Coverity fixes.

1398654, 1398656 - lib missing unlock on fatal protocol error 1398655 - broker potential double free on startup after fatal persist error.
eclipse · Feb 28, 2019 · 4490d06 · 4490d06
1 parent 463de0a
commit 4490d06
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 7 deletions.
diff --git a/ChangeLog.txt b/ChangeLog.txt
@@ -6,10 +6,14 @@ Broker:
  case where a client connects using a username, and the anonymous ACL list is
  defined but specific user ACLs are not defined. Closes #1162.
 - Make error messages for missing config file clearer.
+- Fix some Coverity Scan reported errors that could occur when the broker was
+ already failing to start.
 
 Library:
 - Use higher resolution timer for random initialisation of client id
  generation. Closes #1177.
+- Fix some Coverity Scan reported errors that could occur when the library was
+ already quitting.
 
 
 1.5.7 - 20190213

diff --git a/lib/messages_mosq.c b/lib/messages_mosq.c
@@ -232,6 +232,7 @@ int message__remove(struct mosquitto *mosq, uint16_t mid, enum mosquitto_msg_dir
  while(cur){
  if(cur->msg.mid == mid){
  if(cur->msg.qos != qos){
+ pthread_mutex_unlock(&mosq->out_message_mutex);
  return MOSQ_ERR_PROTOCOL;
  }
  if(prev){
@@ -291,6 +292,7 @@ int message__remove(struct mosquitto *mosq, uint16_t mid, enum mosquitto_msg_dir
  while(cur){
  if(cur->msg.mid == mid){
  if(cur->msg.qos != qos){
+ pthread_mutex_unlock(&mosq->in_message_mutex);
  return MOSQ_ERR_PROTOCOL;
  }
  if(prev){
@@ -386,6 +388,7 @@ int message__out_update(struct mosquitto *mosq, uint16_t mid, enum mosquitto_msg
  while(message){
  if(message->msg.mid == mid){
  if(message->msg.qos != qos){
+ pthread_mutex_unlock(&mosq->out_message_mutex);
  return MOSQ_ERR_PROTOCOL;
  }
  message->state = state;

diff --git a/src/conf_includedir.c b/src/conf_includedir.c
@@ -124,7 +124,9 @@ int config__get_dir_files(const char *include_dir, char ***files, int *file_coun
 
  FindClose(fh);
 
- qsort(l_files, l_file_count, sizeof(char *), scmp_p);
+ if(l_files){
+ qsort(l_files, l_file_count, sizeof(char *), scmp_p);
+ }
  *files = l_files;
  *file_count = l_file_count;
 
@@ -184,7 +186,9 @@ int config__get_dir_files(const char *include_dir, char ***files, int *file_coun
  }
  closedir(dh);
 
- qsort(l_files, l_file_count, sizeof(char *), scmp_p);
+ if(l_files){
+ qsort(l_files, l_file_count, sizeof(char *), scmp_p);
+ }
  *files = l_files;
  *file_count = l_file_count;
 

diff --git a/src/database.c b/src/database.c
@@ -691,6 +691,7 @@ int db__message_store(struct mosquitto_db *db, const struct mosquitto *source, u
  mosquitto__free(temp->topic);
  mosquitto__free(temp);
  }
+ UHPA_FREE(*payload, payloadlen);
  return rc;
 }
 

diff --git a/src/persist.c b/src/persist.c
@@ -175,7 +175,7 @@ static int persist__message_store_write(struct mosquitto_db *db, FILE *db_fptr)
  }else{
  tlen = 0;
  }
- length = sizeof(dbid_t) + 2+strlen(stored->source_id) +
+ length = sizeof(dbid_t) + sizeof(uint16_t) +
  sizeof(uint16_t) + sizeof(uint16_t) +
  2+tlen + sizeof(uint32_t) +
  stored->payloadlen + sizeof(uint8_t) + sizeof(uint8_t)
@@ -808,17 +808,13 @@ static int persist__msg_store_chunk_restore(struct mosquitto_db *db, FILE *db_fp
  }else{
  mosquitto__free(load);
  fclose(db_fptr);
- mosquitto__free(topic);
- UHPA_FREE(payload, payloadlen);
  return rc;
  }
 error:
  err = strerror(errno);
  log__printf(NULL, MOSQ_LOG_ERR, "Error: %s.", err);
  fclose(db_fptr);
  mosquitto__free(source.id);
- mosquitto__free(topic);
- UHPA_FREE(payload, payloadlen);
  return 1;
 }