[PATCH] udp: Provide dummy iov in udp_peek_addr() to avoid Coverity warning
udp_peek_addr() initialises struct msghdr without setting msg_iov,
leaving it implicitly NULL. Coverity flags this as FORWARD_NULL,
believing recvmsg() will dereference the NULL pointer.
In practice, msg_iovlen being zero means the kernel never touches
msg_iov, so the warning is a false positive. We now provide a
one-byte dummy iov to make msg_iov non-NULL, hence suppressing this
warning without changing the function's behaviour.
Signed-off-by: Jon Maloy
On Sun, May 31, 2026 at 04:20:27PM -0400, Jon Maloy wrote:
udp_peek_addr() initialises struct msghdr without setting msg_iov, leaving it implicitly NULL. Coverity flags this as FORWARD_NULL, believing recvmsg() will dereference the NULL pointer.
In practice, msg_iovlen being zero means the kernel never touches msg_iov, so the warning is a false positive. We now provide a one-byte dummy iov to make msg_iov non-NULL, hence suppressing this warning without changing the function's behaviour.
Signed-off-by: Jon Maloy
Oof. I mean, yes, it's worth some amount of code ugliness to prevent Coverity warnings, but this is definitely on the high end of that ugliness. This doesn't have zero runtime cost, since it requires extra stack jiggery pokery to set up. The question is how to do it better without explicit Coverity suppressions or at least mentioning Coverity in line. This isn't quite as similar to an existing workaround as I initially thought. The triggering situation is similar the one handled by #ifdef VALGRIND in tcp.c + test/valgrind.supp, but that doesn't really help us Arguably this is a Coverity defect - it should be able to see that msg_iovlen is statically zero and accept this. So there's some hope of the error just going away in future. Not sure whether that's likely, or if we can do anything to expedite it. Hrm. We don't want to reference Coverity in the code for an explicit suppression, so I guess using a #if conditional on coverity would have the same problem. Could we use a conditional but not refer specifically to which static checker it's working around?
--- udp.c | 7 +++++++ 1 file changed, 7 insertions(+)
diff --git a/udp.c b/udp.c index c28d6ee2..f648cb8b 100644 --- a/udp.c +++ b/udp.c @@ -734,9 +734,16 @@ static int udp_peek_addr(int s, union sockaddr_inany *src, { char sastr[SOCKADDR_STRLEN], dstr[INANY_ADDRSTRLEN]; char cmsg[PKTINFO_SPACE]; + char dummy; + struct iovec iov = { + .iov_base = &dummy, + .iov_len = sizeof(dummy), + }; struct msghdr msg = { .msg_name = src, .msg_namelen = sizeof(*src), + .msg_iov = &iov, + .msg_iovlen = 1, .msg_control = cmsg, .msg_controllen = sizeof(cmsg), }; -- 2.52.0
-- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson
participants (2)
-
David Gibson
-
Jon Maloy