Hi,
Please find the latest report on new defect(s) introduced to libvirt found with Coverity Scan.
1 new defect(s) introduced to libvirt found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 469764: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 469764: Memory - corruptions (OVERRUN)
/src/util/virbitmap.c: 1198 in virBitmapShrink()
1192 return;
1193
1194 map->nbits = b;
1195 map->map_len = virBitmapBuffsize(b);
1196 map->map = g_renew(unsigned long, map->map, map->map_len);
1197 map->map_alloc = map->map_len;
>>> CID 469764: Memory - corruptions (OVERRUN)
>>> Calling "virBitmapClearTail" with "map->map" and "map->map_len" is suspicious because of the very large index, 288230376151711744. The index may be due to a negative parameter being interpreted as unsigned.
1198 virBitmapClearTail(map);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…
Hi,
Please find the latest report on new defect(s) introduced to libvirt found with Coverity Scan.
1 new defect(s) introduced to libvirt found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 469679: (OVERFLOW_BEFORE_WIDEN)
/src/qemu/qemu_chardev.c: 250 in qemuChardevGetBackendProps()
/src/qemu/qemu_chardev.c: 295 in qemuChardevGetBackendProps()
________________________________________________________________________________________________________
*** CID 469679: (OVERFLOW_BEFORE_WIDEN)
/src/qemu/qemu_chardev.c: 250 in qemuChardevGetBackendProps()
244 else if (chr->data.nix.reconnect.enabled == VIR_TRISTATE_BOOL_NO)
245 reconnect = 0;
246 }
247
248 if (reconnect != -1 &&
249 virQEMUCapsGet(qemuCaps, QEMU_CAPS_CHARDEV_RECONNECT_MILISECONDS)) {
>>> CID 469679: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "reconnect * 1000" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "long long" (64 bits, signed).
250 reconnect_ms = reconnect * 1000;
251 reconnect = -1;
252 }
253
254 if (virJSONValueObjectAdd(props,
255 "T:server", server,
/src/qemu/qemu_chardev.c: 295 in qemuChardevGetBackendProps()
289 reconnect = chr->data.tcp.reconnect.timeout;
290 else if (chr->data.tcp.reconnect.enabled == VIR_TRISTATE_BOOL_NO)
291 reconnect = 0;
292
293 if (reconnect != -1 &&
294 virQEMUCapsGet(qemuCaps, QEMU_CAPS_CHARDEV_RECONNECT_MILISECONDS)) {
>>> CID 469679: (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "reconnect * 1000" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "long long" (64 bits, signed).
295 reconnect_ms = reconnect * 1000;
296 reconnect = -1;
297 }
298
299 if (qemuChardevBackendAddSocketAddressInet(props, "addr",
300 commandline, NULL,
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2…
