From 19de20dd8011d358f9c3d30fba919575473a92e8 Mon Sep 17 00:00:00 2001 From: zouzhimin Date: Mon, 25 Aug 2025 15:16:55 +0800 Subject: [PATCH] Fixes errors found by Coverity (cherry picked from commit d17c5d3f533fb0fe42456450e8a4a9dfb465b50e) --- ...sult-of-msg_add_type-and-msg_add_len.patch | 239 ++++++++++++++++++ ...-qnetd-Assert-dpd-timer-entry-exists.patch | 35 +++ ...-first-tie-breaker-node-entry-exists.patch | 41 +++ corosync-qdevice.spec | 10 +- 4 files changed, 324 insertions(+), 1 deletion(-) create mode 100644 backport-msg-Check-result-of-msg_add_type-and-msg_add_len.patch create mode 100644 backport-qnetd-Assert-dpd-timer-entry-exists.patch create mode 100644 backport-qnetd-Assert-first-tie-breaker-node-entry-exists.patch diff --git a/backport-msg-Check-result-of-msg_add_type-and-msg_add_len.patch b/backport-msg-Check-result-of-msg_add_type-and-msg_add_len.patch new file mode 100644 index 0000000..3965f4c --- /dev/null +++ b/backport-msg-Check-result-of-msg_add_type-and-msg_add_len.patch @@ -0,0 +1,239 @@ +From 47f408325f9628b2a9386fa310b3f65673cd75c3 Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Tue, 24 Jun 2025 15:22:45 +0200 +Subject: [PATCH 1/3] msg: Check result of msg_add_type and msg_add_len + +Signed-off-by: Jan Friesse +--- + qdevices/msg.c | 103 +++++++++++++++++++++++++++++++------------------ + 1 file changed, 66 insertions(+), 37 deletions(-) + +diff --git a/qdevices/msg.c b/qdevices/msg.c +index 954be62..a29814f 100644 +--- a/qdevices/msg.c ++++ b/qdevices/msg.c +@@ -154,11 +154,8 @@ msg_create_preinit(struct dynar *msg, const char *cluster_name, int add_msg_seq_ + + dynar_clean(msg); + +- if (msg_add_type(msg, MSG_TYPE_PREINIT) == -1) { +- goto small_buf_err; +- } +- +- if (msg_add_len(msg) == -1) { ++ if (msg_add_type(msg, MSG_TYPE_PREINIT) == -1 || ++ msg_add_len(msg) == -1) { + goto small_buf_err; + } + +@@ -187,8 +184,10 @@ msg_create_preinit_reply(struct dynar *msg, int add_msg_seq_number, uint32_t msg + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_PREINIT_REPLY); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_PREINIT_REPLY) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (add_msg_seq_number) { + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { +@@ -218,8 +217,10 @@ msg_create_starttls(struct dynar *msg, int add_msg_seq_number, uint32_t msg_seq_ + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_STARTTLS); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_STARTTLS) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (add_msg_seq_number) { + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { +@@ -242,8 +243,10 @@ msg_create_server_error(struct dynar *msg, int add_msg_seq_number, uint32_t msg_ + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_SERVER_ERROR); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_SERVER_ERROR) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (add_msg_seq_number) { + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { +@@ -296,8 +299,10 @@ msg_create_init(struct dynar *msg, int add_msg_seq_number, uint32_t msg_seq_numb + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_INIT); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_INIT) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (add_msg_seq_number) { + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { +@@ -371,8 +376,10 @@ msg_create_init_reply(struct dynar *msg, int add_msg_seq_number, uint32_t msg_se + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_INIT_REPLY); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_INIT_REPLY) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (tlv_add_reply_error_code(msg, reply_error_code) == -1) { + goto small_buf_err; +@@ -438,8 +445,10 @@ msg_create_set_option(struct dynar *msg, int add_msg_seq_number, uint32_t msg_se + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_SET_OPTION); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_SET_OPTION) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (add_msg_seq_number) { + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { +@@ -477,8 +486,10 @@ msg_create_set_option_reply(struct dynar *msg, int add_msg_seq_number, uint32_t + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_SET_OPTION_REPLY); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_SET_OPTION_REPLY) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (add_msg_seq_number) { + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { +@@ -513,8 +524,10 @@ msg_create_echo_request(struct dynar *msg, int add_msg_seq_number, uint32_t msg_ + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_ECHO_REQUEST); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_ECHO_REQUEST) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (add_msg_seq_number) { + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { +@@ -562,8 +575,10 @@ msg_create_node_list(struct dynar *msg, + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_NODE_LIST); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_NODE_LIST) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { + goto small_buf_err; +@@ -621,8 +636,10 @@ msg_create_node_list_reply(struct dynar *msg, uint32_t msg_seq_number, + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_NODE_LIST_REPLY); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_NODE_LIST_REPLY) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { + goto small_buf_err; +@@ -654,8 +671,10 @@ msg_create_ask_for_vote(struct dynar *msg, uint32_t msg_seq_number) + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_ASK_FOR_VOTE); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_ASK_FOR_VOTE) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { + goto small_buf_err; +@@ -676,8 +695,10 @@ msg_create_ask_for_vote_reply(struct dynar *msg, uint32_t msg_seq_number, + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_ASK_FOR_VOTE_REPLY); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_ASK_FOR_VOTE_REPLY) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { + goto small_buf_err; +@@ -706,8 +727,10 @@ msg_create_vote_info(struct dynar *msg, uint32_t msg_seq_number, const struct tl + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_VOTE_INFO); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_VOTE_INFO) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { + goto small_buf_err; +@@ -735,8 +758,10 @@ msg_create_vote_info_reply(struct dynar *msg, uint32_t msg_seq_number) + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_VOTE_INFO_REPLY); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_VOTE_INFO_REPLY) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { + goto small_buf_err; +@@ -757,8 +782,10 @@ msg_create_heuristics_change(struct dynar *msg, uint32_t msg_seq_number, + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_HEURISTICS_CHANGE); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_HEURISTICS_CHANGE) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { + goto small_buf_err; +@@ -783,8 +810,10 @@ msg_create_heuristics_change_reply(struct dynar *msg, uint32_t msg_seq_number, + + dynar_clean(msg); + +- msg_add_type(msg, MSG_TYPE_HEURISTICS_CHANGE_REPLY); +- msg_add_len(msg); ++ if (msg_add_type(msg, MSG_TYPE_HEURISTICS_CHANGE_REPLY) == -1 || ++ msg_add_len(msg) == -1) { ++ goto small_buf_err; ++ } + + if (tlv_add_msg_seq_number(msg, msg_seq_number) == -1) { + goto small_buf_err; +-- +2.25.1 + diff --git a/backport-qnetd-Assert-dpd-timer-entry-exists.patch b/backport-qnetd-Assert-dpd-timer-entry-exists.patch new file mode 100644 index 0000000..75dedd8 --- /dev/null +++ b/backport-qnetd-Assert-dpd-timer-entry-exists.patch @@ -0,0 +1,35 @@ +From 983374d1c7ac45a038c71d7f5895a15551991689 Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Tue, 24 Jun 2025 15:40:06 +0200 +Subject: [PATCH 3/3] qnetd: Assert dpd timer entry exists + +Signed-off-by: Jan Friesse +--- + qdevices/qnetd-client-dpd-timer.