Fix some Coverity false positives#4103
Open
nrwahl2 wants to merge 50 commits into
Open
Conversation
clumens
previously approved these changes
May 5, 2026
Contributor
|
Man, coverity's being picky right now. |
Contributor
Author
Yeah, and the new errors are actually ones that I dropped in the "Drop unused Coverity annotations" commit. The analysis output said those were unused. And at the time, when I re-ran Coverity, the errors did not reappear. Now they do. |
annotations-warnings.txt in the coverity-TAG/output directory says the return overflow annotation is unused. Also flag the replica->child error as a false positive, rather than simply suppressing it. bundle_data->child->priv->children is a list of non-NULL items, and we've already dereferenced replica->child before we hit the line that Coverity complains about. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
qb_ipcc_is_connected() returns QB_FALSE for a NULL argument. pcmk__ipc_free_client_buffer() does nothing when its argument's buffer field is NULL. Also remove a layer of nesting. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Commit 4facb96 introduced much of this complexity. The commit message says "Make mainloop_gio_destroy() tollerant of being called re-entrantly". However, there seems to be no way this could happen. Pacemaker is single-threaded, and the destroy_fn can't return control back to the main loop. Control returns to the main loop when mainloop_gio_destroy() returns. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
...where appropriate. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
lrmd_new_event() allocates memory for rsc_id and op_type. lrmd_copy_event() allocates memory for rsc_id, op_type, user_data, output, remote_nodename, and exit_reason. lrmd_dispatch_internal() allocates memory for output and exit_reason, but prior to this commit it used strings belonging to other objects for rsc_id, op_type, user_data, and remote_nodename. lrmd_free_event() frees all six fields. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
This should have been done in commit e09bc86. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
nrwahl2
changed the title
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
I don't like stealing memory just to avoid allocating a string. It makes the code harder to reason about. And if we ever want to use the stdout_data and stderr_data of the affected svc_action_t in the future, we could run into bugs if we forget that the stdout/stderr was stolen. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
The sole call passes TRUE. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Now that it's been simplified, it's clear that this is equivalent to building up a GString with a newline after each target. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
I don't like stealing memory just to avoid allocating a string. It makes the code harder to reason about. Also, we could run into bugs if we forget that the stdout/stderr was stolen. Further, this confuses Coverity. It thinks pcmk__copy_result() is the allocator for pcmk__action_result_t and that pcmk__set_result_output() is the deallocator. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
We were already doing this for file and remote cib_t objects (via pcmk__generate_uuid() and pcmk__str_copy(), respectively). We might as well also assert in other places in those variants, as well as asserting in native cib_t creation and in cib_new_variant(). This resolves some Coverity memory leak issues. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
This is a slight decrease in redundancy. Usually I don't like more layers of nesting, but it's a small block here, and the whole block may be functionized later. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
For consistency. Also drop some unnecessary casts along the way. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
We already use pcmk__assert_alloc() in several places, as well as GLib functions that allocate memory and assert on failure. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
This is the bundle_data belonging to the parent argument (stored in parent->priv->variant_opaque). Also rename to bundle_data for consistency. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
If replica->child is not NULL, then clone_xml was not NULL in pe__unpack_bundle(). This implies that unpack_bundle_primitive() already called valid_network() and that it returned true. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Also rename it and have it take a pcmk_resource_t * argument. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
We're already doing this in unpack_bundle_container(), so it seems reasonable to do it in valid_network() if we have to reset nreplicas_per_host to 1 there. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
The two conditions are equivalent now, and this is clearer. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
For what I perceive to be clarity. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
It gets set to a copy of rsc->id at the beginning of pe__unpack_bundle, and then it's never changed. So we can use the bundle resource's ID instead. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
bundle_data->agent_type must be set to a valid value if get_container_xml() returned non-NULL. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
This gets rid of the last use of bundle_data->prefix. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
This goes back at least as far as 5892a2b. If pe__unpack_bundle() fails in create_replica_resources(), it calls pcmk__free_resource(rsc). Then the caller (pe__unpack_resource()) also frees rsc when it jumps to the "done" label. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
We're setting utilization for replica resources, so this makes sense to me. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Found by Coverity with --enable-fnptr option. pcmk_controld_api_replies_expected() dereferences its argument. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Instead of doing a string comparison. This is to address what appears to be a false positive from Coverity, but it also feels cleaner than the code line prior to this commit. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
Found by Coverity with --enable-fnptr. Signed-off-by: Reid Wahl <nrwahl@protonmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This fixes
INCOMPLETE_DEALLOCATORfalse positives formainloop_gio_destroy()and another one that I don't recall. It also fixes a longstandingconstfields issue withlrmd_event_data_t.Edit: The
INCOMPLETE_DEALLOCATORfalse positives are still present. I'm probably going to have to figure out how to open a support case to make those go away. However, this PR fixes other Coverity issues and does some cleanup.