New Defects reported by Coverity Scan for libvirt

Thursday, 21 March 2024

Hi,

Please find the latest report on new defect(s) introduced to libvirt found with Coverity
Scan.

2 new defect(s) introduced to libvirt found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)

** CID 444097:  Insecure data handling  (TAINTED_SCALAR)
/src/ch/ch_driver.c: 870 in chDomainSaveXMLRead()

________________________________________________________________________________________________________
*** CID 444097:  Insecure data handling  (TAINTED_SCALAR)
/src/ch/ch_driver.c: 870 in chDomainSaveXMLRead()
864         if (hdr.xmlLen <= 0) {
865             virReportError(VIR_ERR_OPERATION_FAILED,
866                            _("invalid XML length: %1$d"), hdr.xmlLen);
867             return NULL;
868         }
869     
...
>>     CID 444097:  Insecure data handling  (TAINTED_SCALAR)
>>     Passing tainted expression "__n" to "g_malloc0", which
uses it as an allocation size. 870         xml = g_new0(char, hdr.xmlLen);
871     
872         if (saferead(fd, xml, hdr.xmlLen) != hdr.xmlLen) {
873             virReportError(VIR_ERR_OPERATION_FAILED, "%s",
874                            _("failed to read XML"));
875             return NULL;

** CID 444096:  Incorrect expression  (BAD_SIZEOF)
/src/ch/ch_monitor.c: 961 in virCHMonitorSaveRestoreVM()

________________________________________________________________________________________________________
*** CID 444096:  Incorrect expression  (BAD_SIZEOF)
/src/ch/ch_monitor.c: 961 in virCHMonitorSaveRestoreVM()
955             curl_easy_setopt(mon->handle, CURLOPT_UNIX_SOCKET_PATH,
mon->socketpath);
956             curl_easy_setopt(mon->handle, CURLOPT_URL, url);
957             curl_easy_setopt(mon->handle, CURLOPT_CUSTOMREQUEST, "PUT");
958             curl_easy_setopt(mon->handle, CURLOPT_HTTPHEADER, headers);
959             curl_easy_setopt(mon->handle, CURLOPT_POSTFIELDS, payload);
960             curl_easy_setopt(mon->handle, CURLOPT_WRITEFUNCTION, curl_callback);
...
>>     CID 444096:  Incorrect expression  (BAD_SIZEOF)
>>     Taking the size of "&data", which is the address of an object,
is suspicious. 961             curl_easy_setopt(mon->handle, CURLOPT_WRITEDATA,
(void *)&data);
962     
963             responseCode = virCHMonitorCurlPerform(mon->handle);
964         }
965     
966         if (responseCode == 200 || responseCode == 204) {

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy...

2024

2023

2022

2021

2020

2019

2018

2017

2016

New Defects reported by Coverity Scan for libvirt