forked from csutils/csdiff
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
parser-cov: tweak key event detection for LOCK_EVASION
Instead of `use_same_locks_for_read_and_modify` we need to pick `thread1_overwrites_value_in_field` in the example used as a test.
- Loading branch information
Showing
5 changed files
with
112 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| --mode=json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| Error: LOCK_EVASION (CWE-543): | ||
| p11-kit-0.23.22/p11-kit/rpc-client.c:808: thread1_checks_field: Thread1 uses the value read from field "initialized_forkid" in the condition "module->initialized_forkid == p11_forkid". It sees that the condition is true. Control is switched to Thread2. | ||
| p11-kit-0.23.22/p11-kit/rpc-client.c:808: thread2_checks_field: Thread2 uses the value read from field "initialized_forkid" in the condition "module->initialized_forkid == p11_forkid". It sees that the condition is true. | ||
| p11-kit-0.23.22/p11-kit/rpc-client.c:811: thread2_acquires_lock: Thread2 acquires lock "rpc_client.mutex". | ||
| p11-kit-0.23.22/p11-kit/rpc-client.c:826: thread2_modifies_field: Thread2 sets "initialized_forkid" to a new value. Note that this write can be reordered at runtime to occur before instructions that do not access this field within this locked region. After Thread2 leaves the critical section, control is switched back to Thread1. | ||
| p11-kit-0.23.22/p11-kit/rpc-client.c:811: thread1_acquires_lock: Thread1 acquires lock "rpc_client.mutex". | ||
| p11-kit-0.23.22/p11-kit/rpc-client.c:826: thread1_overwrites_value_in_field: Thread1 sets "initialized_forkid" to a new value. Now the two threads have an inconsistent view of "initialized_forkid" and updates to fields correlated with "initialized_forkid" may be lost. | ||
| p11-kit-0.23.22/p11-kit/rpc-client.c:808: use_same_locks_for_read_and_modify: Guard the modification of "initialized_forkid" and the read used to decide whether to modify "initialized_forkid" with the same set of locks. | ||
| # 824| } | ||
| # 825| | ||
| # 826|-> module->initialized_forkid = 0; | ||
| # 827| | ||
| # 828| p11_mutex_unlock (&module->mutex); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,96 @@ | ||
| { | ||
| "defects": [ | ||
| { | ||
| "checker": "LOCK_EVASION", | ||
| "cwe": 543, | ||
| "tool": "coverity", | ||
| "key_event_idx": 5, | ||
| "events": [ | ||
| { | ||
| "file_name": "p11-kit-0.23.22/p11-kit/rpc-client.c", | ||
| "line": 808, | ||
| "event": "thread1_checks_field", | ||
| "message": "Thread1 uses the value read from field \"initialized_forkid\" in the condition \"module->initialized_forkid == p11_forkid\". It sees that the condition is true. Control is switched to Thread2.", | ||
| "verbosity_level": 1 | ||
| }, | ||
| { | ||
| "file_name": "p11-kit-0.23.22/p11-kit/rpc-client.c", | ||
| "line": 808, | ||
| "event": "thread2_checks_field", | ||
| "message": "Thread2 uses the value read from field \"initialized_forkid\" in the condition \"module->initialized_forkid == p11_forkid\". It sees that the condition is true.", | ||
| "verbosity_level": 1 | ||
| }, | ||
| { | ||
| "file_name": "p11-kit-0.23.22/p11-kit/rpc-client.c", | ||
| "line": 811, | ||
| "event": "thread2_acquires_lock", | ||
| "message": "Thread2 acquires lock \"rpc_client.mutex\".", | ||
| "verbosity_level": 1 | ||
| }, | ||
| { | ||
| "file_name": "p11-kit-0.23.22/p11-kit/rpc-client.c", | ||
| "line": 826, | ||
| "event": "thread2_modifies_field", | ||
| "message": "Thread2 sets \"initialized_forkid\" to a new value. Note that this write can be reordered at runtime to occur before instructions that do not access this field within this locked region. After Thread2 leaves the critical section, control is switched back to Thread1.", | ||
| "verbosity_level": 1 | ||
| }, | ||
| { | ||
| "file_name": "p11-kit-0.23.22/p11-kit/rpc-client.c", | ||
| "line": 811, | ||
| "event": "thread1_acquires_lock", | ||
| "message": "Thread1 acquires lock \"rpc_client.mutex\".", | ||
| "verbosity_level": 1 | ||
| }, | ||
| { | ||
| "file_name": "p11-kit-0.23.22/p11-kit/rpc-client.c", | ||
| "line": 826, | ||
| "event": "thread1_overwrites_value_in_field", | ||
| "message": "Thread1 sets \"initialized_forkid\" to a new value. Now the two threads have an inconsistent view of \"initialized_forkid\" and updates to fields correlated with \"initialized_forkid\" may be lost.", | ||
| "verbosity_level": 0 | ||
| }, | ||
| { | ||
| "file_name": "p11-kit-0.23.22/p11-kit/rpc-client.c", | ||
| "line": 808, | ||
| "event": "use_same_locks_for_read_and_modify", | ||
| "message": "Guard the modification of \"initialized_forkid\" and the read used to decide whether to modify \"initialized_forkid\" with the same set of locks.", | ||
| "verbosity_level": 1 | ||
| }, | ||
| { | ||
| "file_name": "", | ||
| "line": 0, | ||
| "event": "#", | ||
| "message": " 824| \t}", | ||
| "verbosity_level": 1 | ||
| }, | ||
| { | ||
| "file_name": "", | ||
| "line": 0, | ||
| "event": "#", | ||
| "message": " 825| ", | ||
| "verbosity_level": 1 | ||
| }, | ||
| { | ||
| "file_name": "", | ||
| "line": 0, | ||
| "event": "#", | ||
| "message": " 826|-> \tmodule->initialized_forkid = 0;", | ||
| "verbosity_level": 1 | ||
| }, | ||
| { | ||
| "file_name": "", | ||
| "line": 0, | ||
| "event": "#", | ||
| "message": " 827| ", | ||
| "verbosity_level": 1 | ||
| }, | ||
| { | ||
| "file_name": "", | ||
| "line": 0, | ||
| "event": "#", | ||
| "message": " 828| \tp11_mutex_unlock (&module->mutex);", | ||
| "verbosity_level": 1 | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters