From 146858fb5432ef92bd0cd45e0a7e3c8ca4c82ffa Mon Sep 17 00:00:00 2001 From: Andy Green Date: Fri, 14 Aug 2020 06:35:31 +0100 Subject: [PATCH] coverity: 231926: clear false positive by showing coverity what it wants to see We can't get here without testing for COLON_PATH existing in http2.c as part of the h2spec pass code. if (!lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_PATH) || !lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_METHOD) || !lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_SCHEME) || lws_hdr_total_length(h2n->swsi, WSI_TOKEN_HTTP_COLON_STATUS) || lws_hdr_extant(h2n->swsi, WSI_TOKEN_CONNECTION)) { lws_h2_goaway(wsi, H2_ERR_PROTOCOL_ERROR, "Pseudoheader checks"); break; } So there is no issue. But show Coverity what it wants so we don't keep getting this false positive reported by different coverity users. --- lib/roles/h2/ops-h2.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/lib/roles/h2/ops-h2.c b/lib/roles/h2/ops-h2.c index 74f5a1aba..9812cc09e 100644 --- a/lib/roles/h2/ops-h2.c +++ b/lib/roles/h2/ops-h2.c @@ -768,12 +768,22 @@ lws_h2_bind_for_post_before_action(struct lws *wsi) p = lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_METHOD); if (p && !strcmp(p, "POST")) { - const struct lws_http_mount *hit = - lws_find_mount(wsi, - lws_hdr_simple_ptr(wsi, - WSI_TOKEN_HTTP_COLON_PATH), - lws_hdr_total_length(wsi, - WSI_TOKEN_HTTP_COLON_PATH)); + const struct lws_http_mount *hit; + + if (!lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_COLON_PATH) || + !lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_PATH)) + /* + * There must be a path. Actually this is checked at + * http2.c along with the other required header + * presence before we can get here. + * + * But Coverity insists to see us check it. + */ + return 1; + + hit = lws_find_mount(wsi, + lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_PATH), + lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_COLON_PATH)); lwsl_debug("%s: %s: hit %p: %s\n", __func__, lws_hdr_simple_ptr(wsi, WSI_TOKEN_HTTP_COLON_PATH),