New Defects reported by Coverity Scan for libvirt
by scan-admin@coverity.com
Hi,
Please find the latest report on new defect(s) introduced to libvirt found with Coverity Scan.
8 new defect(s) introduced to libvirt found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 8 of 8 defect(s)
** CID 478105: Resource leaks (RESOURCE_LEAK)
/src/qemu/qemu_fd.c: 150 in qemuFDPassNewFromMonitor()
________________________________________________________________________________________________________
*** CID 478105: Resource leaks (RESOURCE_LEAK)
/src/qemu/qemu_fd.c: 150 in qemuFDPassNewFromMonitor()
144
145 for (j = 0; j < fdset.nfds; j++) {
146 qemuMonitorFdsetFdInfo fdinfo = fdset.fds[j];
147
148 VIR_DEBUG("fdinfo opaque = %s", fdinfo.opaque);
149 if (STRPREFIX(prefix, fdinfo.opaque)) {
>>> CID 478105: Resource leaks (RESOURCE_LEAK)
>>> Overwriting "fdpass" in "fdpass = (qemuFDPass *)({...; __p;})" leaks the storage that "fdpass" points to.
150 fdpass = g_new0(qemuFDPass, 1);
151
152 fdpass->fdSetID = fdset.id;
153 fdpass->prefix = g_strdup(prefix);
154 fdpass->path = g_strdup_printf("/dev/fdset/%u", fdset.id);
155 fdpass->passed = true;
** CID 478104: Memory - illegal accesses (USE_AFTER_FREE)
/src/rpc/virnetdaemon.c: 967 in virNetDaemonStop()
________________________________________________________________________________________________________
*** CID 478104: Memory - illegal accesses (USE_AFTER_FREE)
/src/rpc/virnetdaemon.c: 967 in virNetDaemonStop()
961 dmn->stateStopThread = g_new0(virThread, 1);
962
963 if (virThreadCreateFull(dmn->stateStopThread, false,
964 virNetDaemonStopWorker,
965 "daemon-stop", false, dmn) < 0) {
966 virObjectUnref(dmn);
>>> CID 478104: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "dmn".
967 g_clear_pointer(&dmn->stateStopThread, g_free);
968 return;
969 }
970 }
971
972
** CID 478103: Program hangs (NEGATIVE_RETURNS)
/src/hypervisor/domain_driver.c: 950 in virDomainDriverAutoShutdown()
________________________________________________________________________________________________________
*** CID 478103: Program hangs (NEGATIVE_RETURNS)
/src/hypervisor/domain_driver.c: 950 in virDomainDriverAutoShutdown()
944 /* Anything non-NULL in this list indicates none of
945 * the configured ations were successful in processing
946 * the domain. There's not much we can do about that
947 * as the host is powering off, logging at least lets
948 * admins know
949 */
>>> CID 478103: Program hangs (NEGATIVE_RETURNS)
>>> Using unsigned variable "numDomains" in a loop exit condition.
950 for (i = 0; i < numDomains; i++) {
951 if (domains[i] == NULL)
952 continue;
953 VIR_WARN("auto-shutdown: domain '%s' not successfully shut off by any action",
954 domains[i]->name);
955 virObjectUnref(domains[i]);
956 }
957 VIR_FREE(domains);
958 }
** CID 478102: Performance inefficiencies (PASS_BY_VALUE)
/src/conf/domain_validate.c: 696 in virDomainDiskIoTuneValidate()
________________________________________________________________________________________________________
*** CID 478102: Performance inefficiencies (PASS_BY_VALUE)
/src/conf/domain_validate.c: 696 in virDomainDiskIoTuneValidate()
690
691 return 0;
692 }
693
694
695 static int
>>> CID 478102: Performance inefficiencies (PASS_BY_VALUE)
>>> Passing parameter blkdeviotune of type "virDomainBlockIoTuneInfo const" (size 160 bytes) by value, which exceeds the low threshold of 128 bytes.
696 virDomainDiskIoTuneValidate(const virDomainBlockIoTuneInfo blkdeviotune)
697 {
698 if ((blkdeviotune.total_bytes_sec &&
699 blkdeviotune.read_bytes_sec) ||
700 (blkdeviotune.total_bytes_sec &&
701 blkdeviotune.write_bytes_sec)) {
** CID 478101: Uninitialized variables (UNINIT)
/src/qemu/qemu_migration_params.c: 830 in qemuMigrationParamsForSave()
________________________________________________________________________________________________________
*** CID 478101: Uninitialized variables (UNINIT)
/src/qemu/qemu_migration_params.c: 830 in qemuMigrationParamsForSave()
824
825 if (params && virTypedParamsGetInt(params, nparams,
826 VIR_DOMAIN_SAVE_PARAM_PARALLEL_CHANNELS,
827 &nchannels) < 0)
828 return NULL;
829
>>> CID 478101: Uninitialized variables (UNINIT)
>>> Using uninitialized value "nchannels".
830 if (nchannels < 1) {
831 virReportError(VIR_ERR_INVALID_ARG, "%s",
832 _("number of parallel save channels cannot be less than 1"));
833 return NULL;
834 }
835
** CID 478100: Resource leaks (RESOURCE_LEAK)
/src/qemu/qemu_monitor_json.c: 4717 in qemuMonitorMakeThrottleGroupLimits()
________________________________________________________________________________________________________
*** CID 478100: Resource leaks (RESOURCE_LEAK)
/src/qemu/qemu_monitor_json.c: 4717 in qemuMonitorMakeThrottleGroupLimits()
4711 "P:iops-total-max-length", group->total_iops_sec_max_length,
4712 "P:iops-read-max-length", group->read_iops_sec_max_length,
4713 "P:iops-write-max-length", group->write_iops_sec_max_length,
4714 NULL) < 0)
4715 return -1;
4716
>>> CID 478100: Resource leaks (RESOURCE_LEAK)
>>> Returning without freeing "limits" leaks the storage that it points to.
4717 return 0;
4718 }
4719
4720
4721 int
4722 qemuMonitorJSONUpdateThrottleGroup(qemuMonitor *mon,
** CID 478099: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 478099: Memory - illegal accesses (USE_AFTER_FREE)
/src/admin/admin_server_dispatch.c: 486 in adminConnectDaemonShutdown()
480 {
481 virCheckFlags(VIR_DAEMON_SHUTDOWN_PRESERVE, -1);
482
483 if (flags & VIR_DAEMON_SHUTDOWN_PRESERVE)
484 virNetDaemonStop(dmn);
485
>>> CID 478099: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "virNetDaemonQuit" dereferences freed pointer "dmn".
486 virNetDaemonQuit(dmn);
487
488 return 0;
489 }
490
491 static int
** CID 478098: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 478098: Memory - illegal accesses (USE_AFTER_FREE)
/src/remote/remote_daemon.c: 531 in handleSessionMessageFunc()
525 VIR_DEBUG("dmn=%p", dmn);
526
527 if (virGDBusMessageIsSignal(message,
528 "org.freedesktop.DBus.Local",
529 "Disconnected")) {
530 virNetDaemonStop(dmn);
>>> CID 478098: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "virNetDaemonQuit" dereferences freed pointer "dmn".
531 virNetDaemonQuit(dmn);
532 }
533
534 return message;
535 }
536
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/libvirt?tab=overview
