RDK-60307 [RRD] RDK Coverity Defect Resolution for Device Management#175
Merged
RDK-60307 [RRD] RDK Coverity Defect Resolution for Device Management#175
Conversation
Code Coverage Summary |
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request addresses Coverity defects in the RDK Remote Debugger Device Management code, focusing on fixing memory leaks, buffer overflows, and resource handling issues.
Changes:
- Added NULL checks for memory allocations (malloc, strdup, fread) with proper error handling and resource cleanup
- Fixed buffer overflow vulnerabilities by using correct size parameters in strncpy/strncat operations
- Corrected file pointer closure to only occur when pointers are valid (v_secure_pclose moved inside if blocks)
- Fixed memory management issues with rfcbuf allocations and ownership
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/rrdRunCmdThread.c | Added mutex protection for cacheDataNode initialization; fixed buffer overflow in strncpy/strncat; corrected v_secure_pclose placement to prevent potential crashes |
| src/rrdJsonParser.c | Added NULL checks for malloc/strdup/fread operations with proper cleanup; fixed rfcbuf memory leaks in error paths; clarified rfcbuf ownership with comment |
| src/rrdEventProcess.c | Fixed staticstrlen calculation after quote removal; corrected appendstrlen calculation; improved realloc error handling with proper log level |
Contributor
Coverity Issue - Resource leakVariable "staticprofiledata" going out of scope leaks the storage it points to. High Impact, CWE-404 Issue locationThis issue was discovered outside the diff for this Pull Request. You can find it at: |
madhubabutt
force-pushed
the
feature/RDK-60307
branch
from
c35d07f to
d8c0cd1
Compare
madhubabutt
force-pushed
the
feature/RDK-60307
branch
from
d8c0cd1 to
c90d902
Compare
madhubabutt
force-pushed
the
feature/RDK-60307
branch
from
c90d902 to
536c48f
Compare
Code Coverage Summary |
madhubabutt
force-pushed
the
feature/RDK-60307
branch
from
536c48f to
c2e1e4e
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Code Coverage Summary |
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.
Comments suppressed due to low confidence (1)
src/rrdInterface.c:348
dataMsgis freed only in the empty-message branch. In the non-empty case,dataMsgis passed topushIssueTypesToMsgQueueand never freed anywhere in the current flow, which leaks per event. Either makepushIssueTypesToMsgQueuedeep-copy the string so the caller can always freedataMsg, or ensure the consumer frees the message buffer after processing (but keep ownership consistent to avoid double-free).
strncpy(dataMsg, rbusValue_GetString(value, NULL), len-1);
dataMsg[len-1]='\0';
if (dataMsg[0] == '\0' || len <= 0 )
{
RDK_LOG(RDK_LOG_DEBUG,LOG_REMDEBUG,"[%s:%d]: Message Received is empty, Exit Processing!!! \n", __FUNCTION__, __LINE__);
free(dataMsg);
}
else
{
pushIssueTypesToMsgQueue(dataMsg, EVENT_MSG);
}
c2e1e4e to
9689c88
Compare
Code Coverage Summary |
madhubabutt
force-pushed
the
feature/RDK-60307
branch
from
9689c88 to
b80690a
Compare
Code Coverage Summary |
madhubabutt
force-pushed
the
feature/RDK-60307
branch
from
b80690a to
36d1c83
Compare
Code Coverage Summary |
madhubabutt
force-pushed
the
feature/RDK-60307
branch
from
a502adb to
46d180a
Compare
Code Coverage Summary |
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (1)
src/rrdEventProcess.c:123
processIssueTypeEvent()allocates/receives a heapdata_buf* rbuffrom the message queue but never deallocates it (norrbuf->mdata) before returning. This makes the/* coverity[leaked_storage] */suppressions elsewhere more likely to be masking a real leak. Consider establishing a clear ownership rule (e.g., consumer always callsRRD_data_buff_deAlloc(rbuf)after processing) and avoid freeingmdata/jsonPathin deep callees if the caller is responsible.
free(cmdMap);
cmdMap = NULL;
}
}
}
46d180a to
2e4ce7c
Compare
Code Coverage Summary |
madhubabutt
force-pushed
the
feature/RDK-60307
branch
from
2e4ce7c to
bd5c8f2
Compare
Code Coverage Summary |
madhubabutt
force-pushed
the
feature/RDK-60307
branch
from
bd5c8f2 to
74a28d9
Compare
Code Coverage Summary |
madhubabutt
force-pushed
the
feature/RDK-60307
branch
from
74a28d9 to
c7bd239
Compare
Code Coverage Summary |
Code Coverage Summary |
madhubabutt
force-pushed
the
feature/RDK-60307
branch
from
cf30136 to
fbb2a00
Compare
Code Coverage Summary |
Code Coverage Summary |
shibu-kv
approved these changes
Feb 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reason for change: Coverity Fix in RRD
Test Procedure: Build and Verify RRD Functionality
Risks: Low
Priority: P1
Signed-off-by:Tirumala, Madhubabu (Contractor) Madhubabu_Tirumala@comcast.com