Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: fix coverity report #42663

Closed
wants to merge 1 commit into from
Closed

Conversation

mhdawson
Copy link
Member

@mhdawson mhdawson commented Apr 8, 2022

Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson [email protected]

Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <[email protected]>
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. report Issues and PRs related to process.report. labels Apr 8, 2022
@mhdawson
Copy link
Member Author

mhdawson commented Apr 8, 2022

Report from Coverity

 // First call to get required buffer size.
 93  rc = uv_pipe_getsockname(&handle->pipe, buffer.data, &buffer_size);
   	1. Condition rc == UV_ENOBUFS, taking true branch.
 94  if (rc == UV_ENOBUFS) {
 95    buffer = MallocedBuffer<char>(buffer_size);
   	2. Condition buffer.data != NULL, taking false branch.
   	3. var_compare_op: Comparing buffer.data to null implies that buffer.data might be null.
 96    if (buffer.data != nullptr) {
 97      rc = uv_pipe_getsockname(&handle->pipe, buffer.data, &buffer_size);
 98    }
 99  }
   	4. Condition rc == 0, taking false branch.
100  if (rc == 0 && buffer_size != 0 && buffer.data != nullptr) {
101    writer->json_keyvalue("localEndpoint", buffer.data);
102  } else {
103    writer->json_keyvalue("localEndpoint", null);
104  }
105
106  // First call to get required buffer size.
   	
CID 239713 (#1 of 1): Dereference after null check (FORWARD_NULL)
5. var_deref_model: Passing null pointer buffer.data to uv_pipe_getpeername, which dereferences it.
107  rc = uv_pipe_getpeername(&handle->pipe, buffer.data, &buffer_size);
108  if (rc == UV_ENOBUFS) {
109    buffer = MallocedBuffer<char>(buffer_size);
110    if (buffer.data != nullptr) {
111      rc = uv_pipe_getpeername(&handle->pipe, buffer.data, &buffer_size);
112    }
113  }

Copy link
Contributor

@RaisinTen RaisinTen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't look like the correct fix because buffer.data can't be null here. Also, should we use src as the subsystem instead of doc?

src/node_report_utils.cc Show resolved Hide resolved
Copy link
Contributor

@RaisinTen RaisinTen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

src/node_report_utils.cc Show resolved Hide resolved
@mhdawson mhdawson added the request-ci Add this label to start a Jenkins CI on a PR. label Apr 12, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Apr 12, 2022
@nodejs-github-bot
Copy link
Collaborator

@RaisinTen
Copy link
Contributor

@mhdawson wdyt about?

Also, should we use src as the subsystem instead of doc?

Are you planning to change it while landing this?

@mhdawson
Copy link
Member Author

Also, should we use src as the subsystem instead of doc?

Good point, I must have had doc on my mind, will change while landing.

@mhdawson
Copy link
Member Author

CI run looks to be complete (https://ci.nodejs.org/job/node-test-pull-request/43464/) even though what's shown on the PR shows a job still running. Will land.

mhdawson added a commit that referenced this pull request Apr 13, 2022
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #42663
Reviewed-By: Darshan Sen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@mhdawson
Copy link
Member Author

Landed in 3026ca0

@mhdawson mhdawson closed this Apr 13, 2022
vmoroz pushed a commit to vmoroz/node that referenced this pull request Apr 13, 2022
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: nodejs#42663
Reviewed-By: Darshan Sen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
xtx1130 pushed a commit to xtx1130/node that referenced this pull request Apr 25, 2022
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: nodejs#42663
Reviewed-By: Darshan Sen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
juanarbol pushed a commit that referenced this pull request May 31, 2022
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #42663
Reviewed-By: Darshan Sen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
danielleadams pushed a commit that referenced this pull request Jun 27, 2022
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #42663
Reviewed-By: Darshan Sen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
targos pushed a commit that referenced this pull request Jul 11, 2022
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #42663
Reviewed-By: Darshan Sen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
targos pushed a commit that referenced this pull request Jul 31, 2022
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: #42663
Reviewed-By: Darshan Sen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
guangwong pushed a commit to noslate-project/node that referenced this pull request Oct 10, 2022
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.

Signed-off-by: Michael Dawson <[email protected]>

PR-URL: nodejs/node#42663
Reviewed-By: Darshan Sen <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. report Issues and PRs related to process.report.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants