Open Coverity defects in DPDK
Mcnamara, John
john.mcnamara at intel.com
Fri Feb 11 09:53:36 CET 2022
P.S., In Coverity there are a number of "Out-of-bounds access (OVERRUN)" defects that relate to rte_memcpy() or one of the wrappers around it. They look like this:
CID 362728 (#1 of 1): Out-of-bounds access (OVERRUN)
11. overrun-buffer-val: Overrunning array tdata->auth_tag.data of 16 bytes by
passing it to a function which accesses it at byte offset 160.
8182 rte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,
8183 tdata->auth_tag.len);
8184 debug_hexdump(stdout, "digest:",
8185 sym_op->aead.digest.data,
8186 tdata->auth_tag.len);
8187 }
As far as we can tell these are false positives since there are a number of different size handling statements in rte_memcpy() and an issue like this would result in an immediate error under any sort of load.
In this case you can edit the defect online and change the defect "Classification" to "False Positive" and change the "Action" to "Ignore".
If anyone disagrees and thinks that this is a real issue, let me know.
John
From: Mcnamara, John <john.mcnamara at intel.com>
Sent: Thursday, February 10, 2022 8:44 PM
To: gaetan.rivet at 6wind.com; ilyes.ben_hamouda at 6wind.com; olivier.matz at 6wind.com; ajit.khaparde at broadcom.com; farah.smith at broadcom.com; kalesh-anakkur.purayil at broadcom.com; kishore.padmanabha at broadcom.com; lance.richardson at broadcom.com; michael.wildt at broadcom.com; peter.spreadborough at broadcom.com; somnath.kotur at broadcom.com; stuart.schacher at broadcom.com; sunila.sahu at caviumnetworks.com; hyonkim at cisco.com; vatangchengchang at huawei.com; adwivedi at marvell.com; anoobj at marvell.com; asekhar at marvell.com; gmuthukrishn at marvell.com; hkalra at marvell.com; jerinj at marvell.com; kirankumark at marvell.com; ktejasree at marvell.com; ndabilpuram at marvell.com; pbhagavatula at marvell.com; psatheesh at marvell.com; schalla at marvell.com; skori at marvell.com; sthotton at marvell.com; tduszynski at marvell.com; jackmin at mellanox.com; viacheslavo at mellanox.com; xuemingl at mellanox.com; stephen at networkplumber.org; dkozlyuk at nvidia.com; eagostini at nvidia.com; shunh at nvidia.com; suanmingm at nvidia.com; xuemingl at nvidia.com; apeksha.gupta at nxp.com; franck.lenormand at nxp.com; g.singh at nxp.com; hemant.agrawal at nxp.com; jun.yang at nxp.com; nipun.gupta at nxp.com; shreyansh.jain at nxp.com; ivan.ilchenko at oktetlabs.ru; zyta.szpak at semihalf.com; jiawenwu at trustnetic.com; vsrivast at xilinx.com
Cc: thomas at monjalon.net; Yigit, Ferruh <ferruh.yigit at intel.com>; Morrissey, Sean <sean.morrissey at intel.com>; dev at dpdk.org; jerinj at marvell.com
Subject: Open Coverity defects in DPDK
Folks,
If your email is on the "To" list then you have an open defect in the DPDK Coverity database. Due to an issue with an automated emailer you may not have received an email notifying you about this. We will try to send them again.
In the meantime you can see the defects against your email in the list below. If you spot any email addresses that are no longer valid please let me and Sean know.
