From 60a3eb12ac4e8527f05311f8a6129195d435a592 Mon Sep 17 00:00:00 2001 From: Nathan Hjelm Date: Fri, 11 Mar 2016 13:07:01 -0700 Subject: [PATCH 1/4] comm_spawn_multiple_f: fix coverity issue Fix CID 1327338: Resource leak (RESOURCE_LEAK): Confirmed that the c_info array was being leaked. Free the array before returning. Signed-off-by: Nathan Hjelm --- ompi/mpi/fortran/mpif-h/comm_spawn_multiple_f.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ompi/mpi/fortran/mpif-h/comm_spawn_multiple_f.c b/ompi/mpi/fortran/mpif-h/comm_spawn_multiple_f.c index 1d3e3b8845d..867934e138a 100644 --- a/ompi/mpi/fortran/mpif-h/comm_spawn_multiple_f.c +++ b/ompi/mpi/fortran/mpif-h/comm_spawn_multiple_f.c @@ -12,6 +12,8 @@ * Copyright (c) 2010-2012 Cisco Systems, Inc. All rights reserved. * Copyright (c) 2015 Research Organization for Information Science * and Technology (RIST). All rights reserved. + * Copyright (c) 2016 Los Alamos National Security, LLC. All rights + * reserved. * $COPYRIGHT$ * * Additional copyrights may follow @@ -150,4 +152,5 @@ void ompi_comm_spawn_multiple_f(MPI_Fint *count, char *array_commands, } } free(c_array_argv); + free(c_info); } From 8871bdb2f87b7c5603dc594ce37b74b02bb6949d Mon Sep 17 00:00:00 2001 From: Nathan Hjelm Date: Sun, 13 Mar 2016 15:01:23 -0600 Subject: [PATCH 2/4] fcoll/two_phase: fix coverity issues Fix CID 72296: Resource leak (RESOURCE_LEAK): Changed code to goto exit instead of returning to ensure memory is freed. Fix CID 712589: Out-of-bounds read (OVERRUN): In this loop i and j are identical and always less than iov_count. The CID was triggered because i was incremented if i was < iov_count. This meant that if the loop did go on the next iteration would access an invalid index. Fix CID 741363: Uninitialized scalar variable (UNINIT): Allocate tmp_len with calloc to insure every index is initialized. Fix CID 741364: Uninitialized pointer read (UNINIT): Allocate recv_types with calloc to ensure all indices are always initialized. Also added a check to not loop and destroy if recv_types is NULL. Also added a NULL check on the allocation of decoded iov. This is not the cause of CID 126784 but should be fixed. Fix CID 712588: Out-of-bounds read (OVERRUN): Similar to CID 712589. Should silence the issue. Signed-off-by: Nathan Hjelm --- .../two_phase/fcoll_two_phase_file_read_all.c | 12 ++----- .../fcoll_two_phase_file_write_all.c | 35 +++++++++++-------- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/ompi/mca/fcoll/two_phase/fcoll_two_phase_file_read_all.c b/ompi/mca/fcoll/two_phase/fcoll_two_phase_file_read_all.c index 0abf6963e0b..cfae9c1ec67 100644 --- a/ompi/mca/fcoll/two_phase/fcoll_two_phase_file_read_all.c +++ b/ompi/mca/fcoll/two_phase/fcoll_two_phase_file_read_all.c @@ -277,15 +277,9 @@ mca_fcoll_two_phase_file_read_all (mca_io_ompio_file_t *fh, } } flat_buf->count = local_size; - i=0;j=0; - while(j < local_size){ - flat_buf->indices[j] = (OMPI_MPI_OFFSET_TYPE)(intptr_t)decoded_iov[i].iov_base; - flat_buf->blocklens[j] = decoded_iov[i].iov_len; - - if(i < (int)iov_count) - i+=1; - - j+=1; + for (j = 0 ; j < local_size ; ++j) { + flat_buf->indices[j] = (OMPI_MPI_OFFSET_TYPE)(intptr_t)decoded_iov[j].iov_base; + flat_buf->blocklens[j] = decoded_iov[j].iov_len; } #if DEBUG diff --git a/ompi/mca/fcoll/two_phase/fcoll_two_phase_file_write_all.c b/ompi/mca/fcoll/two_phase/fcoll_two_phase_file_write_all.c index f1cd3089efd..dd8b7ce94a4 100644 --- a/ompi/mca/fcoll/two_phase/fcoll_two_phase_file_write_all.c +++ b/ompi/mca/fcoll/two_phase/fcoll_two_phase_file_write_all.c @@ -13,7 +13,7 @@ * Copyright (c) 2008-2014 University of Houston. All rights reserved. * Copyright (c) 2015 Research Organization for Information Science * and Technology (RIST). All rights reserved. - * Copyright (c) 2015 Los Alamos National Security, LLC. All rights + * Copyright (c) 2015-2016 Los Alamos National Security, LLC. All rights * reserved. * $COPYRIGHT$ * @@ -194,6 +194,10 @@ mca_fcoll_two_phase_file_write_all (mca_io_ompio_file_t *fh, if ( 0 < iov_count ) { decoded_iov = (struct iovec *)malloc (iov_count * sizeof(struct iovec)); + if (NULL == decoded_iov) { + ret = OMPI_ERR_OUT_OF_RESOURCE; + goto exit; + } } for (ti = 0; ti < iov_count; ti ++){ decoded_iov[ti].iov_base = (IOVBASE_TYPE *)( @@ -320,19 +324,15 @@ mca_fcoll_two_phase_file_write_all (mca_io_ompio_file_t *fh, } } flat_buf->count = local_size; - i=0;j=0; - while(j < local_size){ + for (j = 0 ; j < local_size ; ++j) { if ( 0 < max_data ) { - flat_buf->indices[j] = (OMPI_MPI_OFFSET_TYPE)(intptr_t)decoded_iov[i].iov_base; - flat_buf->blocklens[j] = decoded_iov[i].iov_len; + flat_buf->indices[j] = (OMPI_MPI_OFFSET_TYPE)(intptr_t)decoded_iov[j].iov_base; + flat_buf->blocklens[j] = decoded_iov[j].iov_len; } else { flat_buf->indices[j] = 0; flat_buf->blocklens[j] = 0; } - if(i < (int)iov_count) - i+=1; - j+=1; } #if DEBUG_ON @@ -967,14 +967,14 @@ static int two_phase_exchage_data(mca_io_ompio_file_t *fh, recv_types = (ompi_datatype_t **) - malloc (( nprocs_recv + 1 ) * sizeof(ompi_datatype_t *)); + calloc (( nprocs_recv + 1 ), sizeof(ompi_datatype_t *)); if ( NULL == recv_types ){ ret = OMPI_ERR_OUT_OF_RESOURCE; goto exit; } - tmp_len = (int *) malloc(fh->f_size*sizeof(int)); + tmp_len = (int *) calloc(fh->f_size, sizeof(int)); if ( NULL == tmp_len ) { ret = OMPI_ERR_OUT_OF_RESOURCE; @@ -1005,7 +1005,6 @@ static int two_phase_exchage_data(mca_io_ompio_file_t *fh, if ( NULL == srt_off ){ ret = OMPI_ERR_OUT_OF_RESOURCE; - free(tmp_len); goto exit; } @@ -1013,7 +1012,6 @@ static int two_phase_exchage_data(mca_io_ompio_file_t *fh, if ( NULL == srt_len ) { ret = OMPI_ERR_OUT_OF_RESOURCE; - free(tmp_len); free(srt_off); goto exit; } @@ -1029,6 +1027,7 @@ static int two_phase_exchage_data(mca_io_ompio_file_t *fh, } free(tmp_len); + tmp_len = NULL; *hole = 0; if (off != srt_off[0]){ @@ -1059,7 +1058,8 @@ static int two_phase_exchage_data(mca_io_ompio_file_t *fh, (sizeof(mca_io_ompio_io_array_t)); if (NULL == fh->f_io_array) { opal_output(1, "OUT OF MEMORY\n"); - return OMPI_ERR_OUT_OF_RESOURCE; + ret = OMPI_ERR_OUT_OF_RESOURCE; + goto exit; } fh->f_io_array[0].offset =(IOVBASE_TYPE *)(intptr_t) off; fh->f_num_of_io_entries = 1; @@ -1182,7 +1182,13 @@ static int two_phase_exchage_data(mca_io_ompio_file_t *fh, #endif exit: - for (i=0; i Date: Sun, 27 Mar 2016 14:34:45 -0600 Subject: [PATCH 3/4] fcoll/static: fix coverity issues Fix CID 72362: Explicit null dereferenced (FORWARD_NULL) From what I can tell the code @ fcoll_static_file_read_all.c:649 should be setting bytes_per_process[i] to 0 not bytes_per_process. Fix CID 72361: Explicit null dereferenced (FORWARD_NULL) Modified check to check for blocklen_per_process non-NULL before trying to free blocklen_per_process[l]. This is sufficient because free (NULL) is safe. Also cleaned up the initialization of this an a couple other arrays. They were allocated with malloc() then initialized to 0. Changed to used calloc(). Signed-off-by: Nathan Hjelm --- .../fcoll/static/fcoll_static_file_read_all.c | 22 ++++++------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/ompi/mca/fcoll/static/fcoll_static_file_read_all.c b/ompi/mca/fcoll/static/fcoll_static_file_read_all.c index f89827c75e4..ae03552327e 100644 --- a/ompi/mca/fcoll/static/fcoll_static_file_read_all.c +++ b/ompi/mca/fcoll/static/fcoll_static_file_read_all.c @@ -244,40 +244,33 @@ mca_fcoll_static_file_read_all (mca_io_ompio_file_t *fh, goto exit; } - bytes_remaining = (int *) malloc (fh->f_procs_per_group * sizeof(int)); + bytes_remaining = (int *) calloc (fh->f_procs_per_group, sizeof(int)); if (NULL == bytes_remaining){ opal_output (1, "OUT OF MEMORY\n"); ret = OMPI_ERR_OUT_OF_RESOURCE; goto exit; } - current_index = (int *) malloc (fh->f_procs_per_group * sizeof(int)); + current_index = (int *) calloc (fh->f_procs_per_group, sizeof(int)); if (NULL == current_index){ opal_output (1, "OUT OF MEMORY\n"); ret = OMPI_ERR_OUT_OF_RESOURCE; goto exit; } - blocklen_per_process = (int **)malloc (fh->f_procs_per_group * sizeof (int*)); + blocklen_per_process = (int **)calloc (fh->f_procs_per_group, sizeof (int*)); if (NULL == blocklen_per_process) { opal_output (1, "OUT OF MEMORY\n"); ret = OMPI_ERR_OUT_OF_RESOURCE; goto exit; } - displs_per_process = (MPI_Aint **)malloc (fh->f_procs_per_group * sizeof (MPI_Aint*)); + displs_per_process = (MPI_Aint **)calloc (fh->f_procs_per_group, sizeof (MPI_Aint*)); if (NULL == displs_per_process) { opal_output (1, "OUT OF MEMORY\n"); ret = OMPI_ERR_OUT_OF_RESOURCE; goto exit; } - - for(i=0;if_procs_per_group;i++){ - current_index[i] = 0; - bytes_remaining[i] = 0; - blocklen_per_process[i] = NULL; - displs_per_process[i] = NULL; - } } @@ -646,8 +639,8 @@ mca_fcoll_static_file_read_all (mca_io_ompio_file_t *fh, global_iov_count, sorted); if (current_index[i] == -1){ - bytes_per_process = 0; /* no more entries left - to service this request*/ + bytes_per_process[i] = 0; /* no more entries left + to service this request*/ continue; } } @@ -960,9 +953,8 @@ mca_fcoll_static_file_read_all (mca_io_ompio_file_t *fh, if (my_aggregator == fh->f_rank) { for(l=0;lf_procs_per_group;l++){ - if (NULL != blocklen_per_process[l]){ + if (blocklen_per_process) { free(blocklen_per_process[l]); - blocklen_per_process[l] = NULL; } if (NULL != displs_per_process[l]){ free(displs_per_process[l]); From 1ff3d3b16be30384b02fc895e7a5c922cc092e79 Mon Sep 17 00:00:00 2001 From: Nathan Hjelm Date: Fri, 1 Apr 2016 10:38:52 -0600 Subject: [PATCH 4/4] pml/ob1: fix coverity issue Fix CID 1357978 (1 of 1): Logically dead code (DEADCODE): Remove duplicate check for NULL == endpoint. Signed-off-by: Nathan Hjelm --- ompi/mca/pml/ob1/pml_ob1_isend.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/ompi/mca/pml/ob1/pml_ob1_isend.c b/ompi/mca/pml/ob1/pml_ob1_isend.c index bd5fd767e38..30fd32dba8f 100644 --- a/ompi/mca/pml/ob1/pml_ob1_isend.c +++ b/ompi/mca/pml/ob1/pml_ob1_isend.c @@ -211,10 +211,6 @@ int mca_pml_ob1_send(const void *buf, return OMPI_SUCCESS; } - if (OPAL_UNLIKELY(NULL == endpoint)) { - return OMPI_ERR_UNREACH; - } - seqn = (uint16_t) OPAL_THREAD_ADD32(&ob1_proc->send_sequence, 1); /**