Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: fix coverity report #42663

Closed
wants to merge 1 commit into from
Closed

doc: fix coverity report #42663

wants to merge 1 commit into from

Conversation

mhdawson
Copy link
Member

@mhdawson mhdawson commented Apr 8, 2022

Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson mdawson@devrus.com

@mhdawson
doc: fix coverity report
50bd636 
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <mdawson@devrus.com>
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. report Issues and PRs related to process.report. labels Apr 8, 2022
@mhdawson
Copy link
Member Author

mhdawson commented Apr 8, 2022

Report from Coverity

 // First call to get required buffer size.
 93  rc = uv_pipe_getsockname(&handle->pipe, buffer.data, &buffer_size);
   	1. Condition rc == UV_ENOBUFS, taking true branch.
 94  if (rc == UV_ENOBUFS) {
 95    buffer = MallocedBuffer<char>(buffer_size);
   	2. Condition buffer.data != NULL, taking false branch.
   	3. var_compare_op: Comparing buffer.data to null implies that buffer.data might be null.
 96    if (buffer.data != nullptr) {
 97      rc = uv_pipe_getsockname(&handle->pipe, buffer.data, &buffer_size);
 98    }
 99  }
   	4. Condition rc == 0, taking false branch.
100  if (rc == 0 && buffer_size != 0 && buffer.data != nullptr) {
101    writer->json_keyvalue("localEndpoint", buffer.data);
102  } else {
103    writer->json_keyvalue("localEndpoint", null);
104  }
105
106  // First call to get required buffer size.
   	
CID 239713 (#1 of 1): Dereference after null check (FORWARD_NULL)
5. var_deref_model: Passing null pointer buffer.data to uv_pipe_getpeername, which dereferences it.
107  rc = uv_pipe_getpeername(&handle->pipe, buffer.data, &buffer_size);
108  if (rc == UV_ENOBUFS) {
109    buffer = MallocedBuffer<char>(buffer_size);
110    if (buffer.data != nullptr) {
111      rc = uv_pipe_getpeername(&handle->pipe, buffer.data, &buffer_size);
112    }
113  }

RaisinTen
RaisinTen suggested changes Apr 9, 2022
View reviewed changes
Copy link
Contributor

@RaisinTen RaisinTen left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't look like the correct fix because buffer.data can't be null here. Also, should we use src as the subsystem instead of doc?

src/node_report_utils.cc Show resolved Hide resolved
RaisinTen
RaisinTen approved these changes Apr 12, 2022
View reviewed changes
Copy link
Contributor

@RaisinTen RaisinTen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

src/node_report_utils.cc Show resolved Hide resolved
@mhdawson mhdawson added the request-ci Add this label to start a Jenkins CI on a PR. label Apr 12, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Apr 12, 2022
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/43464/

@RaisinTen
Copy link
Contributor

@mhdawson wdyt about?

Also, should we use src as the subsystem instead of doc?

Are you planning to change it while landing this?

@mhdawson
Copy link
Member Author

Also, should we use src as the subsystem instead of doc?

Good point, I must have had doc on my mind, will change while landing.

@mhdawson
Copy link
Member Author

CI run looks to be complete (https://ci.nodejs.org/job/node-test-pull-request/43464/) even though what's shown on the PR shows a job still running. Will land.

mhdawson added a commit that referenced this pull request Apr 13, 2022
@mhdawson
src: fix coverity report
3026ca0 
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42663
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@mhdawson
Copy link
Member Author

Landed in 3026ca0

@mhdawson mhdawson closed this Apr 13, 2022
vmoroz pushed a commit to vmoroz/node that referenced this pull request Apr 13, 2022
@mhdawson @vmoroz
src: fix coverity report
8f9623a 
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: nodejs#42663
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@BethGriggs BethGriggs mentioned this pull request Apr 14, 2022
Merged
xtx1130 pushed a commit to xtx1130/node that referenced this pull request Apr 25, 2022
@mhdawson @xtx1130
src: fix coverity report
a19f2ff 
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: nodejs#42663
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
juanarbol pushed a commit that referenced this pull request May 31, 2022
@mhdawson @juanarbol
src: fix coverity report
189270d 
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42663
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@juanarbol juanarbol mentioned this pull request May 31, 2022
Closed
danielleadams pushed a commit that referenced this pull request Jun 27, 2022
@mhdawson @danielleadams
src: fix coverity report
2f84e3b 
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42663
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull request Jul 11, 2022
@mhdawson @targos
src: fix coverity report
8db3ff8 
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42663
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull request Jul 31, 2022
@mhdawson @targos
src: fix coverity report
a26fd03 
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42663
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@targos targos mentioned this pull request Aug 3, 2022
Merged
guangwong pushed a commit to noslate-project/node that referenced this pull request Oct 10, 2022
@mhdawson @guangwong
src: fix coverity report
bd7eff3 
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: nodejs/node#42663
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@RaisinTen RaisinTen RaisinTen approved these changes

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. report Issues and PRs related to process.report.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mhdawson @nodejs-github-bot @RaisinTen @jasnell