ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2024-03-05T12:09:30Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/3270Perfmon UT MonitoredDuration.addSampleAndClear fails on MacOS2024-03-05T12:09:30ZThomas MarkwalderPerfmon UT MonitoredDuration.addSampleAndClear fails on MacOSAs @fdupont cited during 2.5.6 sanity checks, the UT fails on MacOS, see comment:
https://gitlab.isc.org/isc-projects/kea/-/issues/3265#note_440479
The test is too timing sensitive.As @fdupont cited during 2.5.6 sanity checks, the UT fails on MacOS, see comment:
https://gitlab.isc.org/isc-projects/kea/-/issues/3265#note_440479
The test is too timing sensitive.kea2.5.7Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/3267some option headers are missing in libkea dhcp include HEADERS2024-03-21T16:16:53ZPiotrek Zadrogasome option headers are missing in libkea dhcp include HEADERSSome options' headers are missing in `libkea_dhcp___include_HEADERS` in `src/lib/dhcp/Makefile.am`.
This results in those header missing in `isc-kea-dev` packages or under `include/kea/dhcp` path when kea built and installed from tarbal...Some options' headers are missing in `libkea_dhcp___include_HEADERS` in `src/lib/dhcp/Makefile.am`.
This results in those header missing in `isc-kea-dev` packages or under `include/kea/dhcp` path when kea built and installed from tarballs/sources.
Maybe this could be checked as part of release process?kea2.5.7Piotrek ZadrogaPiotrek Zadrogahttps://gitlab.isc.org/isc-projects/kea/-/issues/3266status-get command must return an HA relationship identifier2024-03-22T13:17:40ZMarcin Siodelskistatus-get command must return an HA relationship identifierWe now support the hub-and-spoke setup with multiple relationships in one server. The HA state can be retrieved using the `status-get` command. The problem is, though, that the `status-get` result lacks an association between returned lo...We now support the hub-and-spoke setup with multiple relationships in one server. The HA state can be retrieved using the `status-get` command. The problem is, though, that the `status-get` result lacks an association between returned local/remote entries and the configured relationships. It makes it nearly impossible to match the returned statuses with the relationships we maintain in the Stork database. The status-get response must return identifiers of the HA relationships to enable this matching.kea2.5.7Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/kea/-/issues/3262add RADIUS thread pool and make the RADIUS library MT-compatible2024-03-21T11:52:04ZAndrei Pavelandrei@isc.orgadd RADIUS thread pool and make the RADIUS library MT-compatibleRADIUS access is now asynchronous, but it is still single-threaded. To truly benefit from multi-threading, it needs its own thread pool.
There might also be some MT-specific races and bugs that need to be fixed. TBDRADIUS access is now asynchronous, but it is still single-threaded. To truly benefit from multi-threading, it needs its own thread pool.
There might also be some MT-specific races and bugs that need to be fixed. TBDkea2.5.7Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/3253Perfmon-Hook-Task-3 Implement MonitioredDurationStore and AlarmStore2024-03-18T21:40:45ZThomas MarkwalderPerfmon-Hook-Task-3 Implement MonitioredDurationStore and AlarmStoreComplete Hook Task 3: implement MonitioredDurationStore and AlarmStore classes. See
https://gitlab.isc.org/isc-projects/kea/-/wikis/Designs/performance-monitor#perfmon-hook-tasksComplete Hook Task 3: implement MonitioredDurationStore and AlarmStore classes. See
https://gitlab.isc.org/isc-projects/kea/-/wikis/Designs/performance-monitor#perfmon-hook-taskskea2.5.7Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/3249hammer supported-systems is broken2024-03-20T11:13:08ZTomek Mrugalskihammer supported-systems is brokenHammer used to be able to print a list of supported systems. Sadly, it doesn't work for me anymore.
```
$ ./hammer.py supported-systems
fedora:
- 2:
- 2:
- 2:
- 3:
- 3:
- 3:
- 3:
- 3:
- 3:
- 3:
- 3:
- ...Hammer used to be able to print a list of supported systems. Sadly, it doesn't work for me anymore.
```
$ ./hammer.py supported-systems
fedora:
- 2:
- 2:
- 2:
- 3:
- 3:
- 3:
- 3:
- 3:
- 3:
- 3:
- 3:
- 3:
centos:
Traceback (most recent call last):
File "/home/thomson/devel/kea/./hammer.py", line 3233, in <module>
main()
File "/home/thomson/devel/kea/./hammer.py", line 3190, in main
list_supported_systems()
File "/home/thomson/devel/kea/./hammer.py", line 2860, in list_supported_systems
for r, supported in revisions_and_supported:
ValueError: not enough values to unpack (expected 2, got 1)
```
I used `git bisect` to find out which commit caused that. It seems it's cafead21a91f4916f4a348c0674028b3ae9779e1.kea2.5.7Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/3190heap-use-after-free and invalid vptr on Mgrs after IOThreadPool IOService/oth...2024-03-13T12:10:37ZAndrei Pavelandrei@isc.orgheap-use-after-free and invalid vptr on Mgrs after IOThreadPool IOService/other-non-main-thread IOservice distructionReplication steps:
1. Start `kea-dhcp4` built with address sanitizer and UB sanitizer with this configuration:
```plaintext
{
"Dhcp4": {
"hooks-libraries": [
{
"library": "/opt/kea/lib/kea/hooks/li...Replication steps:
1. Start `kea-dhcp4` built with address sanitizer and UB sanitizer with this configuration:
```plaintext
{
"Dhcp4": {
"hooks-libraries": [
{
"library": "/opt/kea/lib/kea/hooks/libdhcp_ping_check.so",
"parameters": {
}
}
]
}
}
```
2. `kill -SIGINT $(pidof kea-dhcp4)` or `clrl-C` in the terminal.
3a. If Kea is built with code prior to merging of issue 3019, then you should observe this warning: https://gitlab.isc.org/isc-projects/kea/-/issues/3190#note_423820
3b. If Kea is built after merging of issue 3019, then you might observe a different warning:
```plaintext
INFO PING_CHECK_MGR_STOPPED channel operations have stopped
/usr/include/boost/asio/basic_deadline_timer.hpp:351:41: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
00 00 00 00 00 0d 00 00 00 00 00 00 a8 6d b5 51 38 7f 00 00 00 00 00 00 00 00 00 00 10 5e 05 00
^~~~~~~~~~~~~~~~~~~~~~~
invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/basic_deadline_timer.hpp:351:41 in
/usr/include/boost/asio/detail/io_object_impl.hpp:97:15: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
00 00 00 00 00 0d 00 00 00 00 00 00 a8 6d b5 51 38 7f 00 00 00 00 00 00 00 00 00 00 10 5e 05 00
^~~~~~~~~~~~~~~~~~~~~~~
invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/detail/io_object_impl.hpp:97:15 in
/usr/include/boost/asio/detail/deadline_timer_service.hpp:100:5: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
00 00 00 00 00 0d 00 00 00 00 00 00 a8 6d b5 51 38 7f 00 00 00 00 00 00 00 00 00 00 10 5e 05 00
^~~~~~~~~~~~~~~~~~~~~~~
invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/detail/deadline_timer_service.hpp:100:5 in
INFO PING_CHECK_UNLOAD Ping Check hooks library has been unloaded
```kea2.5.7Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/3079Process: Fix issues reported by dependabot2024-03-22T13:55:21ZTomek MrugalskiProcess: Fix issues reported by dependabot[Dependabot on github](https://github.com/isc-projects/kea/security/dependabot) reports 4 issues and complains that updates are disabled, because previous reports were not addressed.
![Screenshot_from_2023-09-21_11-34-35](/uploads/d6025...[Dependabot on github](https://github.com/isc-projects/kea/security/dependabot) reports 4 issues and complains that updates are disabled, because previous reports were not addressed.
![Screenshot_from_2023-09-21_11-34-35](/uploads/d602529e436a9edff8387c2c120a0e2c/Screenshot_from_2023-09-21_11-34-35.png)
The goal is to:
- [ ] update the dependencies
- [ ] make sure the PRs on github are resolved
- [ ] make sure the dependabot updates are no longer pausedkea2.5.7Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/2692Hook service must start before the first packet.2024-03-22T14:46:14ZFrancis DupontHook service must start before the first packet.We have a general issue with hooks starting services by a post to the server IO service as this is IO service is polled so the services started after the first packet processing.
I suggest to add a poll at the end of loadConfigFile in c...We have a general issue with hooks starting services by a post to the server IO service as this is IO service is polled so the services started after the first packet processing.
I suggest to add a poll at the end of loadConfigFile in ctrl_dhcp[46]_srv.cc to catch late issues e.g. bad configuration detected when the service is launched.
Hooks using deferred start: HA, LQ and soon RADIUS.kea2.5.7Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/4649All TSAN-enabled builds fail in AWS-based GitLab CI jobs2024-03-25T13:45:40ZMichał KępieńAll TSAN-enabled builds fail in AWS-based GitLab CI jobs[Yesterday's mass-rebuild of Docker images][1] caused some update to be
pulled into `tsan-fedora-39-amd64` that does not play nicely with AWS
hosts because all TSAN-enabled builds now fail with an error message
like:
FATAL: ThreadSa...[Yesterday's mass-rebuild of Docker images][1] caused some update to be
pulled into `tsan-fedora-39-amd64` that does not play nicely with AWS
hosts because all TSAN-enabled builds now fail with an error message
like:
FATAL: ThreadSanitizer: unexpected memory mapping 0x7d00e0772000-0x7d00e0c00000
While it is not clear what exactly happened, here are two jobs that were
run in CI for the same commit:
- [2024-03-20 14:24, passed][2]
- [2024-03-20 16:41, failed][3]
The refreshed TSAN image was pushed to the container registry at 15:13.
The TSAN builds seemingly still work fine with the refreshed TSAN image
on our bare metal runners, which use older kernels. This is consistent
with similar reports found online:
https://stackoverflow.com/questions/77850769/fatal-threadsanitizer-unexpected-memory-mapping-when-running-on-linux-kernels
The simplest course of action is to apply the workaround mentioned in
the StackOverflow post above (`sysctl vm.mmap_rnd_bits=28`) and remove
it once the issue resolves itself as kernels and packages get updated
over time.
[1]: https://gitlab.isc.org/isc-projects/images/-/pipelines/168133
[2]: https://gitlab.isc.org/isc-projects/bind9/-/jobs/4142725
[3]: https://gitlab.isc.org/isc-projects/bind9/-/jobs/4143237April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4646CID 488065: Null pointer dereferences (REVERSE_INULL)2024-03-19T22:41:36ZMichal NowakCID 488065: Null pointer dereferences (REVERSE_INULL)Coverity Scan claims the following issue:
```c
/lib/dns/qpzone.c: 4805 in addrdataset()
4799 newheader->ttl = rdataset->ttl;
4800 if (rdataset->ttl == 0U) {
4801 DNS_SLABHEADER_SETATTR(newheader, DNS_SLABHEADERATTR_ZEROT...Coverity Scan claims the following issue:
```c
/lib/dns/qpzone.c: 4805 in addrdataset()
4799 newheader->ttl = rdataset->ttl;
4800 if (rdataset->ttl == 0U) {
4801 DNS_SLABHEADER_SETATTR(newheader, DNS_SLABHEADERATTR_ZEROTTL);
4802 }
4803 atomic_init(&newheader->count,
4804 atomic_fetch_add_relaxed(&init_count, 1));
>>> CID 488065: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "version" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
4805 if (version != NULL) {
4806 newheader->serial = version->serial;
4807
4808 if ((rdataset->attributes & DNS_RDATASETATTR_RESIGN) != 0) {
4809 DNS_SLABHEADER_SETATTR(newheader,
4810 DNS_SLABHEADERATTR_RESIGN);
```April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)https://gitlab.isc.org/isc-projects/bind9/-/issues/4645CID 488064: Passing null pointer "version" to "maybe_update_recordsandsize", ...2024-03-19T22:41:36ZMichal NowakCID 488064: Passing null pointer "version" to "maybe_update_recordsandsize", which dereferences itCoverity Scan claims the following issues:
```
/lib/dns/qpzone.c: 1994 in add()
1988 newheader->down = topheader;
1989 topheader->next = newheader;
1990 node->dirty = 1;
1991 if (changed != NULL) {
1992 ...Coverity Scan claims the following issues:
```
/lib/dns/qpzone.c: 1994 in add()
1988 newheader->down = topheader;
1989 topheader->next = newheader;
1990 node->dirty = 1;
1991 if (changed != NULL) {
1992 changed->dirty = true;
1993 }
>>> CID 488064: (FORWARD_NULL)
>>> Passing null pointer "version" to "maybe_update_recordsandsize", which dereferences it.
1994 maybe_update_recordsandsize(false, version, header,
1995 nodename->length);
1996 }
1997 } else {
1998 /*
1999 * No non-IGNORED rdatasets of the given type exist at
/lib/dns/qpzone.c: 1972 in add()
1966 if (topheader_prev != NULL) {
1967 topheader_prev->next = newheader;
1968 } else {
1969 node->data = newheader;
1970 }
1971 newheader->next = topheader->next;
>>> CID 488064: (FORWARD_NULL)
>>> Passing null pointer "version" to "maybe_update_recordsandsize", which dereferences it.
