILER_WARNING ¶

113. openhpi-3.7.0/baselib/session.cpp:121:15: warning: extended initializer lists only available with -std=c++11 or -std=gnu++11 [enabled by default] o m_sockets = G_PRIVATE_INIT (g_free); o ^ o 119| { o 120| #if GLIB_CHECK_VERSION (2, 32, 0) o 121|-> m_sockets = G_PRIVATE_INIT (g_free); o 122| #else o 123| wrap_g_static_private_init( &m_sockets );

Original comment by: ngothan

[mohandev2]

• assigned_to: Hemantha Beecherla

Original comment by: mohandev2

[mohandev2]

• 3.7.0: 3.7.0 --> 3.8.0

Original comment by: mohandev2

[mohandev2]

• status: open --> closed-fixed

Original comment by: HemanthBeecherla

[mohandev2]

Fixed in revision 7734.

Original comment by: HemanthBeecherla

[mohandev2]

• labels: --> OpenHPI base library

Original comment by: HemanthBeecherla