Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src: suppress false coverity warning #42284

Closed
wants to merge 1 commit into from
Closed

src: suppress false coverity warning #42284

wants to merge 1 commit into from

Conversation

mhdawson
Copy link
Member

Signed-off-by: Michael Dawson mdawson@devrus.com

@mhdawson
src: suppress false coverity warning
c8937f8 
Signed-off-by: Michael Dawson <mdawson@devrus.com>
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels Mar 10, 2022
@mhdawson
Copy link
Member Author

mhdawson commented Mar 10, 2022
edited
Loading

This is the coverity warning. I believe it is a false positive since the pointer passed is only used as a key
instead of a pointer in the function it is passed to:

void* DebuggingArrayBufferAllocator::Reallocate(void* data,
139                                                size_t old_size,
140                                                size_t size) {
141  Mutex::ScopedLock lock(mutex_);
   	1. freed_arg: Reallocate frees data. [[show details](https://scan9.scan.coverity.com/eventId=8709720-0&modelId=8709720-0&fileInstanceId=93872115&filePath=%2Fsrc%2Fapi%2Fenvironment.cc&fileStart=101&fileEnd=107)]
142  void* ret = NodeArrayBufferAllocator::Reallocate(data, old_size, size);
   	2. Condition ret == NULL, taking true branch.
143  if (ret == nullptr) {
   	3. Condition size == 0, taking true branch.
144    if (size == 0)  // i.e. equivalent to free().
   	
CID 196235 (#1 of 1): Use after free (USE_AFTER_FREE)
4. pass_freed_arg: Passing freed pointer data as an argument to UnregisterPointerInternal.
145      UnregisterPointerInternal(data, old_size);
146    return nullptr;
147  }

@tniessen
Copy link
Member

Does this affect any of our own workflows?

If the answer is no, and because coverity is an external commercial and non-open source tool (as far as I am aware), I think I have a slight preference for not adding coverity-specific comments to our source code. As far as I understand it, we can set "Classification" to "False Positive" and/or "Action" to "Ignore" through the web interface:

web interface

@mhdawson
Copy link
Member Author

@tniessen we already have 4-5 such comments in the code. I'm also thinking that other static analysis tools may report similar issues and having documented in the code that we believe they are ok will help us if we ever switch tools.

@mhdawson
Copy link
Member Author

@tniessen looking at the remaining failures. There are a good number which are related to not initializing a structure before calling a method to initialize it. Those I think would best be handled by marking them in coverity itself instead of in the code.

For this one I'd still prefer the comment in the code as it might avoid us looking at a similar report in another tool later on.

@aduh95 aduh95 added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Mar 12, 2022
@mhdawson mhdawson added the request-ci Add this label to start a Jenkins CI on a PR. label Mar 18, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Mar 18, 2022
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/43125/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/43152/

mhdawson added a commit that referenced this pull request Mar 22, 2022
@mhdawson
src: suppress false coverity warning
d10c717 
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42284
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
@mhdawson
Copy link
Member Author

Landed in d10c717

@mhdawson mhdawson closed this Mar 22, 2022
juanarbol pushed a commit that referenced this pull request Apr 4, 2022
@mhdawson @juanarbol
src: suppress false coverity warning
9807236 
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42284
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
juanarbol pushed a commit to juanarbol/node that referenced this pull request Apr 5, 2022
@mhdawson @juanarbol
src: suppress false coverity warning
c516c84 
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: nodejs#42284
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
This was referenced Apr 5, 2022
Closed
Merged
juanarbol pushed a commit that referenced this pull request Apr 6, 2022
@mhdawson @juanarbol
src: suppress false coverity warning
c6a558c 
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42284
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
xtx1130 pushed a commit to xtx1130/node that referenced this pull request Apr 25, 2022
@mhdawson @xtx1130
src: suppress false coverity warning
1c6c043 
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: nodejs#42284
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
juanarbol pushed a commit that referenced this pull request May 31, 2022
@mhdawson @juanarbol
src: suppress false coverity warning
67ea8e2 
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42284
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
@juanarbol juanarbol mentioned this pull request May 31, 2022
Closed
danielleadams pushed a commit that referenced this pull request Jun 27, 2022
@mhdawson @danielleadams
src: suppress false coverity warning
8f4e505 
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42284
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull request Jul 11, 2022
@mhdawson @targos
src: suppress false coverity warning
dc3f767 
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42284
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
targos pushed a commit that referenced this pull request Jul 31, 2022
@mhdawson @targos
src: suppress false coverity warning
a855315 
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: #42284
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
@targos targos mentioned this pull request Aug 3, 2022
Merged
guangwong pushed a commit to noslate-project/node that referenced this pull request Oct 10, 2022
@mhdawson @guangwong
src: suppress false coverity warning
5dcbb73 
Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: nodejs/node#42284
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell jasnell approved these changes

@addaleax addaleax addaleax approved these changes

@RaisinTen RaisinTen RaisinTen approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@mhdawson @tniessen @nodejs-github-bot @jasnell @addaleax @RaisinTen @aduh95