You can review the defects online at:
http://scan.coverity.com/projects/dpdk-data-plane-development-kit
If you aren't registered for the DPDK Coverity you can do so here:
http://scan.coverity.com/users/sign_up
CID Type Owner
------ ------------------------------ -----------------------------
373712 Resource leak gaetan.rivet at 6wind.com<mailto:gaetan.rivet at 6wind.com>
373890 Negative array index read ilyes.ben_hamouda at 6wind.com<mailto:ilyes.ben_hamouda at 6wind.com>
373888 Out-of-bounds read ilyes.ben_hamouda at 6wind.com<mailto:ilyes.ben_hamouda at 6wind.com>
373855 Logically dead code olivier.matz at 6wind.com<mailto:olivier.matz at 6wind.com>
373686 Waiting while holding a lock olivier.matz at 6wind.com<mailto:olivier.matz at 6wind.com>
369668 Out-of-bounds access ajit.khaparde at broadcom.com<mailto:ajit.khaparde at broadcom.com>
371896 Out-of-bounds access farah.smith at broadcom.com<mailto:farah.smith at broadcom.com>
371894 Out-of-bounds access farah.smith at broadcom.com<mailto:farah.smith at broadcom.com>
369660 Out-of-bounds access kalesh-anakkur.purayil at broadcom.com<mailto:kalesh-anakkur.purayil at broadcom.com>
373390 Untrusted value as argument kishore.padmanabha at broadcom.com<mailto:kishore.padmanabha at broadcom.com>
373389 Untrusted value as argument kishore.padmanabha at broadcom.com<mailto:kishore.padmanabha at broadcom.com>
369669 Out-of-bounds read lance.richardson at broadcom.com<mailto:lance.richardson at broadcom.com>
374939 Dereference after null check michael.wildt at broadcom.com<mailto:michael.wildt at broadcom.com>
369665 Out-of-bounds access peter.spreadborough at broadcom.com<mailto:peter.spreadborough at broadcom.com>
372064 Uninitialized scalar variable somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369667 Out-of-bounds access somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369666 Out-of-bounds access somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369662 Out-of-bounds access somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369661 Out-of-bounds access somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369659 Out-of-bounds access somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369658 Out-of-bounds access stuart.schacher at broadcom.com<mailto:stuart.schacher at broadcom.com>
373869 Unchecked return value sunila.sahu at caviumnetworks.com<mailto:sunila.sahu at caviumnetworks.com>
373365 Dereference null return value sunila.sahu at caviumnetworks.com<mailto:sunila.sahu at caviumnetworks.com>
375064 Dereference after null check hyonkim at cisco.com<mailto:hyonkim at cisco.com>
367379 Failure to restore non-local vatangchengchang at huawei.com<mailto:vatangchengchang at huawei.com>
372137 Untrusted value as argument adwivedi at marvell.com<mailto:adwivedi at marvell.com>
372138 Untrusted value as argument anoobj at marvell.com<mailto:anoobj at marvell.com>
370218 Dereference null return value asekhar at marvell.com<mailto:asekhar at marvell.com>
373635 Logically dead code gmuthukrishn at marvell.com<mailto:gmuthukrishn at marvell.com>
373628 Dereference null return value gmuthukrishn at marvell.com<mailto:gmuthukrishn at marvell.com>
374858 Unchecked return value hkalra at marvell.com<mailto:hkalra at marvell.com>
371880 Uninitialized scalar variable jerinj at marvell.com<mailto:jerinj at marvell.com>
371876 Uninitialized scalar variable jerinj at marvell.com<mailto:jerinj at marvell.com>
372065 Explicit null dereferenced kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370225 Uninitialized pointer read kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370224 Uninitialized pointer read kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370223 Uninitialized pointer read kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370221 Uninitialized pointer read kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370220 Uninitialized pointer read kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370219 Uninitialized pointer read kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370217 Uninitialized pointer read kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370214 Uninitialized pointer read kirankumark at marvell.com<mailto:kirankumark at marvell.com>
373857 Out-of-bounds access ktejasree at marvell.com<mailto:ktejasree at marvell.com>
371877 Uninitialized scalar variable ndabilpuram at marvell.com<mailto:ndabilpuram at marvell.com>
371872 Uninitialized scalar variable ndabilpuram at marvell.com<mailto:ndabilpuram at marvell.com>
370215 Unchecked return value ndabilpuram at marvell.com<mailto:ndabilpuram at marvell.com>
370213 Unchecked return value ndabilpuram at marvell.com<mailto:ndabilpuram at marvell.com>
374991 Resource leak pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
374990 Resource leak pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
370587 Uninitialized pointer read pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
370580 Unsigned compared against 0 pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
370579 Uninitialized pointer read pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
370578 Uninitialized scalar variable pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
370222 Dereference null return value pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
373870 Division or modulo by zero psatheesh at marvell.com<mailto:psatheesh at marvell.com>
373258 Unintended sign extension psatheesh at marvell.com<mailto:psatheesh at marvell.com>
373859 Dereference after null check schalla at marvell.com<mailto:schalla at marvell.com>
373630 Uninitialized scalar variable skori at marvell.com<mailto:skori at marvell.com>
373636 Uninitialized scalar variable sthotton at marvell.com<mailto:sthotton at marvell.com>
373623 Uninitialized scalar variable sthotton at marvell.com<mailto:sthotton at marvell.com>
373361 Logically dead code sthotton at marvell.com<mailto:sthotton at marvell.com>
370584 Reliance on integer endianness sthotton at marvell.com<mailto:sthotton at marvell.com>
370582 Reliance on integer endianness sthotton at marvell.com<mailto:sthotton at marvell.com>
370581 Division or modulo by float zersthotton at marvell.com<mailto:zersthotton at marvell.com>
371873 Wrong sizeof argument tduszynski at marvell.com<mailto:tduszynski at marvell.com>
373627 Dereference after null check jackmin at mellanox.com<mailto:jackmin at mellanox.com>
373633 Out-of-bounds access viacheslavo at mellanox.com<mailto:viacheslavo at mellanox.com>
373708 Waiting while holding a lock xuemingl at mellanox.com<mailto:xuemingl at mellanox.com>
373664 Unchecked return value stephen at networkplumber.org<mailto:stephen at networkplumber.org>
373662 Unchecked return value stephen at networkplumber.org<mailto:stephen at networkplumber.org>
373661 Dereference after null check stephen at networkplumber.org<mailto:stephen at networkplumber.org>
375091 Division or modulo by zero dkozlyuk at nvidia.com<mailto:dkozlyuk at nvidia.com>
374940 Uninitialized scalar variable eagostini at nvidia.com<mailto:eagostini at nvidia.com>
374376 Unchecked return value eagostini at nvidia.com<mailto:eagostini at nvidia.com>
374373 Uninitialized pointer read eagostini at nvidia.com<mailto:eagostini at nvidia.com>
370611 Bad bit shift operation shunh at nvidia.com<mailto:shunh at nvidia.com>
374378 Structurally dead code suanmingm at nvidia.com<mailto:suanmingm at nvidia.com>
373691 Waiting while holding a lock xuemingl at nvidia.com<mailto:xuemingl at nvidia.com>
374021 Untrusted value as argument apeksha.gupta at nxp.com<mailto:apeksha.gupta at nxp.com>
374020 Argument cannot be negative apeksha.gupta at nxp.com<mailto:apeksha.gupta at nxp.com>
374017 Resource leak apeksha.gupta at nxp.com<mailto:apeksha.gupta at nxp.com>
374016 Unused value apeksha.gupta at nxp.com<mailto:apeksha.gupta at nxp.com>
374015 String not null terminated apeksha.gupta at nxp.com<mailto:apeksha.gupta at nxp.com>
373161 Structurally dead code franck.lenormand at nxp.com<mailto:franck.lenormand at nxp.com>
373908 Unused value g.singh at nxp.com<mailto:g.singh at nxp.com>
373907 Unused value g.singh at nxp.com<mailto:g.singh at nxp.com>
373619 Out-of-bounds access g.singh at nxp.com<mailto:g.singh at nxp.com>
373621 Resource leak hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373618 Uninitialized scalar variable hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373617 Argument cannot be negative hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373424 Dereference before null check hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373422 Dereference before null check hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373421 Unintentional integer overflow hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373415 Dereference before null check hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373414 Dereference before null check hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373412 Dereference before null check hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
367380 Dereference before null check hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
375066 Resource leak jun.yang at nxp.com<mailto:jun.yang at nxp.com>
375063 Resource leak jun.yang at nxp.com<mailto:jun.yang at nxp.com>
375062 Resource leak jun.yang at nxp.com<mailto:jun.yang at nxp.com>
375061 Resource leak jun.yang at nxp.com<mailto:jun.yang at nxp.com>
375060 Argument cannot be negative jun.yang at nxp.com<mailto:jun.yang at nxp.com>
367378 Explicit null dereferenced nipun.gupta at nxp.com<mailto:nipun.gupta at nxp.com>
373703 Resource leak shreyansh.jain at nxp.com<mailto:shreyansh.jain at nxp.com>
373874 Uninitialized scalar variable ivan.ilchenko at oktetlabs.ru<mailto:ivan.ilchenko at oktetlabs.ru>
372201 Unchecked return value zyta.szpak at semihalf.com<mailto:zyta.szpak at semihalf.com>
373893 Out-of-bounds write jiawenwu at trustnetic.com<mailto:jiawenwu at trustnetic.com>
373884 Logically dead code jiawenwu at trustnetic.com<mailto:jiawenwu at trustnetic.com>
373883 Memset buffer size of 0 jiawenwu at trustnetic.com<mailto:jiawenwu at trustnetic.com>
373880 Out-of-bounds read jiawenwu at trustnetic.com<mailto:jiawenwu at trustnetic.com>
373873 Unchecked return value jiawenwu at trustnetic.com<mailto:jiawenwu at trustnetic.com>
373881 Dereference after null check vsrivast at xilinx.com<mailto:vsrivast at xilinx.com>
373876 Dereference after null check vsrivast at xilinx.com<mailto:vsrivast at xilinx.com>
373872 Dereference after null check vsrivast at xilinx.com<mailto:vsrivast at xilinx.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mails.dpdk.org/archives/dev/attachments/20220211/9c4b701a/attachment-0001.htm>
More information about the dev
mailing list