1972 maybe_update_recordsandsize(false, version, header,
1973 nodename->length);
1974 dns_slabheader_destroy(&header);
1975 } else {
1976 idx = HEADERNODE(newheader)->locknum;
1977 if (RESIGN(newheader)) {
/lib/dns/qpzone.c: 1979 in add()
1973 nodename->length);
1974 dns_slabheader_destroy(&header);
1975 } else {
1976 idx = HEADERNODE(newheader)->locknum;
1977 if (RESIGN(newheader)) {
1978 resigninsert(qpdb, idx, newheader);
>>> CID 488064: (FORWARD_NULL)
>>> Passing null pointer "version" to "resigndelete", which dereferences it.
1979 resigndelete(qpdb, version,
1980 header DNS__DB_FLARG_PASS);
1981 }
1982 if (topheader_prev != NULL) {
1983 topheader_prev->next = newheader;
1984 } else {
/lib/dns/qpzone.c: 2061 in add()
2055 newheader->next = node->data;
2056 node->data = newheader;
2057 }
2058 }
2059 }
2060
>>> CID 488064: (FORWARD_NULL)
>>> Passing null pointer "version" to "maybe_update_recordsandsize", which dereferences it.
2061 maybe_update_recordsandsize(true, version, newheader, nodename->length);
2062
2063 /*
2064 * Check if the node now contains CNAME and other data.
2065 */
2066 if (version != NULL && cname_and_other(node, version->serial)) {
```April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)https://gitlab.isc.org/isc-projects/bind9/-/issues/4641dig +ednsflags does not re-enable EDNS2024-03-17T03:12:44ZMark Andrewsdig +ednsflags does not re-enable EDNS+dnssec, +nsid re-enable EDNS if currently disabled. +ednsflags should do the same+dnssec, +nsid re-enable EDNS if currently disabled. +ednsflags should do the sameApril 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)https://gitlab.isc.org/isc-projects/bind9/-/issues/4640Checkzone in system test leaks queries2024-03-21T02:40:22ZMark AndrewsCheckzone in system test leaks queriesThe checkzone "checking with max ttl (text)" test leaks queries.The checkzone "checking with max ttl (text)" test leaks queries.April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)https://gitlab.isc.org/isc-projects/bind9/-/issues/4639Add OpenSSL Flags to proxystream_test2024-03-14T23:42:27ZSamuel ChiangAdd OpenSSL Flags to proxystream_testproxystream_test does not seem to have OpenSSL Flags defined, which causes issues if OpenSSL is not within the standard path. Adding this adheres to the other test executables that are dependent on OpenSSL in this file. I have a patch pr...proxystream_test does not seem to have OpenSSL Flags defined, which causes issues if OpenSSL is not within the standard path. Adding this adheres to the other test executables that are dependent on OpenSSL in this file. I have a patch provided below :smile:
```
diff --git a/tests/isc/Makefile.am b/tests/isc/Makefile.am
index 5cdd915..6ee1935 100644
--- a/tests/isc/Makefile.am
+++ b/tests/isc/Makefile.am
@@ -115,10 +115,12 @@ proxyheader_test_SOURCES = \
proxyheader_test_data.h
proxystream_test_CPPFLAGS = \
- $(AM_CPPFLAGS)
+ $(AM_CPPFLAGS) \
+ $(OPENSSL_CFLAGS)
proxystream_test_LDADD = \
- $(LDADD)
+ $(LDADD) \
+ $(OPENSSL_LIBS)
proxystream_test_SOURCES = \
proxystream_test.c \
```April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)https://gitlab.isc.org/isc-projects/bind9/-/issues/4633Undefined behaviour in rdataslab.c2024-03-21T12:20:05ZMark AndrewsUndefined behaviour in rdataslab.cmemmove can be called with a NULL source pointer if the rdata length is zero. This is triggers undefined behaviour.memmove can be called with a NULL source pointer if the rdata length is zero. This is triggers undefined behaviour.April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)https://gitlab.isc.org/isc-projects/bind9/-/issues/4632Intermittent hang in dns__db_findnode() during RPZ-enabled "stress" test2024-03-28T11:26:58ZMichał KępieńIntermittent hang in dns__db_findnode() during RPZ-enabled "stress" test`named` seemingly hung during an RPZ-enabled "stress" test job:
https://gitlab.isc.org/isc-private/bind9/-/jobs/4115448
The same job passed fine in the scheduled pipeline that was run last
night (for the same code - only documentation ...`named` seemingly hung during an RPZ-enabled "stress" test job:
https://gitlab.isc.org/isc-private/bind9/-/jobs/4115448
The same job passed fine in the scheduled pipeline that was run last
night (for the same code - only documentation differs):
https://gitlab.isc.org/isc-projects/bind9/-/jobs/4114341
Artifacts were retained for the failed job.
