Skip to content

Fix Coverity issues from async auth feature#4854

Merged
nanangizz merged 2 commits intomasterfrom
fix/coverity-async-auth
Mar 13, 2026
Merged

Fix Coverity issues from async auth feature#4854
nanangizz merged 2 commits intomasterfrom
fix/coverity-async-auth

Conversation

@nanangizz
Copy link
Member

@nanangizz nanangizz commented Mar 13, 2026

Summary

  • Fix Coverity static analysis issues introduced by the async SIP client authentication feature (Asynchronous SIP client authentication #4816)
  • Zero-initialize chal_param struct before use across 10 call sites to silence uninitialized user_data field warnings
  • Add return value checks for pjsip_endpt_create() and pjsip_tsx_layer_init_module() in test helper
  • Fix potential null pointer dereference in auth_async_test() cleanup path
  • Check pjsip_rx_data_clone() return value in pjsua_call_on_incoming() and reject the call with 500 on failure (previously a failed clone would silently skip the on_incoming_call callback)
  • Use std::move() for push_back in C++ test code

Coverity CIDs addressed

CID Type Fix
1645641, 1645645, 1645648, 1645649, 1645652, 1645655, 1645656, 1645658, 1645659 UNINIT pj_bzero(&chal_param, sizeof(chal_param))
1645646, 1645653, 1645657 CHECKED_RETURN / FORWARD_NULL Check return values in restore_endpt()
1645640 REVERSE_INULL Use goto on_return instead of early return
1645647 CHECKED_RETURN Check pjsip_rx_data_clone(), reject call on failure
1645651 COPY_INSTEAD_OF_MOVE std::move(cred)

Not addressed (false positives)

CID Type Reason
1645642, 1645643, 1645644, 1645650, 1645654 WRAPPER_ESCAPE unique_ptr<TestAccount> internal pointer escapes via acc->create() — intentional PJSUA2 account registration pattern in test code

Test plan

  • Build passes with zero warnings (make -j3)

Co-Authored-By: Claude Code

@nanangizz
Fix Coverity issues from async auth feature (#4816)
f09ca3a 
- Zero-initialize chal_param before use to fix uninitialized user_data
  field (CID 1645641, 1645645, 1645648, 1645649, 1645652, 1645655,
  1645656, 1645658, 1645659)
- Check pjsip_endpt_create/pjsip_tsx_layer_init_module return values
  in restore_endpt() (CID 1645646, 1645653, 1645657)
- Use goto on_return for UDP transport failure to fix null pointer
  dereference path (CID 1645640)
- Check pjsip_rx_data_clone return value and reject call on failure
  to prevent silent on_incoming_call skip (CID 1645647)
- Use std::move for push_back (CID 1645651)

Co-Authored-By: Claude Code
@nanangizz nanangizz added this to the release-2.17 milestone Mar 13, 2026
wosrediinanatour
wosrediinanatour reviewed Mar 13, 2026
View reviewed changes
pjsip/src/pjsua2-test/auth_challenge.cpp Outdated
if (with_creds) {
AuthCredInfo cred("digest", "*", TEST_USER, 0, "secret");
cfg.sipConfig.authCreds.push_back(cred);
cfg.sipConfig.authCreds.push_back(std::move(cred));
Copy link
Contributor

@wosrediinanatour wosrediinanatour Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't there a macro?

Copy link
Member Author

@nanangizz nanangizz Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch! Thanks for pointing it out.

@nanangizz nanangizz requested a review from sauwming March 13, 2026 08:35
@nanangizz nanangizz merged commit 8e0bcc6 into master Mar 13, 2026
57 of 60 checks passed
@nanangizz nanangizz deleted the fix/coverity-async-auth branch March 13, 2026 08:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sauwming sauwming sauwming approved these changes

+1 more reviewer

@wosrediinanatour wosrediinanatour wosrediinanatour left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

component: pjsip component: pjsua2 component: pjsua-lib component: unit-tests type: bug

Projects

None yet

Milestone

release-2.17

Development

Successfully merging this pull request may close these issues.

3 participants

@nanangizz @sauwming @wosrediinanatour