rec: fix time_t truncation warnings from coverity by annotating them.

Mostly they are due to DNS using 32-bit timestamps.
PowerDNS · Nov 20, 2023 · 8f67f0c · 8f67f0c
1 parent 7b3d7a5
commit 8f67f0c
Show file tree

Hide file tree

Showing 11 changed files with 16 additions and 1 deletion.
diff --git a/pdns/axfr-retriever.cc b/pdns/axfr-retriever.cc
@@ -175,7 +175,8 @@ void AXFRRetriever::timeoutReadn(uint16_t bytes, uint16_t timeoutsec)
   int n=0;
   int numread;
   while(n<bytes) {
-    int res=waitForData(d_sock, timeoutsec-(time(nullptr)-start));
+    // coverity[store_truncates_time_t]
+    int res=waitForData(d_sock, timeoutsec - (time(nullptr) - start));
     if(res<0)
       throw ResolverException("Reading data from remote nameserver over TCP: "+stringerror());
     if(!res)

diff --git a/pdns/ixfr.cc b/pdns/ixfr.cc
@@ -185,6 +185,7 @@ vector<pair<vector<DNSRecord>, vector<DNSRecord>>> getIXFRDeltas(const ComboAddr
   s.connect(primary, xfrTimeout);
 
   time_t elapsed = timeoutChecker();
+  // coverity[store_truncates_time_t]
   s.writenWithTimeout(msg.data(), msg.size(), xfrTimeout - elapsed);
 
   // CURRENT PRIMARY SOA

diff --git a/pdns/recursordist/aggressive_nsec.cc b/pdns/recursordist/aggressive_nsec.cc
@@ -505,6 +505,7 @@ bool AggressiveNSECCache::synthesizeFromNSEC3Wildcard(time_t now, const DNSName&
 
   addToRRSet(now, wcSet, wcSignatures, name, doDNSSEC, ret, DNSResourceRecord::ANSWER);
   /* no need for closest encloser proof, the wildcard is there */
+  // coverity[store_truncates_time_t]
   addRecordToRRSet(nextCloser.d_owner, QType::NSEC3, nextCloser.d_ttd - now, nextCloser.d_record, nextCloser.d_signatures, doDNSSEC, ret);
   /* and of course we won't deny the wildcard either */
 
@@ -527,6 +528,7 @@ bool AggressiveNSECCache::synthesizeFromNSECWildcard(time_t now, const DNSName&
   }
 
   addToRRSet(now, wcSet, wcSignatures, name, doDNSSEC, ret, DNSResourceRecord::ANSWER);
+  // coverity[store_truncates_time_t]
   addRecordToRRSet(nsec.d_owner, QType::NSEC, nsec.d_ttd - now, nsec.d_record, nsec.d_signatures, doDNSSEC, ret);
 
   VLOG(log, name << ": Synthesized valid answer from NSECs and wildcard!" << endl);
@@ -752,6 +754,7 @@ bool AggressiveNSECCache::getNSEC3Denial(time_t now, std::shared_ptr<LockGuarded
     addRecordToRRSet(nextCloserEntry.d_owner, QType::NSEC3, nextCloserEntry.d_ttd - now, nextCloserEntry.d_record, nextCloserEntry.d_signatures, doDNSSEC, ret);
   }
   if (wcEntry.d_owner != closestNSEC3.d_owner && wcEntry.d_owner != nextCloserEntry.d_owner) {
+    // coverity[store_truncates_time_t]
     addRecordToRRSet(wcEntry.d_owner, QType::NSEC3, wcEntry.d_ttd - now, wcEntry.d_record, wcEntry.d_signatures, doDNSSEC, ret);
   }
 
@@ -884,6 +887,7 @@ bool AggressiveNSECCache::getDenial(time_t now, const DNSName& name, const QType
   addRecordToRRSet(entry.d_owner, QType::NSEC, entry.d_ttd - now, entry.d_record, entry.d_signatures, doDNSSEC, ret);
 
   if (needWildcard) {
+    // coverity[store_truncates_time_t]
     addRecordToRRSet(wcEntry.d_owner, QType::NSEC, wcEntry.d_ttd - now, wcEntry.d_record, wcEntry.d_signatures, doDNSSEC, ret);
   }
 

diff --git a/pdns/recursordist/rec-zonetocache.cc b/pdns/recursordist/rec-zonetocache.cc
@@ -152,6 +152,7 @@ pdns::ZoneMD::Result ZoneData::getByAXFR(const RecZoneToCache::Config& config, p
   time_t axfrStart = time(nullptr);
   time_t axfrNow = time(nullptr);
 
+  // coverity[store_truncates_time_t]
   while (axfr.getChunk(nop, &chunk, (axfrStart + axfrTimeout - axfrNow)) != 0) {
     for (auto& dnsRecord : chunk) {
       if (config.d_zonemd != pdns::ZoneMD::Config::Ignore) {

diff --git a/pdns/recursordist/rec_channel.cc b/pdns/recursordist/rec_channel.cc
@@ -159,6 +159,7 @@ static void waitForRead(int fd, unsigned int timeout, time_t start)
   if (elapsed >= timeout) {
     throw PDNSException("Timeout waiting for control channel data");
   }
+  // coverity[store_truncates_time_t]
   int ret = waitForData(fd, timeout - elapsed, 0);
   if (ret == 0) {
     throw PDNSException("Timeout waiting for control channel data");

diff --git a/pdns/recursordist/recpacketcache.cc b/pdns/recursordist/recpacketcache.cc
@@ -123,6 +123,7 @@ bool RecursorPacketCache::checkResponseMatches(MapCombo::LockedContent& shard, s
     }
 
     if (now < iter->d_ttd) { // it is right, it is fresh!
+      // coverity[store_truncates_time_t]
       *age = static_cast<uint32_t>(now - iter->d_creation);
       // we know ttl is > 0
       auto ttl = static_cast<uint32_t>(iter->d_ttd - now);

diff --git a/pdns/recursordist/recursor_cache.cc b/pdns/recursordist/recursor_cache.cc
@@ -606,6 +606,7 @@ void MemRecursorCache::replace(time_t now, const DNSName& qname, const QType qty
        prior to calling this function, so the TTL actually holds a TTD. */
     cacheEntry.d_ttd = min(maxTTD, static_cast<time_t>(record.d_ttl)); // XXX this does weird things if TTLs differ in the set
 
+    // coverity[store_truncates_time_t]
     cacheEntry.d_orig_ttl = cacheEntry.d_ttd - ttl_time;
     // Even though we record the time the ttd was computed, there still seems to be a case where the computed
     // d_orig_ttl can wrap.
@@ -707,6 +708,7 @@ bool MemRecursorCache::doAgeCache(time_t now, const DNSName& name, const QType q
     return false; // would be dead anyhow
   }
 
+  // coverity[store_truncates_time_t]
   auto maxTTL = static_cast<uint32_t>(cacheEntry.d_ttd - now);
   if (maxTTL > newTTL) {
     lockedShard->d_cachecachevalid = false;

diff --git a/pdns/recursordist/reczones-helpers.cc b/pdns/recursordist/reczones-helpers.cc
@@ -133,6 +133,7 @@ void putDefaultHintsIntoCache(time_t now, std::vector<DNSRecord>& nsvec)
   arr.d_type = QType::A;
   aaaarr.d_type = QType::AAAA;
   nsrr.d_type = QType::NS;
+  // coverity[store_truncates_time_t]
   arr.d_ttl = aaaarr.d_ttl = nsrr.d_ttl = now + 3600000;
 
   string templ = "a.root-servers.net.";

diff --git a/pdns/recursordist/rpzloader.cc b/pdns/recursordist/rpzloader.cc
@@ -217,6 +217,7 @@ static shared_ptr<const SOARecordContent> loadRPZFromServer(Logr::log_t plogger,
   time_t axfrStart = time(nullptr);
   time_t axfrNow = time(nullptr);
   shared_ptr<const SOARecordContent> sr;
+  // coverity[store_truncates_time_t]
   while (axfr.getChunk(nop, &chunk, (axfrStart + axfrTimeout - axfrNow))) {
     for (auto& dr : chunk) {
       if (dr.d_type == QType::NS || dr.d_type == QType::TSIG) {

diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc
@@ -3130,6 +3130,7 @@ static uint32_t getRRSIGTTL(const time_t now, const std::shared_ptr<const RRSIGR
 {
   uint32_t res = 0;
   if (now < rrsig->d_sigexpire) {
+    // coverity[store_truncates_time_t]
     res = static_cast<uint32_t>(rrsig->d_sigexpire) - now;
   }
   return res;

diff --git a/pdns/unix_utility.cc b/pdns/unix_utility.cc
@@ -274,6 +274,7 @@ time_t Utility::timegm(struct tm *const t)
 
   /* day is now the number of days since 'Jan 1 1970' */
   i = 7;
+  // coverity[store_truncates_time_t]
   t->tm_wday = (day + 4) % i;                        /* Sunday=0, Monday=1, ..., Saturday=6 */
 
   i = 24;
-Original file line number
+Diff line change
@@ Expand Up / @@ -274,6 +274,7 @@ time_t Utility::timegm(struct tm *const t) @@
       /* day is now the number of days since 'Jan 1 1970' */
       i = 7;
+      // coverity[store_truncates_time_t]
       t->tm_wday = (day + 4) % i;                        /* Sunday=0, Monday=1, ..., Saturday=6 */
       i = 24;
@@ Expand Down @@