Open Coverity defects in DPDK

Mcnamara, John john.mcnamara at intel.com
Fri Feb 11 09:53:36 CET 2022
Previous message (by thread): Open Coverity defects in DPDK
Next message (by thread): [PATCH 0/3] small fixes suggested by Coverity scan
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
P.S., In Coverity there are a number of "Out-of-bounds access (OVERRUN)" defects that relate to rte_memcpy() or one of the wrappers around it. They look like this:


    CID 362728 (#1 of 1): Out-of-bounds access (OVERRUN)
    11. overrun-buffer-val: Overrunning array tdata->auth_tag.data of 16 bytes by
        passing it to a function which accesses it at byte offset 160.
    8182                rte_memcpy(sym_op->aead.digest.data, tdata->auth_tag.data,
    8183                        tdata->auth_tag.len);
    8184                debug_hexdump(stdout, "digest:",
    8185                        sym_op->aead.digest.data,
    8186                        tdata->auth_tag.len);
    8187        }

As far as we can tell these are false positives since there are a number of different size handling statements in rte_memcpy() and an issue like this would result in an immediate error under any sort of load.

In this case you can edit the defect online and change the defect "Classification" to "False Positive" and change the "Action" to "Ignore".

If anyone disagrees and thinks that this is a real issue, let me know.

John



From: Mcnamara, John <john.mcnamara at intel.com>
Sent: Thursday, February 10, 2022 8:44 PM
To: gaetan.rivet at 6wind.com; ilyes.ben_hamouda at 6wind.com; olivier.matz at 6wind.com; ajit.khaparde at broadcom.com; farah.smith at broadcom.com; kalesh-anakkur.purayil at broadcom.com; kishore.padmanabha at broadcom.com; lance.richardson at broadcom.com; michael.wildt at broadcom.com; peter.spreadborough at broadcom.com; somnath.kotur at broadcom.com; stuart.schacher at broadcom.com; sunila.sahu at caviumnetworks.com; hyonkim at cisco.com; vatangchengchang at huawei.com; adwivedi at marvell.com; anoobj at marvell.com; asekhar at marvell.com; gmuthukrishn at marvell.com; hkalra at marvell.com; jerinj at marvell.com; kirankumark at marvell.com; ktejasree at marvell.com; ndabilpuram at marvell.com; pbhagavatula at marvell.com; psatheesh at marvell.com; schalla at marvell.com; skori at marvell.com; sthotton at marvell.com; tduszynski at marvell.com; jackmin at mellanox.com; viacheslavo at mellanox.com; xuemingl at mellanox.com; stephen at networkplumber.org; dkozlyuk at nvidia.com; eagostini at nvidia.com; shunh at nvidia.com; suanmingm at nvidia.com; xuemingl at nvidia.com; apeksha.gupta at nxp.com; franck.lenormand at nxp.com; g.singh at nxp.com; hemant.agrawal at nxp.com; jun.yang at nxp.com; nipun.gupta at nxp.com; shreyansh.jain at nxp.com; ivan.ilchenko at oktetlabs.ru; zyta.szpak at semihalf.com; jiawenwu at trustnetic.com; vsrivast at xilinx.com
Cc: thomas at monjalon.net; Yigit, Ferruh <ferruh.yigit at intel.com>; Morrissey, Sean <sean.morrissey at intel.com>; dev at dpdk.org; jerinj at marvell.com
Subject: Open Coverity defects in DPDK

Folks,

If your email is on the "To" list then you have an open defect in the DPDK Coverity database. Due to an issue with an automated emailer you may not have received an email notifying you about this. We will try to send them again.

In the meantime you can see the defects against your email in the list below. If you spot any email addresses that are no longer valid please let me and Sean know.

You can review the defects online at:

    http://scan.coverity.com/projects/dpdk-data-plane-development-kit

If you aren't registered for the DPDK Coverity you can do so here:

    http://scan.coverity.com/users/sign_up



CID     Type                           Owner
------  ------------------------------ -----------------------------
373712  Resource leak                  gaetan.rivet at 6wind.com<mailto:gaetan.rivet at 6wind.com>
373890  Negative array index read      ilyes.ben_hamouda at 6wind.com<mailto:ilyes.ben_hamouda at 6wind.com>
373888  Out-of-bounds read             ilyes.ben_hamouda at 6wind.com<mailto:ilyes.ben_hamouda at 6wind.com>
373855  Logically dead code            olivier.matz at 6wind.com<mailto:olivier.matz at 6wind.com>
373686  Waiting while holding a lock   olivier.matz at 6wind.com<mailto:olivier.matz at 6wind.com>
369668  Out-of-bounds access           ajit.khaparde at broadcom.com<mailto:ajit.khaparde at broadcom.com>
371896  Out-of-bounds access           farah.smith at broadcom.com<mailto:farah.smith at broadcom.com>
371894  Out-of-bounds access           farah.smith at broadcom.com<mailto:farah.smith at broadcom.com>
369660  Out-of-bounds access           kalesh-anakkur.purayil at broadcom.com<mailto:kalesh-anakkur.purayil at broadcom.com>
373390  Untrusted value as argument    kishore.padmanabha at broadcom.com<mailto:kishore.padmanabha at broadcom.com>
373389  Untrusted value as argument    kishore.padmanabha at broadcom.com<mailto:kishore.padmanabha at broadcom.com>
369669  Out-of-bounds read             lance.richardson at broadcom.com<mailto:lance.richardson at broadcom.com>
374939  Dereference after null check   michael.wildt at broadcom.com<mailto:michael.wildt at broadcom.com>
369665  Out-of-bounds access           peter.spreadborough at broadcom.com<mailto:peter.spreadborough at broadcom.com>
372064  Uninitialized scalar variable  somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369667  Out-of-bounds access           somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369666  Out-of-bounds access           somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369662  Out-of-bounds access           somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369661  Out-of-bounds access           somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369659  Out-of-bounds access           somnath.kotur at broadcom.com<mailto:somnath.kotur at broadcom.com>
369658  Out-of-bounds access           stuart.schacher at broadcom.com<mailto:stuart.schacher at broadcom.com>
373869  Unchecked return value         sunila.sahu at caviumnetworks.com<mailto:sunila.sahu at caviumnetworks.com>
373365  Dereference null return value  sunila.sahu at caviumnetworks.com<mailto:sunila.sahu at caviumnetworks.com>
375064  Dereference after null check   hyonkim at cisco.com<mailto:hyonkim at cisco.com>
367379  Failure to restore non-local   vatangchengchang at huawei.com<mailto:vatangchengchang at huawei.com>
372137  Untrusted value as argument    adwivedi at marvell.com<mailto:adwivedi at marvell.com>
372138  Untrusted value as argument    anoobj at marvell.com<mailto:anoobj at marvell.com>
370218  Dereference null return value  asekhar at marvell.com<mailto:asekhar at marvell.com>
373635  Logically dead code            gmuthukrishn at marvell.com<mailto:gmuthukrishn at marvell.com>
373628  Dereference null return value  gmuthukrishn at marvell.com<mailto:gmuthukrishn at marvell.com>
374858  Unchecked return value         hkalra at marvell.com<mailto:hkalra at marvell.com>
371880  Uninitialized scalar variable  jerinj at marvell.com<mailto:jerinj at marvell.com>
371876  Uninitialized scalar variable  jerinj at marvell.com<mailto:jerinj at marvell.com>
372065  Explicit null dereferenced     kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370225  Uninitialized pointer read     kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370224  Uninitialized pointer read     kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370223  Uninitialized pointer read     kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370221  Uninitialized pointer read     kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370220  Uninitialized pointer read     kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370219  Uninitialized pointer read     kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370217  Uninitialized pointer read     kirankumark at marvell.com<mailto:kirankumark at marvell.com>
370214  Uninitialized pointer read     kirankumark at marvell.com<mailto:kirankumark at marvell.com>
373857  Out-of-bounds access           ktejasree at marvell.com<mailto:ktejasree at marvell.com>
371877  Uninitialized scalar variable  ndabilpuram at marvell.com<mailto:ndabilpuram at marvell.com>
371872  Uninitialized scalar variable  ndabilpuram at marvell.com<mailto:ndabilpuram at marvell.com>
370215  Unchecked return value         ndabilpuram at marvell.com<mailto:ndabilpuram at marvell.com>
370213  Unchecked return value         ndabilpuram at marvell.com<mailto:ndabilpuram at marvell.com>
374991  Resource leak                  pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
374990  Resource leak                  pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
370587  Uninitialized pointer read     pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
370580  Unsigned compared against 0    pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
370579  Uninitialized pointer read     pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
370578  Uninitialized scalar variable  pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
370222  Dereference null return value  pbhagavatula at marvell.com<mailto:pbhagavatula at marvell.com>
373870  Division or modulo by zero     psatheesh at marvell.com<mailto:psatheesh at marvell.com>
373258  Unintended sign extension      psatheesh at marvell.com<mailto:psatheesh at marvell.com>