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/qdevices/qnetd-client-dpd-timer.c b/qdevices/qnetd-client-dpd-timer.c +index 7b31ffe..3898b25 100644 +--- a/qdevices/qnetd-client-dpd-timer.c ++++ b/qdevices/qnetd-client-dpd-timer.c +@@ -32,6 +32,8 @@ + * THE POSSIBILITY OF SUCH DAMAGE. + */ + ++#include ++ + #include "log.h" + #include "qnetd-client-dpd-timer.h" + +@@ -42,6 +44,8 @@ qnetd_dpd_timer_cb(void *data1, void *data2) + + client = (struct qnetd_client *)data1; + ++ assert(client->dpd_timer != NULL); ++ + log(LOG_WARNING, "Client %s doesn't sent any message during " + "%" PRIu32 "ms. Disconnecting", + client->addr_str, +-- +2.25.1 + diff --git a/backport-qnetd-Assert-first-tie-breaker-node-entry-exists.patch b/backport-qnetd-Assert-first-tie-breaker-node-entry-exists.patch new file mode 100644 index 0000000..0fae7f2 --- /dev/null +++ b/backport-qnetd-Assert-first-tie-breaker-node-entry-exists.patch @@ -0,0 +1,41 @@ +From c2c2dfbdb191b509794eb4c3f8b3400f4252b0bf Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Tue, 24 Jun 2025 15:35:32 +0200 +Subject: [PATCH 2/3] qnetd: Assert first tie-breaker node entry exists + +Signed-off-by: Jan Friesse +--- + qdevices/qnetd-algo-ffsplit.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/qdevices/qnetd-algo-ffsplit.c b/qdevices/qnetd-algo-ffsplit.c +index fc3ec6e..b3d2ea9 100644 +--- a/qdevices/qnetd-algo-ffsplit.c ++++ b/qdevices/qnetd-algo-ffsplit.c +@@ -34,6 +34,7 @@ + + #include + ++#include + #include + + #include "log.h" +@@ -116,6 +117,7 @@ qnetd_algo_ffsplit_is_preferred_partition(const struct qnetd_client *client, + switch (client->tie_breaker.mode) { + case TLV_TIE_BREAKER_MODE_LOWEST: + node_entry = TAILQ_FIRST(config_node_list); ++ assert(node_entry != NULL); + + preferred_node_id = node_entry->node_id; + +@@ -128,6 +130,7 @@ qnetd_algo_ffsplit_is_preferred_partition(const struct qnetd_client *client, + break; + case TLV_TIE_BREAKER_MODE_HIGHEST: + node_entry = TAILQ_FIRST(config_node_list); ++ assert(node_entry != NULL); + + preferred_node_id = node_entry->node_id; + +-- +2.25.1 + diff --git a/corosync-qdevice.spec b/corosync-qdevice.spec index d48822b..2afd861 100644 --- a/corosync-qdevice.spec +++ b/corosync-qdevice.spec @@ -11,11 +11,14 @@ Name: corosync-qdevice Summary: The Corosync Cluster Engine Qdevice Version: 3.0.3 -Release: 2 +Release: 3 License: BSD-3-Clause URL: https://github.com/corosync/corosync-qdevice Source0: https://github.com/corosync/corosync-qdevice/releases/download/v%{version}%{?gittarver}/%{name}-%{version}%{?gittarver}.tar.gz Patch0: backport-qnetd-Add-note-about-coverity-false-positive-err.patch +Patch1: backport-msg-Check-result-of-msg_add_type-and-msg_add_len.patch +Patch2: backport-qnetd-Assert-first-tie-breaker-node-entry-exists.patch +Patch3: backport-qnetd-Assert-dpd-timer-entry-exists.patch # Runtime bits Requires: corosync >= 2.4.0 @@ -209,6 +212,11 @@ fi %{_mandir}/man8/corosync-qnetd.8* %changelog +* Mon Jun 30 2025 zouzhimin - 3.0.3-3 +- msg: Check result of msg_add_type and msg_add_len +- qnetd: Assert first tie-breaker node entry exists +- qnetd: Assert dpd timer entry exists + * Fri Oct 18 2024 liupei - 3.0.3-2 - qnetd: Add note about coverity false positive err -- Gitee