doc: fix coverity report#42663
Closed
doc: fix coverity report #42663
Uh oh!
There was an error while loading. Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
Fix coverity report about possibly dereferencing a null. If the the buffer.data != nullptr check indicates that the buffer was null, then relying on the value in buffer_size is no longer safe. The later call to uv_pipe_getpeername depends on the buffer_size being correct to avoid deferencing buffer.data if it is not big enough. Signed-off-by: Michael Dawson <[email protected]>
nodejs-github-bot added c++ 
MemberAuthor
mhdawson commented Apr 8, 2022
Report from Coverity // First call to get required buffer size.93 rc = uv_pipe_getsockname(&handle->pipe, buffer.data, &buffer_size); 1. Condition rc == UV_ENOBUFS, taking true branch. 94if (rc == UV_ENOBUFS){95 buffer = MallocedBuffer<char>(buffer_size); 2. Condition buffer.data != NULL, taking false branch. 3. var_compare_op: Comparing buffer.data to null implies that buffer.data might be null. 96if (buffer.data != nullptr){97 rc = uv_pipe_getsockname(&handle->pipe, buffer.data, &buffer_size); 98 } 99 } 4. Condition rc == 0, taking false branch. 100if (rc == 0 && buffer_size != 0 && buffer.data != nullptr){101 writer->json_keyvalue("localEndpoint", buffer.data); 102 } else{103 writer->json_keyvalue("localEndpoint", null); 104 } 105106// First call to get required buffer size. CID 239713 (#1 of 1): Dereference after null check (FORWARD_NULL) 5. var_deref_model: Passing null pointer buffer.data to uv_pipe_getpeername, which dereferences it. 107 rc = uv_pipe_getpeername(&handle->pipe, buffer.data, &buffer_size); 108if (rc == UV_ENOBUFS){109 buffer = MallocedBuffer<char>(buffer_size); 110if (buffer.data != nullptr){111 rc = uv_pipe_getpeername(&handle->pipe, buffer.data, &buffer_size); 112 } 113 } |
RaisinTen requested changes Apr 9, 2022
Uh oh!
There was an error while loading. Please reload this page.
RaisinTen approved these changes Apr 12, 2022
Uh oh!
There was an error while loading. Please reload this page.
github-actionsbot removed the request-ci 
Collaborator
nodejs-github-bot commented Apr 12, 2022
Member
RaisinTen commented Apr 13, 2022
@mhdawson wdyt about?
Are you planning to change it while landing this? |
jasnell approved these changes Apr 13, 2022
MemberAuthor
mhdawson commented Apr 13, 2022
Good point, I must have had doc on my mind, will change while landing. |
MemberAuthor
mhdawson commented Apr 13, 2022
CI run looks to be complete (https://ci.nodejs.org/job/node-test-pull-request/43464/) even though what's shown on the PR shows a job still running. Will land. |
mhdawson added a commit that referenced this pull request Apr 13, 2022
Fix coverity report about possibly dereferencing a null. If the the buffer.data != nullptr check indicates that the buffer was null, then relying on the value in buffer_size is no longer safe. The later call to uv_pipe_getpeername depends on the buffer_size being correct to avoid deferencing buffer.data if it is not big enough. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #42663 Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: James M Snell <[email protected]>
MemberAuthor
mhdawson commented Apr 13, 2022
Landed in 3026ca0 |
vmoroz pushed a commit to vmoroz/nodejs-node that referenced this pull request Apr 13, 2022
Fix coverity report about possibly dereferencing a null. If the the buffer.data != nullptr check indicates that the buffer was null, then relying on the value in buffer_size is no longer safe. The later call to uv_pipe_getpeername depends on the buffer_size being correct to avoid deferencing buffer.data if it is not big enough. Signed-off-by: Michael Dawson <[email protected]> PR-URL: nodejs#42663 Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: James M Snell <[email protected]>
xtx1130 pushed a commit to xtx1130/node that referenced this pull request Apr 25, 2022
Fix coverity report about possibly dereferencing a null. If the the buffer.data != nullptr check indicates that the buffer was null, then relying on the value in buffer_size is no longer safe. The later call to uv_pipe_getpeername depends on the buffer_size being correct to avoid deferencing buffer.data if it is not big enough. Signed-off-by: Michael Dawson <[email protected]> PR-URL: nodejs#42663 Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: James M Snell <[email protected]>
juanarbol pushed a commit that referenced this pull request May 31, 2022
Fix coverity report about possibly dereferencing a null. If the the buffer.data != nullptr check indicates that the buffer was null, then relying on the value in buffer_size is no longer safe. The later call to uv_pipe_getpeername depends on the buffer_size being correct to avoid deferencing buffer.data if it is not big enough. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #42663 Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: James M Snell <[email protected]>
danielleadams pushed a commit that referenced this pull request Jun 27, 2022
Fix coverity report about possibly dereferencing a null. If the the buffer.data != nullptr check indicates that the buffer was null, then relying on the value in buffer_size is no longer safe. The later call to uv_pipe_getpeername depends on the buffer_size being correct to avoid deferencing buffer.data if it is not big enough. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #42663 Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: James M Snell <[email protected]>
targos pushed a commit that referenced this pull request Jul 11, 2022
Fix coverity report about possibly dereferencing a null. If the the buffer.data != nullptr check indicates that the buffer was null, then relying on the value in buffer_size is no longer safe. The later call to uv_pipe_getpeername depends on the buffer_size being correct to avoid deferencing buffer.data if it is not big enough. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #42663 Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: James M Snell <[email protected]>
targos pushed a commit that referenced this pull request Jul 31, 2022
Fix coverity report about possibly dereferencing a null. If the the buffer.data != nullptr check indicates that the buffer was null, then relying on the value in buffer_size is no longer safe. The later call to uv_pipe_getpeername depends on the buffer_size being correct to avoid deferencing buffer.data if it is not big enough. Signed-off-by: Michael Dawson <[email protected]> PR-URL: #42663 Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: James M Snell <[email protected]>
guangwong pushed a commit to noslate-project/node that referenced this pull request Oct 10, 2022
Fix coverity report about possibly dereferencing a null. If the the buffer.data != nullptr check indicates that the buffer was null, then relying on the value in buffer_size is no longer safe. The later call to uv_pipe_getpeername depends on the buffer_size being correct to avoid deferencing buffer.data if it is not big enough. Signed-off-by: Michael Dawson <[email protected]> PR-URL: nodejs/node#42663 Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: James M Snell <[email protected]>
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix coverity report about possibly dereferencing
a null. If the the buffer.data != nullptr
check indicates that the buffer was null, then
relying on the value in buffer_size is no longer
safe. The later call to uv_pipe_getpeername
depends on the buffer_size being correct to
avoid deferencing buffer.data if it is not
big enough.
Signed-off-by: Michael Dawson [email protected]