```
2024-03-12:09:46:32 ERROR: Core dump file /builds/isc-private/bind9/output/ns4/core.24295 found
Core was generated by `/builds/isc-private/bind9/.local/usr/local/sbin/named -f -c ./named.conf'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007ff920ee4107 in read_indicator_wait_until_empty (rwl=rwl@entry=0x7ff91f859658) at rwlock.c:225
225 if (read_indicator_isempty(rwl)) {
[Current thread is 1 (Thread 0x7ff91fc75600 (LWP 24295))]
#0 0x00007ff920ee4107 in read_indicator_wait_until_empty (rwl=rwl@entry=0x7ff91f859658) at rwlock.c:225
#1 0x00007ff920ee4355 in isc_rwlock_wrlock (rwl=rwl@entry=0x7ff91f859658) at rwlock.c:246
#2 0x00007ff920cdf797 in findnode (db=0x7ff91f859500, name=0x7ff91edf0400, create=<optimized out>, nodep=0x7fffc0aa4f58) at qpcache.c:2901
#3 0x00007ff920c4e924 in dns__db_findnode (db=<optimized out>, name=name@entry=0x7ff91edf0400, create=create@entry=true, nodep=nodep@entry=0x7fffc0aa4f58) at db.c:439
#4 0x00007ff920d41d31 in cache_name (fctx=fctx@entry=0x7ff8fa5eec00, name=0x7ff91edf0400, message=message@entry=0x7ff8f9f13c80, addrinfo=addrinfo@entry=0x7ff8f9f067f0, now=now@entry=1710232927) at resolver.c:5803
#5 0x00007ff920d4283d in cache_message (fctx=fctx@entry=0x7ff8fa5eec00, message=0x7ff8f9f13c80, addrinfo=0x7ff8f9f067f0, now=1710232927) at resolver.c:6223
#6 0x00007ff920d4caa2 in resquery_response (eresult=<optimized out>, region=0x7fffc0aa5470, arg=0x7ff8fa2c1000) at resolver.c:7625
#7 0x00007ff920c55e6f in udp_recv (handle=0x7ff8f9d30000, eresult=<optimized out>, region=0x7fffc0aa5470, arg=<optimized out>) at dispatch.c:619
#8 0x00007ff920ea6349 in isc___nm_readcb (arg=<optimized out>) at netmgr/netmgr.c:1856
#9 0x00007ff920ea641b in isc__nm_readcb (sock=sock@entry=0x7ff8fa58e500, uvreq=uvreq@entry=0x7ff8fa539200, eresult=eresult@entry=ISC_R_SUCCESS, async=async@entry=false) at netmgr/netmgr.c:1871
#10 0x00007ff920eb7b40 in isc__nm_udp_read_cb (handle=<optimized out>, nrecv=244, buf=0x7fffc0aa5540, addr=0x7fffc0aa5590, flags=0) at netmgr/udp.c:589
#11 0x00007ff9205bb72a in uv__udp_recvmsg (handle=0x7ff8fa58e7c0) at /usr/src/libuv-v1.48.0/src/unix/udp.c:267
#12 0x00007ff9205bb022 in uv__udp_io (loop=0x7ff91f837020, w=0x7ff8fa58e840, revents=1) at /usr/src/libuv-v1.48.0/src/unix/udp.c:142
#13 0x00007ff9205c0e70 in uv__io_poll (loop=0x7ff91f837020, timeout=612) at /usr/src/libuv-v1.48.0/src/unix/linux.c:1528
#14 0x00007ff9205a5fa4 in uv_run (loop=0x7ff91f837020, mode=UV_RUN_DEFAULT) at /usr/src/libuv-v1.48.0/src/unix/core.c:448
#15 0x00007ff920ecc52d in loop_thread (arg=arg@entry=0x7ff91f837000) at loop.c:284
#16 0x00007ff920edd775 in thread_body (wrap=0x7ff91f8d8380) at thread.c:85
#17 0x00007ff920edd7ef in isc_thread_main (func=func@entry=0x7ff920ecc4a2 <loop_thread>, arg=0x7ff91f837000) at thread.c:116
#18 0x00007ff920ecd204 in isc_loopmgr_run (loopmgr=0x7ff91f80ea80) at loop.c:456
#19 0x0000000000425250 in main (argc=<optimized out>, argv=<optimized out>) at main.c:1574
```April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)https://gitlab.isc.org/isc-projects/bind9/-/issues/4631CID 487884: Dead code in lib/dns/qpcache.c2024-03-14T11:50:20ZMichal NowakCID 487884: Dead code in lib/dns/qpcache.cCoverity Scan claims two instances of dead code in `lib/dns/qpcache.c`:
```c
/lib/dns/qpcache.c: 3459 in add()
3453 }
3454 newheader->next = topheader->next;
3455 newheader->down = topheader;
3456 topheader->...Coverity Scan claims two instances of dead code in `lib/dns/qpcache.c`:
```c
/lib/dns/qpcache.c: 3459 in add()
3453 }
3454 newheader->next = topheader->next;
3455 newheader->down = topheader;
3456 topheader->next = newheader;
3457 qpnode->dirty = 1;
3458 if (changed != NULL) {
>>> CID 487884: (DEADCODE)
>>> Execution cannot reach this statement: "changed->dirty = true;".
