New Defects reported by Coverity Scan for libvirt
Hi, Please find the latest report on new defect(s) introduced to libvirt found with Coverity Scan. 8 new defect(s) introduced to libvirt found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 8 of 8 defect(s) ** CID 478105: Resource leaks (RESOURCE_LEAK) /src/qemu/qemu_fd.c: 150 in qemuFDPassNewFromMonitor() ________________________________________________________________________________________________________ *** CID 478105: Resource leaks (RESOURCE_LEAK) /src/qemu/qemu_fd.c: 150 in qemuFDPassNewFromMonitor() 144 145 for (j = 0; j < fdset.nfds; j++) { 146 qemuMonitorFdsetFdInfo fdinfo = fdset.fds[j]; 147 148 VIR_DEBUG("fdinfo opaque = %s", fdinfo.opaque); 149 if (STRPREFIX(prefix, fdinfo.opaque)) {
CID 478105: Resource leaks (RESOURCE_LEAK) Overwriting "fdpass" in "fdpass = (qemuFDPass *)({...; __p;})" leaks the storage that "fdpass" points to.
150 fdpass = g_new0(qemuFDPass, 1); 151 152 fdpass->fdSetID = fdset.id; 153 fdpass->prefix = g_strdup(prefix); 154 fdpass->path = g_strdup_printf("/dev/fdset/%u", fdset.id); 155 fdpass->passed = true;
** CID 478104: Memory - illegal accesses (USE_AFTER_FREE) /src/rpc/virnetdaemon.c: 967 in virNetDaemonStop() ________________________________________________________________________________________________________ *** CID 478104: Memory - illegal accesses (USE_AFTER_FREE) /src/rpc/virnetdaemon.c: 967 in virNetDaemonStop() 961 dmn->stateStopThread = g_new0(virThread, 1); 962 963 if (virThreadCreateFull(dmn->stateStopThread, false, 964 virNetDaemonStopWorker, 965 "daemon-stop", false, dmn) < 0) { 966 virObjectUnref(dmn);
CID 478104: Memory - illegal accesses (USE_AFTER_FREE) Dereferencing freed pointer "dmn".
967 g_clear_pointer(&dmn->stateStopThread, g_free); 968 return; 969 } 970 } 971 972
** CID 478103: Program hangs (NEGATIVE_RETURNS) /src/hypervisor/domain_driver.c: 950 in virDomainDriverAutoShutdown() ________________________________________________________________________________________________________ *** CID 478103: Program hangs (NEGATIVE_RETURNS) /src/hypervisor/domain_driver.c: 950 in virDomainDriverAutoShutdown() 944 /* Anything non-NULL in this list indicates none of 945 * the configured ations were successful in processing 946 * the domain. There's not much we can do about that 947 * as the host is powering off, logging at least lets 948 * admins know 949 */
CID 478103: Program hangs (NEGATIVE_RETURNS) Using unsigned variable "numDomains" in a loop exit condition.
950 for (i = 0; i < numDomains; i++) { 951 if (domains[i] == NULL) 952 continue; 953 VIR_WARN("auto-shutdown: domain '%s' not successfully shut off by any action", 954 domains[i]->name); 955 virObjectUnref(domains[i]); 956 } 957 VIR_FREE(domains); 958 }
** CID 478102: Performance inefficiencies (PASS_BY_VALUE) /src/conf/domain_validate.c: 696 in virDomainDiskIoTuneValidate() ________________________________________________________________________________________________________ *** CID 478102: Performance inefficiencies (PASS_BY_VALUE) /src/conf/domain_validate.c: 696 in virDomainDiskIoTuneValidate() 690 691 return 0; 692 } 693 694 695 static int
CID 478102: Performance inefficiencies (PASS_BY_VALUE) Passing parameter blkdeviotune of type "virDomainBlockIoTuneInfo const" (size 160 bytes) by value, which exceeds the low threshold of 128 bytes.
696 virDomainDiskIoTuneValidate(const virDomainBlockIoTuneInfo blkdeviotune) 697 { 698 if ((blkdeviotune.total_bytes_sec && 699 blkdeviotune.read_bytes_sec) || 700 (blkdeviotune.total_bytes_sec && 701 blkdeviotune.write_bytes_sec)) {
** CID 478101: Uninitialized variables (UNINIT) /src/qemu/qemu_migration_params.c: 830 in qemuMigrationParamsForSave() ________________________________________________________________________________________________________ *** CID 478101: Uninitialized variables (UNINIT) /src/qemu/qemu_migration_params.c: 830 in qemuMigrationParamsForSave() 824 825 if (params && virTypedParamsGetInt(params, nparams, 826 VIR_DOMAIN_SAVE_PARAM_PARALLEL_CHANNELS, 827 &nchannels) < 0) 828 return NULL; 829
CID 478101: Uninitialized variables (UNINIT) Using uninitialized value "nchannels".
830 if (nchannels < 1) { 831 virReportError(VIR_ERR_INVALID_ARG, "%s", 832 _("number of parallel save channels cannot be less than 1")); 833 return NULL; 834 } 835
** CID 478100: Resource leaks (RESOURCE_LEAK) /src/qemu/qemu_monitor_json.c: 4717 in qemuMonitorMakeThrottleGroupLimits() ________________________________________________________________________________________________________ *** CID 478100: Resource leaks (RESOURCE_LEAK) /src/qemu/qemu_monitor_json.c: 4717 in qemuMonitorMakeThrottleGroupLimits() 4711 "P:iops-total-max-length", group->total_iops_sec_max_length, 4712 "P:iops-read-max-length", group->read_iops_sec_max_length, 4713 "P:iops-write-max-length", group->write_iops_sec_max_length, 4714 NULL) < 0) 4715 return -1; 4716
CID 478100: Resource leaks (RESOURCE_LEAK) Returning without freeing "limits" leaks the storage that it points to.
4717 return 0; 4718 } 4719 4720 4721 int 4722 qemuMonitorJSONUpdateThrottleGroup(qemuMonitor *mon,
** CID 478099: Memory - illegal accesses (USE_AFTER_FREE) ________________________________________________________________________________________________________ *** CID 478099: Memory - illegal accesses (USE_AFTER_FREE) /src/admin/admin_server_dispatch.c: 486 in adminConnectDaemonShutdown() 480 { 481 virCheckFlags(VIR_DAEMON_SHUTDOWN_PRESERVE, -1); 482 483 if (flags & VIR_DAEMON_SHUTDOWN_PRESERVE) 484 virNetDaemonStop(dmn); 485
CID 478099: Memory - illegal accesses (USE_AFTER_FREE) Calling "virNetDaemonQuit" dereferences freed pointer "dmn".
486 virNetDaemonQuit(dmn); 487 488 return 0; 489 } 490 491 static int
** CID 478098: Memory - illegal accesses (USE_AFTER_FREE) ________________________________________________________________________________________________________ *** CID 478098: Memory - illegal accesses (USE_AFTER_FREE) /src/remote/remote_daemon.c: 531 in handleSessionMessageFunc() 525 VIR_DEBUG("dmn=%p", dmn); 526 527 if (virGDBusMessageIsSignal(message, 528 "org.freedesktop.DBus.Local", 529 "Disconnected")) { 530 virNetDaemonStop(dmn);
CID 478098: Memory - illegal accesses (USE_AFTER_FREE) Calling "virNetDaemonQuit" dereferences freed pointer "dmn".
531 virNetDaemonQuit(dmn); 532 } 533 534 return message; 535 } 536
________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/libvirt?tab=overview
participants (1)
-
scan-admin@coverity.com