cov-test: Fixing High and medium level issues[DONOT MERGE]#107
cov-test: Fixing High and medium level issues[DONOT MERGE]#107Sid2001-maker wants to merge 1 commit into
Conversation
…tical and High issues Reason for change: Resolve Critical and high level issues in coverity Test Procedure: build should be successful Risk: low Priority: P2
There was a problem hiding this comment.
Pull request overview
This pull request addresses Coverity scan findings by fixing critical and high-level issues related to error handling, resource management, and code quality. The PR aims to resolve issues flagged by static analysis tools.
Changes:
- Added exception handling to main functions in multiple files
- Fixed error checking for curl operations and file I/O
- Improved resource cleanup and memory management
- Corrected format specifiers and mutex handling
- Added virtual destructor to interface class
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| src/jsruntime.cpp | Added try-catch blocks around main function and commented out Wayland display validation |
| src/jsc/jsc_lib/jsc_lib.cpp | Enhanced curl error checking and improved path separator handling |
| src/jsc/JavaScriptUtils.cpp | Fixed mutex unlock, added error checking for file operations, and improved resource cleanup |
| src/jsc/JavaScriptEngine.cpp | Corrected format specifier from %d to %f for double variable |
| src/jsc/JavaScriptContext.cpp | Added cleanup for network metrics data and null pointer check for AAMP bindings |
| src/NativeJSRenderer.cpp | Added curl error checking and fixed variable scope issue |
| src/JSRuntimeServer.cpp | Initialized error return value |
| src/JSRuntimeClientContainer.cpp | Added exception handling to main function |
| src/JSRuntimeClient.cpp | Improved condition variable usage and added exception handling |
| include/IJavaScriptContext.h | Added virtual destructor |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if (stat(fd, &buf) != 0) | ||
| { | ||
| rtLogError("Failed to stat file: %s", fd); | ||
| fclose(ptr); | ||
| return RT_ERROR; | ||
| } | ||
|
|
||
| int size = buf.st_size; | ||
|
|
||
| buffer = (char*)malloc(size); | ||
| fread(buffer,size,1,ptr); // read 10 bytes to our buffer | ||
| size_t bytesRead = fread(buffer, size, 1, ptr); | ||
| fclose(ptr); |
There was a problem hiding this comment.
The fopen call may fail and return nullptr, but there's no check before using ptr. Before calling stat, fread, or fclose with ptr, verify that fopen succeeded and ptr is not null to prevent null pointer dereferences.
| else | ||
| { | ||
| NativeJSLogger::log(ERROR, "Unable to find application with id: %d and url: %s\n", id, mContextMap[id].url); | ||
| NativeJSLogger::log(ERROR, "Unable to find application with id: %d and url: %s\n", id, mContextMap[id].url.c_str()); |
There was a problem hiding this comment.
Attempting to access mContextMap[id].url when id is not found in the map causes undefined behavior. This line is in the else branch that executes when the id is not found (line 445), so accessing mContextMap[id].url will either access an invalid entry or create a new one. Remove the .c_str() call or avoid accessing mContextMap[id] altogether in this error path.
| NativeJSLogger::log(ERROR, "Unable to find application with id: %d and url: %s\n", id, mContextMap[id].url.c_str()); | |
| NativeJSLogger::log(ERROR, "Unable to find application with id: %d\n", id); |
| if(!mTestFileName.empty()) | ||
| { | ||
| ModuleSettings settings; | ||
| uint32_t id; |
There was a problem hiding this comment.
The variable id is declared inside the if block on line 507 but is used to initialize ApplicationRequest on line 509. Since uint32_t is uninitialized, this will result in using an indeterminate value. Initialize id before using it or ensure it's assigned a valid value.
| uint32_t id; | |
| uint32_t id = 0; |
| /* | ||
| //CID:430751:Use of untrusted string value (TAINTED_STRING) | ||
| // Validate waylanddisplay to prevent injection attacks | ||
| if (!waylanddisplay.empty()) { | ||
| if (waylanddisplay.length() > 256) { | ||
| NativeJSLogger::log(ERROR, "Invalid Wayland display name: too long\n"); | ||
| waylanddisplay = ""; | ||
| } else { | ||
| bool valid = true; | ||
| for (char c : waylanddisplay) { | ||
| if (!isalnum(c) && c != '-' && c != '_' && c != '/' && c != '.') { | ||
| valid = false; | ||
| break; | ||
| } | ||
| } | ||
| if (!valid) { | ||
| NativeJSLogger::log(ERROR, "Invalid Wayland display name: contains invalid characters\n"); | ||
| waylanddisplay = ""; | ||
| } | ||
| } | ||
| } | ||
| */ |
There was a problem hiding this comment.
Commented-out code related to Coverity issue CID:430751 for tainted string validation has been left in the codebase. This validation code for the waylanddisplay parameter appears to address a security concern but is disabled. Either remove this commented code or uncomment and enable it if the validation is necessary for security.
| curl_easy_cleanup(curl); | ||
| } | ||
| res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2); | ||
| if (res != CURLE_OK) { | ||
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYHOST: %s\n", curl_easy_strerror(res)); | ||
| curl_easy_cleanup(curl); | ||
| } | ||
| res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true); | ||
| if (res != CURLE_OK) { | ||
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYPEER: %s\n", curl_easy_strerror(res)); | ||
| curl_easy_cleanup(curl); | ||
| } | ||
| res = curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl-agent/1.0"); | ||
| if (res != CURLE_OK) { | ||
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_USERAGENT: %s\n", curl_easy_strerror(res)); | ||
| curl_easy_cleanup(curl); | ||
|
|
||
| } | ||
| res = curl_easy_setopt(curl, CURLOPT_PROXY, ""); | ||
| if (res != CURLE_OK) { | ||
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_PROXY: %s\n", curl_easy_strerror(res)); | ||
| curl_easy_cleanup(curl); |
There was a problem hiding this comment.
After checking if curl_easy_setopt fails and logging an error, the code calls curl_easy_cleanup but continues execution instead of returning immediately. This results in attempting to use an already-cleaned-up curl handle in subsequent curl_easy_setopt calls, which leads to undefined behavior. Add a return statement after curl_easy_cleanup to exit the function early on error.
| curl_easy_cleanup(curl); | |
| } | |
| res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2); | |
| if (res != CURLE_OK) { | |
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYHOST: %s\n", curl_easy_strerror(res)); | |
| curl_easy_cleanup(curl); | |
| } | |
| res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true); | |
| if (res != CURLE_OK) { | |
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYPEER: %s\n", curl_easy_strerror(res)); | |
| curl_easy_cleanup(curl); | |
| } | |
| res = curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl-agent/1.0"); | |
| if (res != CURLE_OK) { | |
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_USERAGENT: %s\n", curl_easy_strerror(res)); | |
| curl_easy_cleanup(curl); | |
| } | |
| res = curl_easy_setopt(curl, CURLOPT_PROXY, ""); | |
| if (res != CURLE_OK) { | |
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_PROXY: %s\n", curl_easy_strerror(res)); | |
| curl_easy_cleanup(curl); | |
| curl_easy_cleanup(curl); | |
| return ret; | |
| } | |
| res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2); | |
| if (res != CURLE_OK) { | |
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYHOST: %s\n", curl_easy_strerror(res)); | |
| curl_easy_cleanup(curl); | |
| return ret; | |
| } | |
| res = curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, true); | |
| if (res != CURLE_OK) { | |
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_SSL_VERIFYPEER: %s\n", curl_easy_strerror(res)); | |
| curl_easy_cleanup(curl); | |
| return ret; | |
| } | |
| res = curl_easy_setopt(curl, CURLOPT_USERAGENT, "libcurl-agent/1.0"); | |
| if (res != CURLE_OK) { | |
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_USERAGENT: %s\n", curl_easy_strerror(res)); | |
| curl_easy_cleanup(curl); | |
| return ret; | |
| } | |
| res = curl_easy_setopt(curl, CURLOPT_PROXY, ""); | |
| if (res != CURLE_OK) { | |
| NativeJSLogger::log(ERROR, "Failed to set CURLOPT_PROXY: %s\n", curl_easy_strerror(res)); | |
| curl_easy_cleanup(curl); | |
| return ret; |
| @@ -85,6 +85,7 @@ class JsonWrap | |||
| if (!itm || !cJSON_IsNumber(itm)) | |||
| { | |||
| std::cerr << "Error: " << name << "is not a Uint32_t" << std::endl; | |||
There was a problem hiding this comment.
Missing space in error message. The error message concatenates name directly with "is" without a space separator, resulting in output like "valueis not a Uint32_t" instead of "value is not a Uint32_t".
| std::cerr << "Error: " << name << "is not a Uint32_t" << std::endl; | |
| std::cerr << "Error: " << name << " is not a Uint32_t" << std::endl; |
RDKEMW-12252: Coverity Scan Report - Analyzing and Fixing all the Critical and High issues
Reason for change: Resolve Critical and high level issues in coverity
Test Procedure: build should be successful
Risk: low
Priority: P2