3459 changed->dirty = true;
3460 }
3461 } else {
3462 /*
3463 * No rdatasets of the given type exist at the node.
3464 */
```
```c
/lib/dns/qpcache.c: 3409 in add()
3403 }
3404 newheader->next = topheader->next;
3405 newheader->down = topheader;
3406 topheader->next = newheader;
3407 qpnode->dirty = 1;
3408 if (changed != NULL) {
>>> CID 487884: (DEADCODE)
>>> Execution cannot reach this statement: "changed->dirty = true;".
3409 changed->dirty = true;
3410 }
3411 mark_ancient(header);
3412 if (sigheader != NULL) {
3413 mark_ancient(sigheader);
3414 }
```April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)https://gitlab.isc.org/isc-projects/bind9/-/issues/4630CID 487883: Null pointer dereference in lib/dns/qpzone.c2024-03-14T00:31:50ZMichal NowakCID 487883: Null pointer dereference in lib/dns/qpzone.cCoverity Scan claims null pointer dereference in `lib/dns/qpzone.c`.
```c
/lib/dns/qpzone.c: 4935 in addrdataset()
4929
4930 /*
4931 * Update the zone's secure status. If version is non-NULL
4932 * this is deferre...Coverity Scan claims null pointer dereference in `lib/dns/qpzone.c`.
```c
/lib/dns/qpzone.c: 4935 in addrdataset()
4929
4930 /*
4931 * Update the zone's secure status. If version is non-NULL
4932 * this is deferred until closeversion() is called.
4933 */
4934 if (result == ISC_R_SUCCESS && version == NULL) {
>>> CID 487883: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "version" to "setsecure", which dereferences it.
4935 setsecure(db, version, qpdb->origin);
4936 }
4937
4938 return (result);
4939 }
4940
```April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)https://gitlab.isc.org/isc-projects/bind9/-/issues/4629CID 487882: Error handling issues in lib/dns/qpzone.c2024-03-14T14:12:59ZMichal NowakCID 487882: Error handling issues in lib/dns/qpzone.cCoverity Scan claims we should consider checking the return value of `dns_qpiter_next()` in `lib/dns/qpzone.c` as done elsewhere:
```c
/lib/dns/qpzone.c: 2804 in activeempty()
2798 * of the name we were searching for. Step the iter...Coverity Scan claims we should consider checking the return value of `dns_qpiter_next()` in `lib/dns/qpzone.c` as done elsewhere:
```c
/lib/dns/qpzone.c: 2804 in activeempty()
2798 * of the name we were searching for. Step the iterator
2799 * forward, then step() will continue forward until it
2800 * finds a node with active data. If that node is a
2801 * subdomain of the one we were looking for, then we're
2802 * at an active empty nonterminal node.
2803 */
>>> CID 487882: Error handling issues (CHECKED_RETURN)
>>> Calling "dns_qpiter_next" without checking return value (as is done elsewhere 26 out of 27 times).
2804 dns_qpiter_next(it, NULL, NULL, NULL);
2805 return (step(search, it, FORWARD, next) &&
2806 dns_name_issubdomain(next, current));
2807 }
2808
2809 static bool
```April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.org