373859  Dereference after null check   schalla at marvell.com<mailto:schalla at marvell.com>
373630  Uninitialized scalar variable  skori at marvell.com<mailto:skori at marvell.com>
373636  Uninitialized scalar variable  sthotton at marvell.com<mailto:sthotton at marvell.com>
373623  Uninitialized scalar variable  sthotton at marvell.com<mailto:sthotton at marvell.com>
373361  Logically dead code            sthotton at marvell.com<mailto:sthotton at marvell.com>
370584  Reliance on integer endianness sthotton at marvell.com<mailto:sthotton at marvell.com>
370582  Reliance on integer endianness sthotton at marvell.com<mailto:sthotton at marvell.com>
370581  Division or modulo by float zersthotton at marvell.com<mailto:zersthotton at marvell.com>
371873  Wrong sizeof argument          tduszynski at marvell.com<mailto:tduszynski at marvell.com>
373627  Dereference after null check   jackmin at mellanox.com<mailto:jackmin at mellanox.com>
373633  Out-of-bounds access           viacheslavo at mellanox.com<mailto:viacheslavo at mellanox.com>
373708  Waiting while holding a lock   xuemingl at mellanox.com<mailto:xuemingl at mellanox.com>
373664  Unchecked return value         stephen at networkplumber.org<mailto:stephen at networkplumber.org>
373662  Unchecked return value         stephen at networkplumber.org<mailto:stephen at networkplumber.org>
373661  Dereference after null check   stephen at networkplumber.org<mailto:stephen at networkplumber.org>
375091  Division or modulo by zero     dkozlyuk at nvidia.com<mailto:dkozlyuk at nvidia.com>
374940  Uninitialized scalar variable  eagostini at nvidia.com<mailto:eagostini at nvidia.com>
374376  Unchecked return value         eagostini at nvidia.com<mailto:eagostini at nvidia.com>
374373  Uninitialized pointer read     eagostini at nvidia.com<mailto:eagostini at nvidia.com>
370611  Bad bit shift operation        shunh at nvidia.com<mailto:shunh at nvidia.com>
374378  Structurally dead code         suanmingm at nvidia.com<mailto:suanmingm at nvidia.com>
373691  Waiting while holding a lock   xuemingl at nvidia.com<mailto:xuemingl at nvidia.com>
374021  Untrusted value as argument    apeksha.gupta at nxp.com<mailto:apeksha.gupta at nxp.com>
374020  Argument cannot be negative    apeksha.gupta at nxp.com<mailto:apeksha.gupta at nxp.com>
374017  Resource leak                  apeksha.gupta at nxp.com<mailto:apeksha.gupta at nxp.com>
374016  Unused value                   apeksha.gupta at nxp.com<mailto:apeksha.gupta at nxp.com>
374015  String not null terminated     apeksha.gupta at nxp.com<mailto:apeksha.gupta at nxp.com>
373161  Structurally dead code         franck.lenormand at nxp.com<mailto:franck.lenormand at nxp.com>
373908  Unused value                   g.singh at nxp.com<mailto:g.singh at nxp.com>
373907  Unused value                   g.singh at nxp.com<mailto:g.singh at nxp.com>
373619  Out-of-bounds access           g.singh at nxp.com<mailto:g.singh at nxp.com>
373621  Resource leak                  hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373618  Uninitialized scalar variable  hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373617  Argument cannot be negative    hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373424  Dereference before null check  hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373422  Dereference before null check  hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373421  Unintentional integer overflow hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373415  Dereference before null check  hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373414  Dereference before null check  hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
373412  Dereference before null check  hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
367380  Dereference before null check  hemant.agrawal at nxp.com<mailto:hemant.agrawal at nxp.com>
375066  Resource leak                  jun.yang at nxp.com<mailto:jun.yang at nxp.com>
375063  Resource leak                  jun.yang at nxp.com<mailto:jun.yang at nxp.com>
375062  Resource leak                  jun.yang at nxp.com<mailto:jun.yang at nxp.com>
375061  Resource leak                  jun.yang at nxp.com<mailto:jun.yang at nxp.com>
375060  Argument cannot be negative    jun.yang at nxp.com<mailto:jun.yang at nxp.com>
367378  Explicit null dereferenced     nipun.gupta at nxp.com<mailto:nipun.gupta at nxp.com>
373703  Resource leak                  shreyansh.jain at nxp.com<mailto:shreyansh.jain at nxp.com>
373874  Uninitialized scalar variable  ivan.ilchenko at oktetlabs.ru<mailto:ivan.ilchenko at oktetlabs.ru>
372201  Unchecked return value         zyta.szpak at semihalf.com<mailto:zyta.szpak at semihalf.com>
373893  Out-of-bounds write            jiawenwu at trustnetic.com<mailto:jiawenwu at trustnetic.com>
373884  Logically dead code            jiawenwu at trustnetic.com<mailto:jiawenwu at trustnetic.com>
373883  Memset buffer size of 0        jiawenwu at trustnetic.com<mailto:jiawenwu at trustnetic.com>
373880  Out-of-bounds read             jiawenwu at trustnetic.com<mailto:jiawenwu at trustnetic.com>
373873  Unchecked return value         jiawenwu at trustnetic.com<mailto:jiawenwu at trustnetic.com>
373881  Dereference after null check   vsrivast at xilinx.com<mailto:vsrivast at xilinx.com>
373876  Dereference after null check   vsrivast at xilinx.com<mailto:vsrivast at xilinx.com>
373872  Dereference after null check   vsrivast at xilinx.com<mailto:vsrivast at xilinx.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mails.dpdk.org/archives/dev/attachments/20220211/9c4b701a/attachment-0001.htm>
Previous message (by thread): Open Coverity defects in DPDK
Next message (by thread): [PATCH 0/3] small fixes suggested by Coverity scan
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list