Coverity issues in CocoaAsyncSocket/GCDAsyncSocket.m

60 views
Skip to first unread message

Puneet Taneja

unread,
May 21, 2020, 1:31:50 AM5/21/20
to CocoaAsyncSocket
Hi Below are the Coverity issues that are raise on the GCDAsyncSocket.m class. Please have a look and provide some solution for this security fixes:

1. The system resource will not be reclaimed and reused, reducing the future availability of the resource.

In -[GCDAsyncSocket doAccept:]Leak of memory or pointers to system resources( Handle variable childSocketFD going out of scope leaks the handle.)


2.The function returns a value that indicates an error condition. If this is not checked, the error condition may not be handled correctly.

In -[GCDAsyncSocket doReadEOF]Value returned from a library function is not checked for errors before being used. This value may indicate an error condition7. check_return: Calling poll(pfd, 1U0) without checking return value. This library function may fail and return an error code.


3. The function returns a value that indicates an error condition. If this is not checked, the error condition may not be handled correctly.

In -[GCDAsyncSocket connectWithAddressUN:error:]Value returned from a library function is not checked for errors before being used. This value may indicate an error condition. 4. check_return: Calling setsockopt(socketFD, 655354, &reuseOn, 4U) without checking return value. This library function may fail and return an error code.


4. function returns a value that indicates an error condition. If this is not checked, the error condition may not be handled correctly.

In -[GCDAsyncSocket createSocket:connectInterface:errPtr:]Value returned from a library function is not checked for errors before being used. This value may indicate an error condition.3. check_return: Calling setsockopt(socketFD, 655354130, &nosigpipe, 4U) without checking return value. This library function may fail and return an error code.


5.The function returns a value that indicates an error condition. If this is not checked, the error condition may not be handled correctly.

In -[GCDAsyncSocket bindSocket:toInterface:error:]Value returned from a library function is not checked for errors before being used. This value may indicate an error condition.check_return: Calling setsockopt(socketFD, 655354, &reuseOn, 4U) without checking return value. This library function may fail and return an error code.


The function returns a value that indicates an error condition. If this is not checked, the error condition may not be handled correctly.

In -[GCDAsyncSocket doAccept:]Value returned from a library function is not checked for errors before being used. This value may indicate an error condition.Calling setsockopt(childSocketFD, 655354130, &nosigpipe, 4U) without checking return value. This library function may fail and return an error code.

Reply all
Reply to author
Forward
0 new messages