New Defects reported by Coverity Scan for libvirt
Hi, Please find the latest report on new defect(s) introduced to libvirt found with Coverity Scan. 8 new defect(s) introduced to libvirt found with Coverity Scan. 21 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 8 of 8 defect(s) ** CID 471899: Control flow issues (DEADCODE) /src/util/virstring.c: 137 in virStrToLong_ul() ________________________________________________________________________________________________________ *** CID 471899: Control flow issues (DEADCODE) /src/util/virstring.c: 137 in virStrToLong_ul() 131 /* This one's tricky. We _want_ to allow "-1" as shorthand for 132 * ULONG_MAX regardless of whether long is 32-bit or 64-bit. But 133 * g_ascii_strtoull treats "-1" as ULLONG_MAX, and going from ullong back 134 * to ulong differs depending on the size of ulong. */ 135 if (memchr(s, '-', p - s)) { 136 if (-val > ULONG_MAX)
CID 471899: Control flow issues (DEADCODE) Execution cannot reach this statement: "err = true;".
137 err = true; 138 else 139 val &= ULONG_MAX; 140 } 141 142 err |= (errno || (!end_ptr && *p) || p == s || (unsigned long) val != val);
** CID 471898: Null pointer dereferences (FORWARD_NULL) /src/remote/remote_driver.c: 900 in doRemoteOpen() ________________________________________________________________________________________________________ *** CID 471898: Null pointer dereferences (FORWARD_NULL) /src/remote/remote_driver.c: 900 in doRemoteOpen() 894 if ((mode = remoteDriverModeTypeFromString(mode_str)) < 0) { 895 virReportError(VIR_ERR_INVALID_ARG, 896 _("Unknown remote mode '%1$s'"), mode_str); 897 goto error; 898 } 899 } else {
CID 471898: Null pointer dereferences (FORWARD_NULL) Dereferencing null pointer "conn->uri".
900 if (inside_daemon && !conn->uri->server) { 901 mode = REMOTE_DRIVER_MODE_DIRECT; 902 } else { 903 mode = REMOTE_DRIVER_MODE_AUTO; 904 } 905 }
** CID 471897: Resource leaks (RESOURCE_LEAK) /src/ch/ch_monitor.c: 737 in virCHMonitorPutNoContent() ________________________________________________________________________________________________________ *** CID 471897: Resource leaks (RESOURCE_LEAK) /src/ch/ch_monitor.c: 737 in virCHMonitorPutNoContent() 731 domainLogContextWrite(logCtxt, "Response = %s\n", data.content); 732 } 733 734 if (responseCode == 200 || responseCode == 204) 735 ret = 0; 736
CID 471897: Resource leaks (RESOURCE_LEAK) Variable "data" going out of scope leaks the storage "data.content" points to.
737 return ret; 738 } 739 740 static int 741 virCHMonitorGet(virCHMonitor *mon, const char *endpoint, virJSONValue **response) 742 {
** CID 471896: Integer handling issues (INTEGER_OVERFLOW) /src/conf/capabilities.c: 1036 in virCapabilitiesFormatMemoryBandwidth() ________________________________________________________________________________________________________ *** CID 471896: Integer handling issues (INTEGER_OVERFLOW) /src/conf/capabilities.c: 1036 in virCapabilitiesFormatMemoryBandwidth() 1030 1031 virBufferAddLit(buf, "<memory_bandwidth>\n"); 1032 virBufferAdjustIndent(buf, 2); 1033 1034 for (i = 0; i < memBW->nnodes; i++) { 1035 g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER;
CID 471896: Integer handling issues (INTEGER_OVERFLOW) Expression "buf->indent + 2", where "buf->indent" is known to be equal to 2147483647, overflows the type of "buf->indent + 2", which is type "int".
