Skip to content

Static analysis fixes for main#3891

Merged
nrwahl2 merged 6 commits into
ClusterLabs:mainfrom
clumens:static-analysis
Jun 19, 2025
Merged

Static analysis fixes for main#3891
nrwahl2 merged 6 commits into
ClusterLabs:mainfrom
clumens:static-analysis

Conversation

@clumens

@clumens clumens commented Jun 17, 2025

Copy link
Copy Markdown
Contributor

@nrwahl2 Unfortunately, this is another high priority PR. Once this and the fencing PR are merged, I'm going to pull main back into the 3.0 branch and then I'll proceed with the rest of the release steps on that branch.

This is very similar to the 2.1 version, except (1) it does not include the release steps and (2) there are some minor differences in the coverity and clang patches.

@clumens clumens requested a review from nrwahl2 June 17, 2025 18:59
Comment thread lib/common/nvpair.c Outdated
Comment thread daemons/fenced/pacemaker-fenced.c Outdated
Comment thread lib/common/schemas.c Outdated
Comment thread lib/common/xml.c Outdated
Comment thread tools/crm_node.c Outdated
Comment thread tools/crm_ticket.c Outdated
Comment thread lib/common/ipc_client.c

g_string_free(iov_buffer, TRUE);
pcmk_free_ipc_event(iov);
// coverity[return_overflow]

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curiosity: What's the error? An int can't overflow an int, obviously

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think what it's actually complaining about is the various spots we assign qb_rc (a ssize_t) to rc (an int) which of course we can't really do anything about.

The actual error starts at line 1444 with:

1444 	        if (qb_rc <= 0) {

(38) Event cast_overflow: 	Truncation due to cast operation on "qb_rc" from 64 to 32 bits.
(39) Event overflow_assign: 	"rc" is assigned from "(int)qb_rc".

And then at the end:

1520 	    g_string_free(iov_buffer, TRUE);
1521 	    pcmk_free_ipc_event(iov);

(47) Event return_overflow: "rc", which might have overflowed, is returned from the function.

Comment thread lib/lrmd/lrmd_client.c Outdated
@clumens

clumens commented Jun 18, 2025

Copy link
Copy Markdown
Contributor Author

@nrwahl2 Also updated with review comments, also willing to drop most of the clang patch here too.

clumens added 6 commits June 18, 2025 11:38
A couple of these are just suppressions because cppcheck doesn't
understand some assertion or previous condition that prevents a pointer
from being NULL.  A few of these are actual problems, however.

Note that there are still a lot of cppcheck warnings, but the remaining
ones all come from it thinking that g_string_sized_new could return
NULL.  However, that function uses g_slice_new internally, and the
documentation for that function claims it can never return NULL.
cppcheck doesn't understand this, and there's not a good way to turn off
the warning for that short of adding a suppression message at every
caller.
There are still a bunch remaining.  clang seems to have trouble with not
understanding that we are checking error conditions through our own
assertion and check macros.  It also has problems recognizing that out
can't be NULL if pcmk__output_new returns pcmk_rc_ok, but only
sometimes.  In general, it seems to only pick up on some of these errors
sometimes.

The fixes for those issues don't seem to add any value to the code, but
they do make it look more complicated.  Thus I'm not going to fix those
at the moment.  The things in this patch are more reasonable fixes.
For the most part, this is just introducing comments to tell it to not
worry about things, though there were a couple uninitialized variables
and one minor memory leak to deal with.

Some of the things I'm telling it to ignore are problems that aren't
worth fixing because they're not causing problems and have been removed
from the main branch (like the XML schema code).  Others can't be fixed
in a minor release (we can't start sanitizing environment variables, for
instance).
Testing whether the remote schema directory exists and then making it if
it doesn't introduces a race condition where the directory could be
created in between those two events.  This seems fairly unlikely to
happen as far as I can tell, but it's still technically possible.

Instead, try to make it regardless and interpret errno to see what
happened.  If the directory already existed, apply the same technique to
emptying it out - call nftw on it even if it's not a directory and
interpret errno from that function as well.
@clumens clumens added the review: in progress PRs that are currently being reviewed label Jun 18, 2025
@nrwahl2 nrwahl2 merged commit abe032f into ClusterLabs:main Jun 19, 2025
1 check passed
@clumens clumens deleted the static-analysis branch June 19, 2025 13:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

review: in progress PRs that are currently being reviewed

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants