From 2ee32656ee60f02553b930f0d8f74d6800434516 Mon Sep 17 00:00:00 2001 From: RanierV <34061020+RanierV@users.noreply.github.com> Date: Fri, 1 Dec 2017 15:17:17 -0200 Subject: [PATCH 1/7] Update nxt_conn_write.c Fix Coverity report: CID 200492 (#1 of 1): Uninitialized scalar variable (UNINIT)2. uninit_use_in_call: Using uninitialized value sb.last when calling nxt_sendbuf_mem_coalesce. [show details] --- src/nxt_conn_write.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/nxt_conn_write.c b/src/nxt_conn_write.c index a2a5737b9..de3712596 100644 --- a/src/nxt_conn_write.c +++ b/src/nxt_conn_write.c @@ -322,6 +322,7 @@ nxt_event_conn_io_sendbuf(nxt_conn_t *c, nxt_buf_t *b, size_t limit) sb.iobuf = iob; sb.nmax = NXT_IOBUF_MAX; sb.sync = 0; + sb.last = 0; sb.size = 0; sb.limit = limit; From 676ab95a0ff56a4803d836b6966e279539cf88f5 Mon Sep 17 00:00:00 2001 From: RanierV <34061020+RanierV@users.noreply.github.com> Date: Fri, 1 Dec 2017 15:33:49 -0200 Subject: [PATCH 2/7] Update nxt_php_sapi.c CID 200488 (#1 of 2): Dereference null return value (NULL_RETURNS)11. dereference: Dereferencing a pointer that might be null run_ctx.mem_pool when calling nxt_mp_destroy. --- src/nxt_php_sapi.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/nxt_php_sapi.c b/src/nxt_php_sapi.c index 86b869ed5..70ab264d2 100644 --- a/src/nxt_php_sapi.c +++ b/src/nxt_php_sapi.c @@ -361,13 +361,16 @@ nxt_php_run(nxt_task_t *task, } nxt_memzero(&run_ctx, sizeof(run_ctx)); - + + run_ctx.mem_pool = nxt_mp_create(1024, 128, 256, 32); + if (nxt_slow_path(run_ctx.mem_pool == NULL)) { + return NXT_ERROR; + } + run_ctx.task = task; run_ctx.rmsg = rmsg; run_ctx.wmsg = wmsg; - - run_ctx.mem_pool = nxt_mp_create(1024, 128, 256, 32); - + h = &run_ctx.r.header; rc = nxt_php_read_request(task, rmsg, &run_ctx); From ec6cdeb4c90181b75de26b0665be5dca20da27f4 Mon Sep 17 00:00:00 2001 From: RanierV <34061020+RanierV@users.noreply.github.com> Date: Fri, 1 Dec 2017 15:42:01 -0200 Subject: [PATCH 3/7] Update nxt_time_parse.c CID 200485 (#1 of 1): Unused value (UNUSED_VALUE)assigned_value: Assigning value st_letter to state here, but that stored value is overwritten before it can be used. --- src/nxt_time_parse.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/nxt_time_parse.c b/src/nxt_time_parse.c index f79c78abf..98d88cf0c 100644 --- a/src/nxt_time_parse.c +++ b/src/nxt_time_parse.c @@ -368,8 +368,6 @@ nxt_term_parse(const u_char *p, size_t len, nxt_bool_t seconds) if (state == st_first_digit) { return -1; } - - state = st_letter; } switch (ch) { From 858cb4d6550a5485f99b2134b27af54e19c34fcc Mon Sep 17 00:00:00 2001 From: RanierV <34061020+RanierV@users.noreply.github.com> Date: Fri, 1 Dec 2017 15:48:54 -0200 Subject: [PATCH 4/7] Update nxt_socketpair.c CID 200484 (#1 of 1): Uninitialized scalar variable (UNINIT)2. uninit_use_in_call: Using uninitialized value msg. Field msg.msg_flags is uninitialized when calling recvmsg --- src/nxt_socketpair.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/nxt_socketpair.c b/src/nxt_socketpair.c index efa0f4863..ec3bde61c 100644 --- a/src/nxt_socketpair.c +++ b/src/nxt_socketpair.c @@ -232,7 +232,8 @@ nxt_recvmsg(nxt_socket_t s, nxt_fd_t *fd, nxt_iobuf_t *iob, nxt_uint_t niob) msg.msg_iovlen = niob; msg.msg_control = (caddr_t) &cmsg; msg.msg_controllen = sizeof(cmsg); - + msg.msg_flags = 0; + *fd = -1; #if (NXT_VALGRIND) From 9173b78be5fee9308f302de890fc43363b29f160 Mon Sep 17 00:00:00 2001 From: RanierV <34061020+RanierV@users.noreply.github.com> Date: Fri, 1 Dec 2017 15:57:48 -0200 Subject: [PATCH 5/7] Update nxt_process_title.c CID 200480 (#2 of 2): Resource leak (RESOURCE_LEAK)22. leaked_storage: Variable p going out of scope leaks the storage it points to. --- src/nxt_process_title.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/nxt_process_title.c b/src/nxt_process_title.c index 3c20ac594..6be1ca930 100644 --- a/src/nxt_process_title.c +++ b/src/nxt_process_title.c @@ -116,11 +116,6 @@ nxt_process_arguments(nxt_task_t *task, char **orig_argv, char ***orig_envp) } } - p = nxt_malloc(strings_size); - if (p == NULL) { - return; - } - if (argv_end == end) { /* * There is no reason to modify environ if arguments @@ -130,6 +125,11 @@ nxt_process_arguments(nxt_task_t *task, char **orig_argv, char ***orig_envp) goto done; } + p = nxt_malloc(strings_size); + if (p == NULL) { + goto done; + } + end = argv[0]; for (i = 0; argv[i] != NULL; i++) { @@ -149,7 +149,7 @@ nxt_process_arguments(nxt_task_t *task, char **orig_argv, char ***orig_envp) env = nxt_malloc(environ_size); if (env == NULL) { - return; + goto done; } /* @@ -178,6 +178,12 @@ nxt_process_arguments(nxt_task_t *task, char **orig_argv, char ***orig_envp) } done: + if (p != NULL) { + nxt_free(p); + } + if (env != NULL) { + nxt_free(env); + } /* Preserve space for the trailing zero. */ end--; From a67463b33d37d04c57b2845011af7cd2b2233a61 Mon Sep 17 00:00:00 2001 From: RanierV <34061020+RanierV@users.noreply.github.com> Date: Fri, 1 Dec 2017 16:55:50 -0200 Subject: [PATCH 6/7] Update nxt_linux_sendfile.c CID 200475 (#1 of 1): Uninitialized scalar variable (UNINIT)2. uninit_use_in_call: Using uninitialized value sb.last when calling nxt_sendbuf_mem_coalesce. --- src/nxt_linux_sendfile.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/nxt_linux_sendfile.c b/src/nxt_linux_sendfile.c index f5a7dccf2..903ca485f 100644 --- a/src/nxt_linux_sendfile.c +++ b/src/nxt_linux_sendfile.c @@ -60,6 +60,7 @@ nxt_linux_event_conn_io_sendfile(nxt_event_conn_t *c, nxt_buf_t *b, sb.nmax = NXT_IOBUF_MAX; sb.sync = 0; sb.size = 0; + sb.last = 0; sb.limit = limit; niov = nxt_sendbuf_mem_coalesce(c->socket.task, &sb); From d28a21bd1dccc5568cfdd7f98f1442597dee15e0 Mon Sep 17 00:00:00 2001 From: RanierV <34061020+RanierV@users.noreply.github.com> Date: Fri, 1 Dec 2017 16:56:46 -0200 Subject: [PATCH 7/7] Update nxt_event_conn_job_sendfile.c CID 200471 (#1 of 1): Uninitialized scalar variable (UNINIT)5. uninit_use_in_call: Using uninitialized value sb.last when calling nxt_sendbuf_mem_coalesce --- src/nxt_event_conn_job_sendfile.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/nxt_event_conn_job_sendfile.c b/src/nxt_event_conn_job_sendfile.c index 80a292a0b..1ac81903f 100644 --- a/src/nxt_event_conn_job_sendfile.c +++ b/src/nxt_event_conn_job_sendfile.c @@ -70,6 +70,7 @@ nxt_event_conn_job_sendfile_start(nxt_task_t *task, void *obj, void *data) sb.nmax = 1; sb.sync = 0; sb.size = 0; + sb.last = 0; sb.limit = jbs->limit; if (nxt_sendbuf_mem_coalesce(c->socket.task, &sb) != 0 || !sb.sync) {