Fix Coverity static analysis warnings#4920
Merged
Conversation
Address static analysis findings from Coverity Scan: - UNINIT (CID 1645659/58/56/55/52/49/48/45/41): Zero-initialize chal_param in all pjsip_auth_clt_async_impl_on_challenge() callers so user_data field is not left uninitialized. - LOCK_EVASION (CID 1654278): Move opus codec output frame writes before mutex unlock in codec_decode() for consistency with other return paths. - NO_EFFECT (CID 1654265): Use #if preprocessor guard instead of runtime check for PJ_SSL_SEND_OP_ACTIVE_MAX, eliminating tautology when the macro is 0 (default). - SLEEP (CID 1654159): Release mutex before pj_ioqueue_unregister() in ioqueue unregister test callback. - TAINTED_SCALAR (CID 1654788): Cap decoded payload length against buffer size in websock_test server_decode_frame(). - TAINTED_SCALAR (CID 1239025): Add explicit payload_len bound check in websock decode_frame_header() for static analysis. - CHECKED_RETURN (CID 1645787/86/85/84): Check pjlib_util_init() and pjnath_init() return values in sample apps and pjturn-srv. Co-Authored-By: Claude Code
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses multiple Coverity static analysis findings across the SIP stack, media codec, SSL socket code, WebSocket framing, tests, and sample applications to improve correctness and avoid flagged patterns.
Changes:
- Zero-initialize
pjsip_auth_clt_async_on_chal_paramat async-auth challenge call sites to avoid copying uninitialized fields. - Adjust locking/order-of-operations to avoid Coverity concurrency findings (Opus decode output writes; ioqueue unregister callback).
- Add bounds checks / preprocessor guards and improve return-value handling in select utilities, tests, and sample apps.
Reviewed changes
Copilot reviewed 15 out of 15 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| pjsip/src/pjsua-lib/pjsua_im.c | Zero-initialize async auth challenge param in IM callbacks. |
| pjsip/src/pjsip/sip_dialog.c | Zero-initialize async auth challenge param in dialog response handler. |
| pjsip/src/pjsip-ua/sip_reg.c | Zero-initialize async auth challenge param in regc transaction callback. |
| pjsip/src/pjsip-ua/sip_inv.c | Zero-initialize async auth challenge param across INVITE-related challenge handlers. |
| pjsip/src/pjsip-simple/publishc.c | Zero-initialize async auth challenge param in PUBLISH client handler. |
| pjsip/src/pjsip-simple/evsub.c | Zero-initialize async auth challenge param in event subscription handlers. |
| pjsip-apps/src/samples/strerror.c | Changes handling of init return values (currently explicitly ignored). |
| pjsip-apps/src/samples/httpdemo.c | Check pj_init() and pjlib_util_init() return values. |
| pjsip-apps/src/samples/clidemo.c | Check pj_init() and pjlib_util_init() return values. |
| pjnath/src/pjturn-srv/main.c | Check pjlib_util_init() / pjnath_init() return values. |
| pjmedia/src/pjmedia-codec/opus.c | Write to output before unlocking mutex on the “buffer first packet” path. |
| pjlib/src/pjlib-test/ioq_unreg.c | Unlock mutex before calling pj_ioqueue_unregister() in callback. |
| pjlib/src/pj/ssl_sock_imp_common.c | Replace tautological runtime check with #if PJ_SSL_SEND_OP_ACTIVE_MAX > 0. |
| pjlib-util/src/pjlib-util/websock.c | Add explicit payload length cap check in frame decode helper. |
| pjlib-util/src/pjlib-util-test/websock_test.c | Add explicit payload length cap in test frame decoder. |
sauwming
approved these changes
Apr 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Address multiple Coverity Scan findings across pjlib, pjlib-util, pjmedia, pjnath, and pjsip:
chal_paramstruct in allpjsip_auth_clt_async_impl_on_challenge()call sites souser_datais not left uninitializedoutputframe writes before mutex unlock incodec_decode(), consistent with other return paths#ifpreprocessor guard forPJ_SSL_SEND_OP_ACTIVE_MAXcheck, eliminating unsigned->=0 tautology at default valuepj_ioqueue_unregister()in ioqueue unregister test callback to avoid potential blocking under lockpjlib_util_init()/pjnath_init()return values in sample apps and pjturn-srv. Instrerror.c, return values are cast to(void)instead — this sample intentionally continues on partial init failure since its purpose is translating error codes and partial initialization still covers other error ranges.Not addressed (false positives)
unique_ptr<TestAccount>correctly manages Account lifetime via RAII destructorudpis always non-NULL at dereference point; null check at cleanup is defensive for goto patternTest plan
Co-Authored-By: Claude Code