Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#244 Coverity scan results: May 8, 2013

None
closed-fixed
None
5
2013-07-29
2013-05-08
Maynard Johnson
No

I have registered the oprofile project with Coverity and requested a scan of the current source code in our git repo. I've not been able to figure out a way to generate the type of reports that Will Cohen has posted to the list in the past. Perhaps those types of reports are only available by using the Coverity product versus the free online version available to OSS projects. Below is a list of HIGH and MEDIUM impact issues the current scan found. This list also filters out STREAM_FORMAT_STATE errors, which I feel (as I've mentioned in the past) should be ignored. Line numbers are not included in the CSV list below. To see the line number associated with each error, you must access the web-based scan results at:

http://scan6.coverity.com:8080/reports.htm?projectId=10159&viewId=12995&title=All%20Newly%20Detected

The above Coverity URL requires a valid Coverity user ID and password. Ask Maynard Johnson for the oprofile account info.

-------------------------------------------------------------------------------------------------

Impact,Category,File,Function
Medium,API usage errors,/pe_profiling/operf.cpp,_process_events_list()
Medium,Error handling issues,/daemon/opd_mangling.c,opd_open_sample_file
Medium,Error handling issues,/libperf_events/operf_mangling.cpp,"operf_open_sample_file(odb_t *, operf_sfile *, operf_sfile *, int, int)"
Medium,Control flow issues,/libpp/image_errors.cpp,"report_image_error(const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, image_error, bool, const extra_images &)"
Medium,Integer handling issues,/libdb/db_stat.c,odb_hash_stat
Medium,Integer handling issues,/pp/opreport.cpp,<unnamed>::output_summaries(const <unnamed>::summary_container &)
Medium,Null pointer dereferences,/daemon/opd_sfile.c,sfile_hash
Medium,Null pointer dereferences,/libop/op_mangle.c,op_mangle_filename
Medium,Null pointer dereferences,/libop/op_mangle.c,op_mangle_filename
Medium,Null pointer dereferences,/opjitconv/create_bfd.c,fill_symtab
Medium,Insecure data handling,/libperf_events/operf_counter.cpp,"<unnamed>::_get_perf_event_from_pipe(event_union *, int)"
Medium,API usage errors,/libperf_events/operf_process_info.cpp,operf_process_info::try_disassociate_from_parent(char *)
Medium,Integer handling issues,/libperf_events/operf_counter.cpp,operf_record::setup()
Medium,Null pointer dereferences,/pe_profiling/operf.cpp,_process_session_dir()
Medium,Insecure data handling,/libperf_events/operf_counter.cpp,"<unnamed>::_get_perf_event_from_pipe(event_union *, int)"
Medium,Insecure data handling,/opjitconv/opjitconv.c,main
Medium,Uninitialized members,/gui/oprof_start_config.cpp,config_setting::config_setting()
High,Memory - illegal accesses,/libregex/op_regex.cpp,"<unnamed>::op_regerror(int, const re_pattern_buffer &)"
High,Resource leaks,/daemon/init.c,opd_open_files
High,Resource leaks,/daemon/oprofiled.c,opd_open_logfile
High,Resource leaks,/libutil++/op_bfd.cpp,"op_bfd::op_bfd(const std::basic_string<char, std::char_traits<char>, std::allocator<char>>&, const string_filter &, const extra_images &, bool &)"
High,Resource leaks,/opjitconv/opjitconv.c,_cleanup_jitdumps
High,Resource leaks,/pe_profiling/operf.cpp,_get_cpu_for_perf_events_cap()
High,Memory - illegal accesses,/libop/op_events.c,_is_um_valid_bitmask
High,Memory - illegal accesses,/opjitconv/opjitconv.c,_cleanup_jitdumps
High,Uninitialized variables,/libopagent/opagent.c,op_open_agent
High,Memory - illegal accesses,/libperf_events/operf_counter.cpp,<unnamed>::_get_perf_event_from_file(mmap_info &)
High,Memory - illegal accesses,/libop/op_events.c,_is_um_valid_bitmask
High,Memory - corruptions,/libop/op_events.c,read_events
High,Memory - illegal accesses,/libop/op_events.c,read_unit_masks
High,Memory - corruptions,/libperf_events/operf_counter.cpp,operf_record::setup()
High,Memory - illegal accesses,/agents/jvmpi/jvmpi_oprofile.cpp,compiled_method_load(JVMPI_Event *)

Discussion

  • The Coverity-discovered problems were fixed and pushed upstream on May 28, 2013.

     
    • status: open --> open-fixed
    • assigned_to: Maynard Johnson
    • Group: -->
     
    • status: open-fixed --> closed-fixed