Rework the `nbWrite()` function so, that it gets safe
in terms of:
- operating on data written/data remaining integers
- has protection guards for extra big chunks to write at once
Refactor to use size_t/ssize_t instead of primitive int,
where possible (e.g. bytesWritten).
Let the `nbWrite()` use reference instead of pointer
for the bytes written parameter.
Fixes Coverity Scan report:
4. tainted_data_return: Called function write(fd, sp, nToWrite),
and a possible return value may be less than zero.
5. cast_overflow: An assign that casts to a different type,
which might trigger an overflow.
Overflowed integer argument (INTEGER_OVERFLOW)
13. overflow_sink: nToWrite, which might have overflowed,
is passed to write(fd, sp, nToWrite).
7. overflow: The expression nToWrite is considered
to have possibly overflowed.
Change-Id: I32aa6aae5ef5715d61a91714e62b0a094bc03f21
As long as the `TypeInt` is actually a long primitive,
and we tend to switch using the long type everywhere
within xml implementation, then
there is no need to support both `int` and `long`
types, just force users to be on `long` always.
Refactor the user code accordingly.
Change-Id: I5c5b032a824a84f69f99dc7c755d0da745a9a068
As this is only a syntactic sugar there is no difference,
but from the style perspective the project tends to
use C++ style.
Change-Id: I3636c48163b3d262b272b5088e03c074e49a9ec3
Properly select the equal operator based on long instead.
Otherwise it selects the `ValueStruct` as the latest
possible from the variant based `_value` and eventually
it gets stumbled over `[]` operator for
building structs which asserts it.
Change-Id: Ib9a4fe9c66ff02554a84451df8aa940fe766fedc
Don't try to double free the `_ssl_ssl` and `_ssl_ctx`
provided by `XmlRpcSource`, because this job
is already done by `XmlRpcSource::close()`.
Additionally:
- add a separate non-null check for the _ssl_ctx freeing
- move log lines from `XmlRpcClient::close()` to `XmlRpcSource::close()`
Change-Id: Ifef799fa6a0ffa65b60415f39c51f4b54ff4bb14
Additional logic around these two objects to free it during the
destruction phase.
Also add NULLing for the according pointers in other places
which might also free it before the destructor takes place,
which would lead otherwise to a double free attempt.
Change-Id: I046a660e4b1467a7093dbf2c0c3170a950d5f607
Don't appeal to the XmlRpcSource's members (e.g. `_ssl`)
if this has been freed via `this`.
To check this out see controllable delete behavior
via introduced getter `getsDeletedOnClose()`.
Should fix:
freed_arg: close frees this.
CID 542402: (#1 of 1): Read from pointer after free (USE_AFTER_FREE)
use_after_free: Using freed pointer this.
Change-Id: I8f23564957c57491db8cf051e7296671bf2a698a
For newly created call profiles use the move operation
instead of copy one.
Fixes:
CID 542292:Variable copied when it could be moved (COPY_INSTEAD_OF_MOVE)
Change-Id: Ia130fc3e32d23e63f3d41fc6261e90ecf742ecf7
Let STL handle memory management and type safety.
In the future this can be refactored further to eliminate the "Type"
enum and value, as the variant itself keeps this information.
Fix white spacing.
Change-Id: I6e903b51de339b686ba89bb7ae81f4d86eb66bc0
Store integers as long to reduce likelihood of overflows. Retain
overloaded accessors for compatibility.
Use time_t and suseconds_t for timestamps.
Fix up formatting strings to match the new types and to also fix
incorrect formatting of decimal values.
Remove unused methods.
Change-Id: I58bfcd8a34bef2363eac06242dfedf6aae8451e0
Instead of copying the FilterEntry mf, do the move.
Fixes defect:
329 vector<string> elems = explode(value, ",");
330 for (vector<string>::iterator it=elems.begin(); it != elems.end(); it++)
331 {
332 mf.filter_list.insert(*it);
333 }
334 mf.filter_type = Undefined;
>>> CID 550235: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "mf" is copied and then passed-by-reference as parameter to STL insertion function
"std::vector<FilterEntry, std::allocator<FilterEntry> >::push_back(
std::vector<FilterEntry, std::allocator<FilterEntry> >::value_type const &)",
when it could be moved instead.