1036 g_auto(virBuffer) childrenBuf = VIR_BUFFER_INIT_CHILD(buf); 1037 virCapsHostMemBWNode *node = memBW->nodes[i]; 1038 virResctrlInfoMemBWPerNode *control = &node->control; 1039 g_autofree char *cpus_str = virBitmapFormat(node->cpus); 1040 1041 if (!cpus_str)
** CID 471895: Resource leaks (RESOURCE_LEAK) ________________________________________________________________________________________________________ *** CID 471895: Resource leaks (RESOURCE_LEAK) /src/rpc/virnetclientprogram.c: 388 in virNetClientProgramCall() 382 383 virNetMessageFree(msg); 384 385 return 0; 386 387 error:
CID 471895: Resource leaks (RESOURCE_LEAK) Freeing "msg" without freeing its pointer field "fds" leaks the storage that "fds" points to.
388 virNetMessageFree(msg); 389 if (infds && ninfds) { 390 for (i = 0; i < *ninfds; i++) 391 VIR_FORCE_CLOSE((*infds)[i]); 392 } 393 return -1;
** CID 471894: Null pointer dereferences (NULL_RETURNS) ________________________________________________________________________________________________________ *** CID 471894: Null pointer dereferences (NULL_RETURNS) /tests/testutilsqemuschema.c: 360 in testQEMUSchemaValidateObject() 354 if (virJSONValueObjectForeachKeyValue(obj, 355 testQEMUSchemaValidateObjectMember, 356 &data) < 0) 357 return -1; 358 359 /* check missing mandatory values */
CID 471894: Null pointer dereferences (NULL_RETURNS) Dereferencing a pointer that might be "NULL" "data.rootmembers" when calling "virJSONValueArrayForeachSteal".
360 if (virJSONValueArrayForeachSteal(data.rootmembers, 361 testQEMUSchemaValidateObjectMandatoryMember, 362 &data) < 0) { 363 return -2; 364 } 365
** CID 471893: Integer handling issues (INTEGER_OVERFLOW) /src/conf/capabilities.c: 951 in virCapabilitiesFormatCaches() ________________________________________________________________________________________________________ *** CID 471893: Integer handling issues (INTEGER_OVERFLOW) /src/conf/capabilities.c: 951 in virCapabilitiesFormatCaches() 945 946 virBufferAddLit(buf, "<cache>\n"); 947 virBufferAdjustIndent(buf, 2); 948 949 for (i = 0; i < cache->nbanks; i++) { 950 g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER;
CID 471893: Integer handling issues (INTEGER_OVERFLOW) Expression "buf->indent + 2", where "buf->indent" is known to be equal to 2147483647, overflows the type of "buf->indent + 2", which is type "int".
951 g_auto(virBuffer) childrenBuf = VIR_BUFFER_INIT_CHILD(buf); 952 virCapsHostCacheBank *bank = cache->banks[i]; 953 g_autofree char *cpus_str = virBitmapFormat(bank->cpus); 954 const char *unit = NULL; 955 unsigned long long short_size = virFormatIntPretty(bank->size, &unit); 956
** CID 471892: Integer handling issues (INTEGER_OVERFLOW) /src/conf/snapshot_conf.c: 860 in virDomainSnapshotDefFormatInternal() ________________________________________________________________________________________________________ *** CID 471892: Integer handling issues (INTEGER_OVERFLOW) /src/conf/snapshot_conf.c: 860 in virDomainSnapshotDefFormatInternal() 854 } 855 virBufferAdjustIndent(buf, -2); 856 virBufferAddLit(buf, "</disks>\n"); 857 } 858 859 if (def->nrevertdisks > 0) {
CID 471892: Integer handling issues (INTEGER_OVERFLOW) Expression "buf->indent + 2", where "buf->indent" is known to be equal to 2147483647, overflows the type of "buf->indent + 2", which is type "int".
860 g_auto(virBuffer) childBuf = VIR_BUFFER_INIT_CHILD(buf); 861 862 for (i = 0; i < def->nrevertdisks; i++) { 863 if (virDomainSnapshotDiskDefFormat(&childBuf, &def->revertdisks[i], xmlopt) < 0) 864 return -1; 865 }
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/libvirt?tab=overview
participants (1)
-
scan-admin@coverity.com