12:28 a.m.
Hi,
Please find the latest report on new defect(s) introduced to libvirt found with Coverity
Scan.
3 new defect(s) introduced to libvirt found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build
analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 462802: Memory - corruptions (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 462802: Memory - corruptions (USE_AFTER_FREE)
/src/node_device/node_device_udev.c: 1537 in processNodeDeviceRemoveEvent()
1531 nodeDeviceDefResetMdevActiveConfig(def);
1532 } else {
1533 VIR_DEBUG("Removing device '%s' with sysfs path
'%s'",
1534 def->name, path);
1535 virNodeDeviceObjListRemove(driver_state->devs, obj);
1536 }
>> CID 462802: Memory - corruptions (USE_AFTER_FREE)
>> Calling "virNodeDeviceObjEndAPI" frees pointer "obj"
which has already been freed.
1537 virNodeDeviceObjEndAPI(&obj);
1538
1539 /* cannot check for mdev_types since they have already been removed */
1540 if (nodeDeviceUpdateMediatedDevices(driver_state) < 0)
1541 VIR_WARN("mdevctl failed to update mediated devices");
1542
** CID 462801: Resource leaks (RESOURCE_LEAK)
/src/node_device/node_device_udev.c: 190 in nodeDeviceEventSubmit()
________________________________________________________________________________________________________
*** CID 462801: Resource leaks (RESOURCE_LEAK)
/src/node_device/node_device_udev.c: 190 in nodeDeviceEventSubmit()
184 static int nodeDeviceEventSubmit(nodeDeviceEventType eventType, void *data,
virFreeCallback dataFreeFunc)
185 {
186 nodeDeviceEvent *event = g_new0(nodeDeviceEvent, 1);
187 udevEventData *priv = NULL;
188
189 if (!driver)
>> CID 462801: Resource leaks (RESOURCE_LEAK)
>> Variable "event" going out of scope leaks the storage it points to.
190 return -1;
191
192 priv = driver->privateData;
193
194 event->eventType = eventType;
195 event->data = data;
** CID 462800: Data race undermines locking (LOCK_EVASION)
/src/node_device/node_device_udev.c: 2071 in processNodeStateInitializeEnumerate()
________________________________________________________________________________________________________
*** CID 462800: Data race undermines locking (LOCK_EVASION)
/src/node_device/node_device_udev.c: 2071 in processNodeStateInitializeEnumerate()
2065 virCondBroadcast(&driver_state->initCond);
2066 }
2067
2068 return;
2069
2070 error:
>> CID 462800: Data race undermines locking
(LOCK_EVASION)
>> Thread2 checks "mutex", reading it after Thread1 assigns to
"mutex" but before some of the correlated field assignments can occur. It sees
the condition "var21.mutex" as being true. It continues on before the critical
section has completed, and can read data changed by that critical section while it is in
an inconsistent state.
2071 VIR_WITH_OBJECT_LOCK_GUARD(priv) {
2072 ignore_value(virEventRemoveHandle(priv->watch));
2073 priv->watch = -1;
2074 priv->udevThreadQuit = true;
2075 virCondSignal(&priv->udevThreadCond);
2076 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy...