Report from 2016-07-10 01:43:09

List of files

636
chart_create_legend(gdImagePtr im, int width, int height,
637
    apr_array_header_t *data, int flags)
638
{
639
  int show_date = flags & CHART_DATE;
640
  int gray5, gray3, gray1, blue, yellow, orang, black;

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

641
  char buffer[256], add_buffer[256];
642
  gray5 = gdImageColorAllocate(im, 150, 150, 150);
643
  gray3 = gdImageColorAllocate(im, 215, 215, 215);
644
  gray1 = gdImageColorAllocate(im, 226, 226, 226);
645
  blue = gdImageColorAllocate(im, 112, 157, 232);
646
  yellow = gdImageColorAllocate(im, 252, 254, 188);

...

756
        }
757
      if (ti.seconds)
758
        {
759
          sprintf(buffer, "sec %d", ti.seconds);
760
          gdImageString(im, fptr, rw - 2 * dx - 10, rh - dup, (unsigned char *)buffer, black);

cppcheck: Variable 'dup' is assigned a value that is never used.

761
          dup -= 10;
762
        }
763
    }
764
  else
765
    {
766
      gdImageLine(im, rw - 2 * dx, rh - 40, rw - dx, rh - 40, black);
55
#include "debug.h"
56
#define MAX_BUF_LEN 4096
57
58
void write_debug_info(const char * format, ...) {
59
#ifdef DEBUG_MODULE_H

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

60
	char buffer[MAX_BUF_LEN];
61
	va_list args;
62
	va_start(args, format);
63
	vsnprintf(buffer, MAX_BUF_LEN, format, args);
64
	perror(buffer);
65
	va_end(args);
123
{
124
  const char *nlistf, *memf;
125
  memf = _PATH_DEVNULL;
126
  static kvm_t *kd;
127
  struct kinfo_proc *kp;

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

128
  char errbuf[_POSIX2_LINE_MAX];
129
  int flag = pid, what = KERN_PROC_PID, nentries, i;
130
  nlistf = NULL;
131
  fgm->memory_bytes = 0;
132
  fgm->memory_percents = 0;
133
  fgm->memory_total = 0;

...

214
  static kvm_t *kd;
215
  struct kinfo_proc *kp;
216
  int dummy;
217
  fgc->process_cpu = 0;
218
  fgc->system_cpu = 0;

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

219
  char errbuf[_POSIX2_LINE_MAX];
220
  int flag = pid, what = KERN_PROC_PID, nentries, i;
221
  nlistf = NULL;
222
  kd = kvm_openfiles (nlistf, memf, NULL, O_RDONLY, errbuf);
223
  if (kd == 0)
224
    {

...

255
{
256
  const char *nlistf, *memf;
257
  memf = _PATH_DEVNULL;
258
  static kvm_t *kd;
259
  struct kinfo_proc *kp;

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

260
  char errbuf[_POSIX2_LINE_MAX];
261
  int flag = pid, what = KERN_PROC_PID, nentries, i;
262
  nlistf = NULL;
263
  int dummy;
264
  fgi->io_write = 0;
265
  fgi->io_read = 0;
101
	os_version_code = LINUX_VERSION_CODE (x, y, z);
102
	return 0;
103
}
104
105
static int try_file_to_buffer_iostat(char *buffer, const char *format, ...) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

106
	char path[_PATH_SIZE];
107
	int fd;
108
	ssize_t len;
109
	va_list pa;
110
111
	va_start(pa, format);

...

151
152
	return value;
153
}
154
155
void get_io_stat(iostat * info, long pid, long tid) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

156
	char buffer[BUFSIZ];
157
	io_stat_reset(info);
158
	int res;
159
	if (tid != (long) -1)
160
		res = try_file_to_buffer_iostat(buffer, "/proc/%d/task/%d/io", pid,
161
				tid);

...

170
				"cancelled_write_bytes:");
171
	}
172
}
173
174
void get_io_stat_current(iostat * info, long pid, long tid) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

175
	char buffer[BUFSIZ];
176
	io_stat_reset(info);
177
	int res;
178
	if (tid != (long) -1)
179
		res = try_file_to_buffer_iostat(buffer, "/proc/self/task/%d/io", tid);
180
	else

...

192
void io_stat_reset(iostat * info) {
193
	memset(info, 0, sizeof(iostat));
194
}
195
196
void glibtop_get_cpu_own(glibtop_cpu_own * buf) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

197
	char buffer[BUFSIZ], *p;
198
199
	memset(buf, 0, sizeof(glibtop_cpu_own));
200
201
	int res = try_file_to_buffer_iostat(buffer, FILENAME);
202
	if (res == TRY_FILE_TO_BUFFER_OK_IOSTAT) {

...

243
	return (char *) p;
244
}
245
246
void glibtop_get_proc_time_own(glibtop_proc_time_own * buf, pid_t pid,
247
		pid_t tid) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

248
	char buffer[BUFSIZ], *p;
249
	memset(buf, 0, sizeof(glibtop_proc_time_own));
250
251
	int res;
252
	if (tid != (long) -1)
253
		res = try_file_to_buffer_iostat(buffer, "/proc/%d/task/%d/stat", pid,

...

279
	glibtop_get_mem_own_ret(buf);
280
281
}
282
283
int glibtop_get_mem_own_ret(glibtop_mem_own * buf) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

284
	char buffer[BUFSIZ];
285
	memset(buf, 0, sizeof *buf);
286
287
	int res = try_file_to_buffer_iostat(buffer, FILENAMEMEM);
288
	if (res == TRY_FILE_TO_BUFFER_OK_IOSTAT) {
289
		buf->total = get_scaled_iostat(buffer, "MemTotal:");

...

314
	glibtop_get_proc_mem_own_ret(buf, pid, tid);
315
}
316
317
int glibtop_get_proc_mem_own_ret(glibtop_proc_mem_own * buf, pid_t pid,
318
		pid_t tid) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

319
	char buffer[BUFSIZ], *p;
320
	const size_t pagesize = get_page_size();
321
	memset(buf, 0, sizeof(glibtop_proc_mem_own));
322
323
	int res;
324
	if (tid != (long) -1)
111
	if (glibtop_init_own() < 0) {
112
		return -1;
113
	}
114
#endif
115

cppcheck: Condition 'global_sd<0' is always true

116
	if (global_sd < 0) {
117
		if (connect_to_daemon_inner(&global_sd, socket_path) != 0) {
118
			global_sd = -1;
119
			return -1;
120
		}
121
	}
432
			char *ptr = apr_pstrndup(p, beg_p, str - beg_p + 1);
433
			ptr = performance_log_format_parse_param(p, ptr);
434
			if (ptr) {
435
				*(char **) apr_array_push(new_arr) = ptr;
436
			}

cppcheck: Variable 'beg_p' is assigned a value that is never used.

437
			beg_p = str + 1;
438
		}
439
	}
440
441
	return new_arr;
442
}

...

1329
	double dmaxPCPU = maxPCPU;
1330
1331
	double dcput = dt * dcpu / dmaxPCPU;
1332
	server_rec *req_server;
1333
	apr_status_t retval;

cppcheck: Variable 'req_server' is assigned a value that is never used.

1334
	req_server = srv;
1335
1336
	if (req_time < (1.0 / glbHtz)) {
1337
		dcpu = 0.0;
1338
	}
1339

...

1390
						req_begin->uri, req_begin->hostname, req_begin->script,
1391
						dcpu, dmem, dt, dcput, dmem_mb, dread, dwrite);
1392
				log_string = apr_pstrcat(_sub_pool, log_string, "\n", NULL);
1393
1394
				bytes_written = strlen(log_string);

cppcheck: Variable 'retval' is assigned a value that is never used.

1395
				retval = apr_file_write(cfg->fd, log_string, &bytes_written);
1396
			}
1397
			END_SUB_POOL_SECTION(pool, _sub_pool);
1398
		}
1399
			break;
1400
		default: {

...

1500
1501
			if (((fds + i)->fd == l_sock) && ((fds + i)->revents & POLLIN)) {
1502
				/*
1503
				 * Accept
1504
				 */

cppcheck: Common realloc mistake: 'fds' nulled but not freed upon failure

1505
				fds = (struct pollfd *) realloc(fds,
1506
						(nfds + 1) * sizeof(struct pollfd));
1507
				(fds + nfds)->fd = accept(l_sock, (struct sockaddr *) &fsaun,
1508
						&fromlen);
1509
1510
				write_debug_info("Thread listen accept socket %d",

...

1513
				if ((fds + nfds)->fd == -1) {
1514
					ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,
1515
							MODULE_PREFFIX "Error on polling socket. Accepting error");
1516
1517
					cleanup_sock(0, (fds + nfds)->fd, 1);

cppcheck: Common realloc mistake: 'fds' nulled but not freed upon failure

1518
					fds = (struct pollfd *) realloc(fds,
1519
							nfds * sizeof(struct pollfd));
1520
					continue;
1521
				}
1522
				(fds + nfds)->events = POLLIN;
1523
				nfds++;

...

1557
							add_item_to_removelist((fds + i)->fd);
1558
						cleanup_sock(1, (fds + i)->fd, 2);
1559
						nfds--;
1560
						memcpy(fds + i, fds + i + 1,
1561
								(nfds - i) * sizeof(struct pollfd));

cppcheck: Common realloc mistake: 'fds' nulled but not freed upon failure

1562
						fds = (struct pollfd *) realloc(fds,
1563
								nfds * sizeof(struct pollfd));
1564
						continue;
1565
					}
1566
				}
1567

...

1578
				else
1579
					add_item_to_removelist((fds + i)->fd);
1580
				nfds--;
1581
				memcpy(fds + i, fds + i + 1,
1582
						(nfds - i) * sizeof(struct pollfd));

cppcheck: Common realloc mistake: 'fds' nulled but not freed upon failure

1583
				fds = (struct pollfd *) realloc(fds,
1584
						nfds * sizeof(struct pollfd));
1585
				continue;
1586
			}
1587
			//Disconnect
1588
			if ((fds + i)->revents & POLLHUP) {

...

1595
						(fds + i)->fd);
1596
				cleanup_sock(0, (fds + i)->fd, 2);
1597
				nfds--;
1598
				memcpy(fds + i, fds + i + 1,
1599
						(nfds - i) * sizeof(struct pollfd));

cppcheck: Common realloc mistake: 'fds' nulled but not freed upon failure

1600
				fds = (struct pollfd *) realloc(fds,
1601
						nfds * sizeof(struct pollfd));
1602
				continue;
1603
			}
1604
			//Error
1605
			if ((fds + i)->revents & POLLERR) {

...

1616
1617
				cleanup_sock(0, (fds + i)->fd, 2);
1618
				nfds--;
1619
				memcpy(fds + i, fds + i + 1,
1620
						(nfds - i) * sizeof(struct pollfd));

cppcheck: Common realloc mistake: 'fds' nulled but not freed upon failure

1621
				fds = (struct pollfd *) realloc(fds,
1622
						nfds * sizeof(struct pollfd));
1623
				continue;
1624
			}
1625
1626
		}

...

1707
	apr_cpystrn(unix_addr.sun_path, performance_socket,
1708
			sizeof unix_addr.sun_path);
1709

rats: umask-->umask() can easily be used to create files with unsafe priviledges. It should be set to restrictive values.

1710
	omask = umask(0077);

cppcheck: Variable 'rc' is assigned a value that is never used.

1711
	rc = bind(sd, (struct sockaddr *) &unix_addr, sizeof(unix_addr));

rats: umask-->umask() can easily be used to create files with unsafe priviledges. It should be set to restrictive values.

1712
	umask(omask);
1713
1714
	if (performance_get_all_access())
1715
		rv = apr_file_perms_set(performance_socket,

...

2147
	if (!performance_blocksave) {
2148
		int rt_code, rt_code2;
2149
		struct pollfd fds;
2150
		int nfds = 1;
2151
		rt_code = fcntl(socket, F_GETFL, 0);

cppcheck: Variable 'rt_code2' is assigned a value that is never used.

2152
		rt_code2 = fcntl(socket, F_SETFL, rt_code | O_NONBLOCK);
2153
2154
		int ret = 0;
2155
		int timeout = 100;
2156
2157
		fds.fd = socket;

...

2184
			performance_use_pid ?
2185
					performance_socket : performance_socket_no_pid,
2186
			sizeof unix_addr.sun_path);
2187
2188
	connect_tries = 0;

cppcheck: Variable 'sliding_timer' is assigned a value that is never used.

2189
	sliding_timer = 100000; /* 100 milliseconds */
2190
	while (1) {
2191
		++connect_tries;
2192
		if ((sd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
2193
			//ap_log_rerror (APLOG_MARK, APLOG_ERR, errno, r,
2194
			//		 MODULE_PREFFIX "unable to create socket to daemon");

...

2666
		(request_rec * r, pid_t pid, int *sd));
2667
APR_DECLARE_OPTIONAL_FN(int, match_external_handlers, (request_rec * r));
2668
2669
void send_begininfo_to_daemon(request_rec * r, pid_t pid, int *sd) {
2670

cppcheck: Redundant condition: r. '!r || (r && !r.server)' is equivalent to '!r || !r.server'

cppcheck: Either the condition 'r' is redundant or there is possible null pointer dereference: r.

2671
	if (!r || (r && !r->server))
2672
		return;
2673
2674
	performance_module_cfg *cfg = performance_module_sconfig(r);
2675
2676
	if (!*sd) {
103
void modperformance_sendbegin_info_send_info(performance_module_send_req *req,
104
		char *uri, char *filename, char *hostname, char *method, char *args,
105
		char *canonical_filename, int use_tid, server_rec *server,
106
		apr_pool_t *pool, int performance_use_cononical_name) {
107

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

108
	char str_b[512] = "";
109
	double time_start;
110
	struct timeval tm;
111
	gettimeofday(&tm, NULL);
112
	time_start = (double) tm.tv_sec + (double) tm.tv_usec / SEC2NANO;
113

...

174
}
175
176
void modperformance_sendend_info_send_info(performance_module_send_req *req,
177
		char *uri, char *hostname, char *method, char *args, int use_tid,
178
		server_rec *server, apr_pool_t *pool) {

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

179
	char str_b[512] = "";
180
	double time_start2;
181
	struct timeval tm;
182
	gettimeofday(&tm, NULL);
183
	time_start2 = (double) tm.tv_sec + (double) tm.tv_usec / SEC2NANO;
184
581
				apr_pool_cleanup_null);
582
	}
583
		break;
584
	case 3: {
585
		//extract port number form host

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

586
		char host_only[512], port_only[512];
587
588
		if (strstr((host?host:"localhost"), ":") && host) {
589
			char *pos = strstr(host, ":");
590
			strncpy(host_only, host, pos - host);
591
			host_only[pos - host] = '\0';

...

1286
				} else if (rv == SQLITE_DONE) {
1287
					break;
1288
				} else {
1289
					(*_sqlite3_reset)(stmt);
1290
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

1291
					break;
1292
				}
1293
			}
1294
			(*_sqlite3_reset)(stmt);
1295
		}
1296
	}

...

1386
				} else if (rv == SQLITE_DONE) {
1387
					break;
1388
				} else {
1389
					(*_sqlite3_reset)(stmt);
1390
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

1391
					break;
1392
				}
1393
			}
1394
			(*_sqlite3_reset)(stmt);
1395
		}
1396
	}

...

1518
				} else if (rv == SQLITE_DONE) {
1519
					break;
1520
				} else {
1521
					(*_sqlite3_reset)(stmt);
1522
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

1523
					break;
1524
				}
1525
			}
1526
			(*_sqlite3_reset)(stmt);
1527
		}
1528
	}

...

1653
				} else if (rv == SQLITE_DONE) {
1654
					break;
1655
				} else {
1656
					(*_sqlite3_reset)(stmt);
1657
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

1658
					break;
1659
				}
1660
			}
1661
			(*_sqlite3_reset)(stmt);
1662
		}
1663
	}

...

1781
				} else if (rv == SQLITE_DONE) {
1782
					break;
1783
				} else {
1784
					(*_sqlite3_reset)(stmt);
1785
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

1786
					break;
1787
				}
1788
			}
1789
			(*_sqlite3_reset)(stmt);
1790
		}
1791
	}

...

1916
				} else if (rv == SQLITE_DONE) {
1917
					break;
1918
				} else {
1919
					(*_sqlite3_reset)(stmt);
1920
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

1921
					break;
1922
				}
1923
			}
1924
			(*_sqlite3_reset)(stmt);
1925
		}
1926
	}

...

2044
				} else if (rv == SQLITE_DONE) {
2045
					break;
2046
				} else {
2047
					(*_sqlite3_reset)(stmt);
2048
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

2049
					break;
2050
				}
2051
			}
2052
			(*_sqlite3_reset)(stmt);
2053
		}
2054
	}

...

2179
				} else if (rv == SQLITE_DONE) {
2180
					break;
2181
				} else {
2182
					(*_sqlite3_reset)(stmt);
2183
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

2184
					break;
2185
				}
2186
			}
2187
			(*_sqlite3_reset)(stmt);
2188
		}
2189
	}

...

2307
				} else if (rv == SQLITE_DONE) {
2308
					break;
2309
				} else {
2310
					(*_sqlite3_reset)(stmt);
2311
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

2312
					break;
2313
				}
2314
			}
2315
			(*_sqlite3_reset)(stmt);
2316
		}
2317
	}

...

2421
				} else if (rv == SQLITE_DONE) {
2422
					break;
2423
				} else {
2424
					(*_sqlite3_reset)(stmt);
2425
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

2426
					break;
2427
				}
2428
			}
2429
			(*_sqlite3_reset)(stmt);
2430
		}
2431
	}

...

2529
				} else if (rv == SQLITE_DONE) {
2530
					break;
2531
				} else {
2532
					(*_sqlite3_reset)(stmt);
2533
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

2534
					break;
2535
				}
2536
			}
2537
			(*_sqlite3_reset)(stmt);
2538
		}
2539
	}

...

2647
				} else if (rv == SQLITE_DONE) {
2648
					break;
2649
				} else {
2650
					(*_sqlite3_reset)(stmt);
2651
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

2652
					break;
2653
				}
2654
			}
2655
			(*_sqlite3_reset)(stmt);
2656
		}
2657
	}

...

2767
				} else if (rv == SQLITE_DONE) {
2768
					break;
2769
				} else {
2770
					(*_sqlite3_reset)(stmt);
2771
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

2772
					break;
2773
				}
2774
			}
2775
			(*_sqlite3_reset)(stmt);
2776
		}
2777
	}

...

2917
				} else if (rv == SQLITE_DONE) {
2918
					break;
2919
				} else {
2920
					(*_sqlite3_reset)(stmt);
2921
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

2922
					break;
2923
				}
2924
			}
2925
			(*_sqlite3_reset)(stmt);
2926
		}
2927
	}

...

3038
				} else if (rv == SQLITE_DONE) {
3039
					break;
3040
				} else {
3041
					(*_sqlite3_reset)(stmt);
3042
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

3043
					break;
3044
				}
3045
			}
3046
			(*_sqlite3_reset)(stmt);
3047
		}
3048
	}

...

3146
				} else if (rv == SQLITE_DONE) {
3147
					break;
3148
				} else {
3149
					(*_sqlite3_reset)(stmt);
3150
					return apr_pstrdup(p, "Error while request processing");

cppcheck: Consecutive return, break, continue, goto or throw statements are unnecessary.

3151
					break;
3152
				}
3153
			}
3154
			(*_sqlite3_reset)(stmt);
3155
		}
3156
	}
66
{
67
  regex_t compiled_regex;
68
  regex_t compiled_regex_all;
69
  regmatch_t regexp_result;
70
  //size_t matches = 1;

rats: fixed size local buffer-->Extra care should be taken to ensure that character arrays that are allocated on the stack are used safely. They are prime targets for buffer overflow attacks.

71
  char buffer[512];
72
  time_t rawtime;
73
  struct tm *timeinfo;
74
  int error;
75
  int hours = 0, minutes = 0, seconds = 0;
76
  if (regcomp