335 profile->messagefilter.push_back(mf);
336 DBG("message_list set to '%s'\n", value.c_str());
337 EXEC_ACTION_STOP;
338 }
339
340 }
Change-Id: If6d04432f7004993fb1c70a0a026799805ed2a1a
Directly contain the ValueArray in the variant instead of manually
managing a pointer. Requires updating the return type of some const
functions to also be const, which in turn requires some of their users
to have the type const qualified as well.
Change-Id: I2ec31d659eef521a3f68d642ee431b5c38f27fdf
Update the AmArg argument to const as these functions never change it,
and it may come from a const source. (The `string` counterpart in the
other overload is already const qualified.)
Change-Id: I1e527425a70e0c6468b8b59de7e4a20fa1f5c218
When dereferencing it (after creating a new context before)
make sure it's not NULL even when just checking for
a connection error, as it might still be NULL and hence
will just seg.fault in this case.
Fixes:
Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking this->redis_context suggests
that it may be null, but it has already been dereferenced on all paths leading to the check.
Change-Id: I67f88f1dfccef66751298b1c26e85efba0458c1f
size_t will always be true against `>=` because
it's a typedef for unsigned long.
Makes no sense to check it, just log what it is.
Fixes: Unsigned compared against 0 (NO_EFFECT)
unsigned_compare: This greater-than-or-equal-to-zero comparison
of an unsigned value is always true. reply->len >= 0UL.
Change-Id: I75803cbe0760a1b5c4a0d056af86bc992ea0a110
Add a default case for `handle_redis_reply()`.
Fixes:
Dereference after null check (FORWARD_NULL)
4. var_deref_op: Dereferencing null pointer reply.
Change-Id: I22edbc3cb14f7e8662efe4c607e1502fbb8c56b6
Instead of using the `tmpnam()` which doesn't exclude
race conditions on the system (same filenames created
simultaneously), because it doesn't open/reserve the file,
just use the `mkstemp()` which actually genereates a filename
and creates the file for the process.
Upon creating the file, close the FD, as not needed atm.
This file can be then later opened using `SCPopenAction`
or anything alike.
Current new implementation does not unlink the file from
the filesystem and a user of it has to explicitly do that
later with for example the `sys.unlink()` from this same
library.
Additionally: to be able to have excplicit file path (so dir),
add a second parameter to this function to provide a directory.
Fixes:
warning: the use of `tmpnam' is dangerous, better use `mkstemp'
Change-Id: Ib5e89461b2d2288be77d5f1a899e5293b76ebf90
Fixes:
CID 542433: (#1 of 1): Uninitialized scalar variable (UNINIT)
34. uninit_use_in_call: Using uninitialized value mf.
Field mf.filter_type is uninitialized when calling push_back.
Change-Id: Ia5c2c2ebb08f1632f973ef0d08d4dca0c5b8934b
Don't do an extra job many times checking
what is the `profile_param`, just catch this once.
Hence conditions must be self-excluding.
Change-Id: I6d98a082e50777c995538fd6303eb0fe527b301b
If a channel has been allocated with
`ConferenceJoinChannel()` then remember to transfer
the ownership over it to the DSM sessions's
"garbage collector" which later takes care to
deallocate it.
Fixes:
CID 542153: (#1 of 1): Resource leak (RESOURCE_LEAK)
10. leaked_storage: Variable chan going out of scope leaks the storage it points to.
Change-Id: Icdc2c67cf2a349ec70fd83f1cf6a43ecfcf69547
Instead of copying string parameter, just pass via reference.
Fixes:
Variable copied when it could be moved (COPY_INSTEAD_OF_MOVE)
Change-Id: I872cd9631bbadc746aea12e7ae5840670fa16e8f
Fixes:
Variable copied when it could be moved (COPY_INSTEAD_OF_MOVE)
copy_constructor_call: varname is passed-by-value as parameter
to std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> >::basic_string(std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char> > const &), when it could be moved instead.
Do the move operation also for the rvalue beign assigned,
as it is a locally allocated pair.
Change-Id: Iba8e349f13c4f83bcd10e229fb101e7b26872f0e
For the local usage of AmArg (`AmArg var_struct;`),
in case when when a custom string to array convertor
is used, ensure that the `var_struct` was actually
set to something reasonable (non-Undef).
Change-Id: Ic5208a60a028788d7c61d8b9e731d6c6f982fcb1
If import of the DSM module fails, close previously
allocated handler for dynamic linking.
Fixes:
CID 542305: (#1 of 1): Resource leak (RESOURCE_LEAK)
13. leaked_storage: Variable h_dl going out of scope leaks the storage it points to.
Change-Id: I426188a2d819c320862ad7de64a01e5ad08e3725
Just initialize to NULL before going forward.
Fixes:
CID 542426: (#1 of 1): Uninitialized pointer read (UNINIT)
21. uninit_use_in_call: Using uninitialized value script_config.diags when calling operator =
Change-Id: I4ed97e4fbeb371f04f0496565fa03b7b4a302e02
This doesn't yet do much in terms of memory management as it still uses
pointers for arrays and structs, but it does move management of strings
and blobs into the variant. Further refactoring will bring the full
benefits.
Add specialised == operator to avoid implicit conversions to temporary
AmArg.
Includes white space cleanups.
Change-Id: I1e4bce6b96c2187294044f9f2a30fa7013912139
Move from debian/rules into actual makefile. This is not Debian-specific
and needs to be set for a successful build.
Also it's not a preprocessor option, it's a C++ option.
Change-Id: I19be56f4e319778def5697b1fdbc77a9988ccb9b
Add missing initialisers and fix order.
In some cases the member was actually unused and could just be removed.
Change-Id: I0f0c927eb8271c35dcfd371f225847f62bea2812
Warned-by: Coverity
We are passing here null pointer (so `this->dlg->getCallid()`)
which isn't good.
Just use a default `WARN()` instead.
Fixes:
*** CID 549008: Null pointer dereferences (FORWARD_NULL)
/apps/sbc/CallLeg.cpp: 193 in CallLeg::CallLeg(const CallLeg*, AmSipDialog *, AmSipSubscription *)()
187
188 // enable OA for the purpose of hold request detection
189 if (dlg) {
190 dlg->setOAEnabled(true);
191 dlg->setOAForceSDP(false);
192 }
>>> CID 549008: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "this->dlg->getCallid()" to "c_str", which dereferences it.
[Note: The source code implementation of the function has been overridden by a builtin model.]
193 else ILOG_DLG(L_WARN, "can't enable OA!\n");
194
195 // code below taken from createCalleeSession
196
197 const AmSipDialog* caller_dlg = caller->dlg;
198
Change-Id: If1f62386c9a2d3f6df4a12a2b157802b8a0677fa
These are all instances of an object being put into a container just
before it goes out of scope. Use move semantics to avoid copying.
Change-Id: I9c40a56c4a67df2b8e244d51f068b50ec286f5bf
Warned-by: Coverity
Use a static cast to make sure we use the right type for
std::string::length()
Change-Id: I3b21146ca8898d7e1f3b35c83389d37eadac5ff6
Warned-by: Coverity
Make it more explicit that this is meant to set the flag instead of
doing a comparison with a typo.
Change-Id: I31a1a7f35b9072f157105f6c2acdd2caf9bea09a
Warned-by: Coverity
Make the way we get call-id when calling ILOG_DLG()
file specific, which allows to define locally
(within a target file) how to get the call-id value.
Change-Id: I4af87edf9d1ea52d9678b3354bc797cf1f5f0b54
Classes that inherit from both AmThread and AmEventHandler must inherit
from AmEventQueue first and from AmThread after. This is needed so that
the AmThread dtor is called first, which will trigger the thread to shut
down, which in turn makes sure nothing is waiting on the AmEventQueue's
condition variable.
Otherwise, if AmEventQueue is destroyed first while the corresponding
thread is still running and waiting on the condition variable, it will
be a deadlock.
With this, sems finally can shut down cleanly without having to be
killed by systemd.
Change-Id: I914455763b517c96561acb0b64fce26f127f44bc
Use a timed condition waiter instead of waiting forever. This is needed
to be able to react to a requested thread shutdown.
Change-Id: I062b6045d737eb16cab8f052375d81a1988e95e8