Hi,
Static analysis with Coverity has picked up an issue with commit:
commit 205ee1187a671c3b067d7f1e974903b44036f270
Author: Ilya Dryomov <[email protected]>
Date: Mon Jan 27 17:40:20 2014 +0200
libceph: follow redirect replies from osds
Specifically in function ceph_redirect_decode in net/ceph/osd_client.c:
3485
3486 len = ceph_decode_32(p);
CID 17904: Unused value (UNUSED_VALUE)
3487 *p += len; /* skip osd_instructions */
3488
3489 /* skip the rest */
3490 *p = struct_end;
The double write to *p looks wrong, I suspect the *p += len; should be
just incrementing pointer p as in: p += len. Am I correct to assume
this is the correct fix?
Colin
On Fri, Aug 30, 2019 at 4:05 PM Colin Ian King <[email protected]> wrote:
>
> Hi,
>
> Static analysis with Coverity has picked up an issue with commit:
>
> commit 205ee1187a671c3b067d7f1e974903b44036f270
> Author: Ilya Dryomov <[email protected]>
> Date: Mon Jan 27 17:40:20 2014 +0200
>
> libceph: follow redirect replies from osds
>
> Specifically in function ceph_redirect_decode in net/ceph/osd_client.c:
>
> 3485
> 3486 len = ceph_decode_32(p);
>
> CID 17904: Unused value (UNUSED_VALUE)
>
> 3487 *p += len; /* skip osd_instructions */
> 3488
> 3489 /* skip the rest */
> 3490 *p = struct_end;
>
> The double write to *p looks wrong, I suspect the *p += len; should be
> just incrementing pointer p as in: p += len. Am I correct to assume
> this is the correct fix?
Hi Colin,
No, the double write to *p is correct. It skips over len bytes and
then skips to the end of the redirect reply. There is no bug here but
we could drop
len = ceph_decode_32(p);
*p += len; /* skip osd_instructions */
and skip to the end directly to make Coverity happier.
Thanks,
Ilya