On Sun, Jun 07, 2026 at 08:50:26PM -0400, Jon Maloy wrote: > udp_peek_addr() initialises struct msghdr without setting msg_iov, > leaving it implicitly NULL. Coverity flags this as FORWARD_NULL, > believing recvmsg() will dereference the NULL pointer. > > In practice, msg_iovlen being zero means the kernel never touches > msg_iov, so the warning is a false positive. We now provide a > one-byte dummy iov to make msg_iov non-NULL, hence suppressing this > warning without changing the function's behaviour. > > Signed-off-by: Jon Maloy Following on from our discussion yesterday. Although this is based on my suggestion, I'm now inclined to believe v1 is marginally less ugly. Fwiw, I double checked the code and can now confirm that this is only called for packets arriving on a "listening" socket, rather than a flow-specific socket. Typically that will only be once, or at worst a handful of times, per flow. > > ---- > v2: - Make the dummy iov conditional on an ANALYZER macro, so it has > zero runtime cost in production builds. > - Add a new 'analyzer' Makefile target (similar to 'valgrind') > that defines ANALYZER via CPPFLAGS for use with static analysis > builds. > --- > Makefile | 3 +++ > udp.c | 11 +++++++++++ > 2 files changed, 14 insertions(+) > > diff --git a/Makefile b/Makefile > index 0a0a60b0..4dcf4cd1 100644 > --- a/Makefile > +++ b/Makefile > @@ -122,6 +122,9 @@ passt-repair: $(PASST_REPAIR_SRCS) $(PASST_REPAIR_HEADERS) seccomp_repair.h > pesto: BASE_CPPFLAGS += -DPESTO > pesto: $(PESTO_SRCS) $(PESTO_HEADERS) seccomp_pesto.h > > +analyzer: BASE_CPPFLAGS += -DANALYZER > +analyzer: all > + > valgrind: EXTRA_SYSCALLS += rt_sigprocmask rt_sigtimedwait rt_sigaction \ > rt_sigreturn getpid gettid kill clock_gettime \ > mmap|mmap2 munmap open unlink gettimeofday futex \ > diff --git a/udp.c b/udp.c > index c28d6ee2..36c8c070 100644 > --- a/udp.c > +++ b/udp.c > @@ -734,9 +734,20 @@ static int udp_peek_addr(int s, union sockaddr_inany *src, > { > char sastr[SOCKADDR_STRLEN], dstr[INANY_ADDRSTRLEN]; > char cmsg[PKTINFO_SPACE]; > +#ifdef ANALYZER > + char dummy; > + struct iovec iov = { > + .iov_base = &dummy, > + .iov_len = sizeof(dummy), > + }; > +#endif /* ANALYZER */ > struct msghdr msg = { > .msg_name = src, > .msg_namelen = sizeof(*src), > +#ifdef ANALYZER > + .msg_iov = &iov, > + .msg_iovlen = 1, > +#endif /* ANALYZER */ > .msg_control = cmsg, > .msg_controllen = sizeof(cmsg), > }; > -- > 2.52.0 > > -- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson