Next message: mouss: "Re: virtual domain helo info"
Recently, Coverity has included Postfix in their open source
quality scan. Results will appear at http://www.coverity.com/
As some may know, Postfix has a lot of sanity checks in the code,
many of which test for conditions that never happen. The reason
these sanity checks exist is that they limit the possible damage
from programming error. Knowing that Postfix was going to be 10s
of thousands of lines of code (it is more than 80,000 now), I know
there were going to be errors in the code, and therefore I was
quite liberal with sanity checks throughout the source.
It is in two of these redundant sanity checks that Coverity found
errors:
1) When the address verification server reads a record from the
verify database, it executes a sanity check to reject records with
all zero time stamps. Such records are never written; the test
is there just in case something is broken, so that Postfix will
not blindly march on and create chaos. The test for all zero time
stamps was implemented incorrectly, because the code tested pointer
values instead of dereferencing the pointers and testing their
targets.
2) When the maildir delivery routine opens an output file it looks
up the file attributes via the file handle it just got. There is
a sanity check that detects if the attribute lookup fails, an error
that never happens. The code that handles the impossible error did
not close the output file. This would cause a virtual or local
delivery agent to waste up to 100 file descriptors. But for that
error to happen the system would have to be so sick that you would
have more serious problems than a file descriptor leak.
All in all, that's a pretty good score for Coverity: two bugs
in code that tries to catch errors that never happen.
Wietse
