RDK-60308-[tr69hostif, RFC] RDK Coverity Defect Resolution for Device Management #335
Conversation
of comparing tv_sec values. Fix Coverity #2, #3, #4, #5, #20-30, #101: Multiple defects - #2: INTEGER_OVERFLOW - Add overflow check before pointer arithmetic - #3, #4: COPY_INSTEAD_OF_MOVE - Use std::move for RValue references - #5: DEADCODE - Remove redundant null check after direct assignment - #20-30: NO_EFFECT - Remove redundant error checks before ERR_CHK calls - #101: RESOURCE_LEAK - Add cleanup for pipe2/fp2 in executeRfcMgr Fix Coverity #11: LOCK_EVASION Convert singleton instance to std::atomic for lock-free thread safety. Fix Coverity #6: FORWARD_NULL Add TODO comment for potential null pointer dereference issue in external libparodus dependency. Fix Coverity #7: FORWARD_NULL Add TODO comment for potential null pointer dereference issue in external libparodus dependency. Fix Coverity #12: MISSING_LOCK Protect thread-unsafe fopen calls with mutex lock. Fix Coverity #13: RESOURCE_LEAK Free allocated memory in notification handler error path. Fix Coverity #14: RESOURCE_LEAK Free allocated memory in notification handler error path. Fix Coverity #15: RESOURCE_LEAK Free allocated memory in notification handler error path. Fix Coverity #16: RESOURCE_LEAK Free allocated memory in notification handler error path. Fix Coverity #17: RESOURCE_LEAK Free allocated memory in notification handler error path. Fix Coverity #18: RESOURCE_LEAK Free allocated memory in notification handler error path. Fix Coverity #19: RESOURCE_LEAK Free allocated memory in notification handler error path. Fix Coverity #8: MISSING_RETURN Add default return values to test stub methods. Fix Coverity #9, #10: MISSING_RETURN Add default return values to test stub methods. src/hostif/profiles/DeviceInfo/Device_DeviceInfo_ProcessStatus_Process.cpp Fix Coverity #31-40: NO_EFFECT Remove 9 redundant error checks before ERR_CHK macro calls. Fix Coverity #41-45: NO_EFFECT Remove 5 redundant error checks before ERR_CHK macro calls. Fix Coverity #46, #47, #106: Multiple defects - #46, #47: NO_EFFECT - Remove redundant error checks before ERR_CHK - #106: REVERSE_INULL - Add null check before strcpy_s call Fix Coverity #48-51: NO_EFFECT Remove 4 redundant error checks before ERR_CHK macro calls. Fix Coverity #52-60: NO_EFFECT Remove 9 redundant error checks before ERR_CHK macro calls. Fix Coverity #61-69: NO_EFFECT Remove 9 redundant error checks before ERR_CHK macro calls. Fix Coverity #70-73: NO_EFFECT Remove 4 redundant error checks before ERR_CHK macro calls. Fix Coverity #74-76: NO_EFFECT Remove 3 redundant error checks before ERR_CHK macro calls. Fix Coverity #77: NO_EFFECT Remove redundant error check before ERR_CHK macro call. Fix Coverity #78-82: NO_EFFECT Remove 5 redundant error checks before ERR_CHK macro calls. Fix Coverity #83-86: NO_EFFECT Remove 4 redundant error checks before ERR_CHK macro calls. Fix Coverity #100, #103, #104: RESOURCE_LEAK Free paramValue allocated by getRbusStringParam in all code paths. Fix Coverity #97: PW.NARROWING_CONVERSION Use explicit struct initialization with uint32_t cast to avoid implicit narrowing conversion.
Coverity Issue - Parse recovery warningoperator -> or ->* applied to "std::atomic<XBSStore *>" instead of to a pointer type Low Impact, CWE-none Issue locationThis issue was discovered outside the diff for this Pull Request. You can find it at: |
Coverity Issue - Parse recovery warningfunction "XBSStore::getAuthServicePartnerID" not emitted, consider modeling it or review parse diagnostics to improve fidelity Low Impact, CWE-none Issue locationThis issue was discovered outside the diff for this Pull Request. You can find it at: |
| strncpy(attr[0][i]->value,Param.paramValue, strlen(Param.paramValue)); | ||
| attr[0][i]->value[strlen(Param.paramValue)] = '\0'; | ||
| int ret = get_AttribValues_tr69hostIf(&Param); | ||
| if(ret == 0 && Param.paramValue != NULL) |
There was a problem hiding this comment.
