diff options
| author | Anel Husakovic <anel@mariadb.org> | 2023-02-08 12:57:03 +0100 |
|---|---|---|
| committer | Anel Husakovic <anel@mariadb.org> | 2023-02-14 08:29:40 +0100 |
| commit | dc81133c87027ff242e1110837047a87b377e9c9 (patch) | |
| tree | 5555f205d25cd05e47a1d82b9d2ef369f9e57f6f | |
| parent | 1381edda99b0e7fad9510c20a6d3ecc38c993972 (diff) | |
| download | mariadb-git-bb-10.11-anel-coverity-client-v2.tar.gz | |
MDBF-534: Coverity scan: fix client folderbb-10.11-anel-coverity-client-v2
---------------------------------
File: `mysqltest`
---------------------------------
- Coverity (SIZEOF_MISMATCH):
- https://scan5.scan.coverity.com/reports.htm#v58936/p10357/fileInstanceId=231728385&defectInstanceId=53074863&mergedDefectId=972322
Function `qsort` have to use size of element that is `uchar *`
- Coverity (REVERSE_INULL):
- https://scan5.scan.coverity.com/reports.htm#v58936/p10357/fileInstanceId=231728385&defectInstanceId=53074524&mergedDefectId=1519693&fileStart=3376&fileEnd=3625
First check if null and then use `strlen`, not reversed.
- FALSE POSITIVES
- Coverity (TAINTED_SCALAR):
https://scan5.scan.coverity.com/reports.htm#v58936/p10357/fileInstanceId=231728385&defectInstanceId=53074760&mergedDefectId=1519321
- Coverity (CHECKED_RETURN):
- https://scan5.scan.coverity.com/reports.htm#v58936/p10357/fileInstanceId=231728385&defectInstanceId=53074692&mergedDefectId=971714
- https://scan5.scan.coverity.com/reports.htm#v58936/p10357/fileInstanceId=231728385&defectInstanceId=53072839&mergedDefectId=971715
- Coverity (FORWARD_NULL):
There is already issued DBUG_ASSERT(query_end) few lines before
https://scan5.scan.coverity.com/reports.htm#v58936/p10357/fileInstanceId=231728385&defectInstanceId=53074002&mergedDefectId=971916&eventId=53074002-5
- Coverity (OVERRUN):
- https://scan5.scan.coverity.com/reports.htm#v58936/p10357/fileInstanceId=231728385&defectInstanceId=53074470&mergedDefectId=1519697
- https://scan5.scan.coverity.com/reports.htm#v58936/p10357/fileInstanceId=231728385&defectInstanceId=53074862&mergedDefectId=1520391
`uint64_max` and `SIZE_MAX` (max for `size_t`) are same as `count` argument
for `memcmp`.
- Coverity (RESOURCE_LEAK):
- https://scan5.scan.coverity.com/reports.htm#v58936/p10357/fileInstanceId=231728385&defectInstanceId=53074163&mergedDefectId=1519889&eventId=53074163-446
- INTENTION:
- Coverity (SIZEOF_MISMATCH):
- https://scan5.scan.coverity.com/reports.htm#v58936/p10357/fileInstanceId=231728385&defectInstanceId=53074650&mergedDefectId=1520109
`len` argument is used only in printing so it is not making impact (may be removed as an alternative).
In this example size of pointer (8B) is used, that is not the size of value that pointer points to.
| -rw-r--r-- | client/mysqltest.cc | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/client/mysqltest.cc b/client/mysqltest.cc index 8107bd03a3b..3e6a86d17bd 100644 --- a/client/mysqltest.cc +++ b/client/mysqltest.cc @@ -3630,9 +3630,12 @@ void do_system(struct st_command *command) /* returns TRUE if path is inside a sandbox */ bool is_sub_path(const char *path, size_t plen, const char *sandbox) { - size_t len= strlen(sandbox); - if (!sandbox || !len || plen <= len || memcmp(path, sandbox, len - 1) - || path[len] != '/') + size_t len; + if (!sandbox) + return false; + else + len= strlen(sandbox); + if (plen <= len || memcmp(path, sandbox, len - 1) || path[len] != '/') return false; return true; } @@ -11888,7 +11891,7 @@ void dynstr_append_sorted(DYNAMIC_STRING* ds, DYNAMIC_STRING *ds_input, /* Sort array */ qsort(lines.buffer, lines.elements, - sizeof(char**), (qsort_cmp)comp_lines); + sizeof(uchar *), (qsort_cmp)comp_lines); /* Create new result */ for (i= 0; i < lines.elements ; i++) |