Coverity Issue - Array compared against 0
Comparing an array to null is not useful: "Param.paramValue != NULL", since the test will always evaluate as true.
Medium Impact, CWE-398
NO_EFFECT
How to fix
Was "Param.paramValue" formerly declared as a pointer?
Coverity Issue - Parse recovery warningoperator -> or ->* applied to "std::atomic<XBSStore *>" instead of to a pointer type Low Impact, CWE-none Issue locationThis issue was discovered outside the diff for this Pull Request. You can find it at: |
Coverity Issue - Parse recovery warningoperator -> or ->* applied to "std::atomic<XBSStore *>" instead of to a pointer type Low Impact, CWE-none Issue locationThis issue was discovered outside the diff for this Pull Request. You can find it at: |
| hostIf_IPInterface* ipIfInst = hostIf_IPInterface::getInstance(ifindexes[i]); | ||
| if (ipIfInst) { | ||
| int ipv4AddressNumberOfEntries = ipIfInst->getIPv4AddressNumberOfEntries(); | ||
| RDK_LOG (RDK_LOG_DEBUG, LOG_TR69HOSTIF, "[%s:%s:%d] ipv4AddressNumberOfEntries = %d, curNumOfInterfaceIPv4Addresses[%d] = %d\n", | ||
| __FILE__, __FUNCTION__, __LINE__, ipv4AddressNumberOfEntries, ifindexes[i], curNumOfInterfaceIPv4Addresses[ifindexes[i]]); | ||
| sprintf (objectPath, "Device.IP.Interface.%d.IPv4Address.", ifindexes[i]); | ||
| sendAddRemoveEvents (mUpdateCallback, ipv4AddressNumberOfEntries, curNumOfInterfaceIPv4Addresses[ifindexes[i]], objectPath); | ||
| } |
There was a problem hiding this comment.
The null check is only added for the IPv4 case but not for the IPv6 case. Lines 503 and 509 still call hostIf_IPInterface::getInstance(ifindexes[i]) without checking if the returned pointer is null before calling methods on it. This creates an inconsistency where the IPv4 code path is protected but the IPv6 code path is not.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 26 out of 26 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| strncpy(attr[0][i]->value,Param.paramValue, strlen(Param.paramValue)); | ||
| attr[0][i]->value[strlen(Param.paramValue)] = '\0'; | ||
| int ret = get_AttribValues_tr69hostIf(&Param); | ||
| if(ret == 0 && Param.paramValue != NULL) |
There was a problem hiding this comment.
The null check Param.paramValue != NULL is incorrect. The paramValue field is a fixed-size char array in the HOSTIF_MsgData_t structure (line 171 of hostIf_tr69ReqHandler.h), not a pointer, so it can never be NULL. This check will always evaluate to true. Consider checking if the string is empty using Param.paramValue[0] != '\0' instead, or relying solely on the return value check.
| if(ret == 0 && Param.paramValue != NULL) | |
| if(ret == 0 && Param.paramValue[0] != '\0') |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 26 out of 26 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
|
|
||
| XBSStore* XBSStore::xbsInstance = NULL; | ||
| std::atomic<XBSStore*> XBSStore::xbsInstance(nullptr); |
There was a problem hiding this comment.
The conversion to std::atomic<XBSStore*> is incomplete and introduces potential race conditions. The getInstance() method on lines 826-836 (not shown in diff but still present) uses double-checked locking with xbsInstance, but now that xbsInstance is atomic, the checks on lines 826 and 829 need to use .load() method. Additionally, the assignment on line 831 should use .store(). Without these changes, the code may not work correctly due to implicit conversions that may not be thread-safe in all scenarios.
| AudioOutputPort &getAudioOutputPort(int id){}; | ||
| AudioOutputPort &getAudioOutputPort(const std::string &name) | ||
| { | ||
| static AudioOutputPort aPort(name); |
There was a problem hiding this comment.
The static AudioOutputPort instance is constructed with only a name parameter, but AudioOutputPort may require additional initialization parameters. If AudioOutputPort's constructor needs more than just a name, this will cause compilation errors or undefined behavior.
| static AudioOutputPort aPort(name); | |
| static AudioOutputPort aPort; |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 26 out of 26 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| hostIf_IPInterface* ipIfInst = hostIf_IPInterface::getInstance(ifindexes[i]); | ||
| if (ipIfInst) { | ||
| int ipv4AddressNumberOfEntries = ipIfInst->getIPv4AddressNumberOfEntries(); | ||
| RDK_LOG (RDK_LOG_DEBUG, LOG_TR69HOSTIF, "[%s:%s:%d] ipv4AddressNumberOfEntries = %d, curNumOfInterfaceIPv4Addresses[%d] = %d\n", | ||
| __FILE__, __FUNCTION__, __LINE__, ipv4AddressNumberOfEntries, ifindexes[i], curNumOfInterfaceIPv4Addresses[ifindexes[i]]); | ||
| sprintf (objectPath, "Device.IP.Interface.%d.IPv4Address.", ifindexes[i]); | ||
| sendAddRemoveEvents (mUpdateCallback, ipv4AddressNumberOfEntries, curNumOfInterfaceIPv4Addresses[ifindexes[i]], objectPath); | ||
| } |
There was a problem hiding this comment.
The null check for ipIfInst is added here, but the same pattern is used in the IPv6 code path (lines 504, 510) without null checks. Consider adding the same null check for consistency and safety in the IPv6 sections.
|
@Vismalskumar0 I've opened a new pull request, #340, to work on those changes. Once the pull request is ready, I'll request review from you. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Check return value of pthread_cond_timedwait for ETIMEDOUT instead of comparing tv_sec values.
Fix Coverity #2, #3, #4, #5, #20-30, #101: Multiple defects
Fix Coverity #11: LOCK_EVASION
Convert singleton instance to std::atomic for lock-free thread safety.
Fix Coverity #6: FORWARD_NULL
Add TODO comment for potential null pointer dereference issue in external libparodus dependency.
Fix Coverity #7: FORWARD_NULL
Add TODO comment for potential null pointer dereference issue in external libparodus dependency.
Fix Coverity #12: MISSING_LOCK
Protect thread-unsafe fopen calls with mutex lock.
Fix Coverity #13: RESOURCE_LEAK
Free allocated memory in notification handler error path.
Fix Coverity #14: RESOURCE_LEAK
Free allocated memory in notification handler error path.
Fix Coverity #15: RESOURCE_LEAK
Free allocated memory in notification handler error path.
Fix Coverity #16: RESOURCE_LEAK
Free allocated memory in notification handler error path.
Fix Coverity #17: RESOURCE_LEAK
Free allocated memory in notification handler error path.
Fix Coverity #18: RESOURCE_LEAK
Free allocated memory in notification handler error path.
Fix Coverity #19: RESOURCE_LEAK
Free allocated memory in notification handler error path.
Fix Coverity #8: MISSING_RETURN
Add default return values to test stub methods.
Fix Coverity #9, #10: MISSING_RETURN
Add default return values to test stub methods.
src/hostif/profiles/DeviceInfo/Device_DeviceInfo_ProcessStatus_Process.cpp Fix Coverity #31-40: NO_EFFECT
Remove 9 redundant error checks before ERR_CHK macro calls.
Fix Coverity #41-45: NO_EFFECT
Remove 5 redundant error checks before ERR_CHK macro calls.
Fix Coverity #46, #47, #106: Multiple defects
Fix Coverity #48-51: NO_EFFECT
Remove 4 redundant error checks before ERR_CHK macro calls.
Fix Coverity #52-60: NO_EFFECT
Remove 9 redundant error checks before ERR_CHK macro calls.
Fix Coverity #61-69: NO_EFFECT
Remove 9 redundant error checks before ERR_CHK macro calls.
Fix Coverity #70-73: NO_EFFECT
Remove 4 redundant error checks before ERR_CHK macro calls.
Fix Coverity #74-76: NO_EFFECT
Remove 3 redundant error checks before ERR_CHK macro calls.
Fix Coverity #77: NO_EFFECT
Remove redundant error check before ERR_CHK macro call.
Fix Coverity #78-82: NO_EFFECT
Remove 5 redundant error checks before ERR_CHK macro calls.
Fix Coverity #83-86: NO_EFFECT
Remove 4 redundant error checks before ERR_CHK macro calls.
Fix Coverity #100, #103, #104: RESOURCE_LEAK
Free paramValue allocated by getRbusStringParam in all code paths.
Fix Coverity #97: PW.NARROWING_CONVERSION
Use explicit struct initialization with uint32_t cast to avoid implicit narrowing conversion.