Hi, Please find the latest report on new defect(s) introduced to libvirt found with Coverity Scan. 2 new defect(s) introduced to libvirt found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 444097: Insecure data handling (TAINTED_SCALAR) /src/ch/ch_driver.c: 870 in chDomainSaveXMLRead() ________________________________________________________________________________________________________ *** CID 444097: Insecure data handling (TAINTED_SCALAR) /src/ch/ch_driver.c: 870 in chDomainSaveXMLRead() 864 if (hdr.xmlLen <= 0) { 865 virReportError(VIR_ERR_OPERATION_FAILED, 866 _("invalid XML length: %1$d"), hdr.xmlLen); 867 return NULL; 868 } 869

...

...

CID 444097: Insecure data handling (TAINTED_SCALAR) Passing tainted expression "__n" to "g_malloc0", which uses it as an allocation size.

870 xml = g_new0(char, hdr.xmlLen); 871 872 if (saferead(fd, xml, hdr.xmlLen) != hdr.xmlLen) { 873 virReportError(VIR_ERR_OPERATION_FAILED, "%s", 874 _("failed to read XML")); 875 return NULL;

** CID 444096: Incorrect expression (BAD_SIZEOF) /src/ch/ch_monitor.c: 961 in virCHMonitorSaveRestoreVM() ________________________________________________________________________________________________________ *** CID 444096: Incorrect expression (BAD_SIZEOF) /src/ch/ch_monitor.c: 961 in virCHMonitorSaveRestoreVM() 955 curl_easy_setopt(mon->handle, CURLOPT_UNIX_SOCKET_PATH, mon->socketpath); 956 curl_easy_setopt(mon->handle, CURLOPT_URL, url); 957 curl_easy_setopt(mon->handle, CURLOPT_CUSTOMREQUEST, "PUT"); 958 curl_easy_setopt(mon->handle, CURLOPT_HTTPHEADER, headers); 959 curl_easy_setopt(mon->handle, CURLOPT_POSTFIELDS, payload); 960 curl_easy_setopt(mon->handle, CURLOPT_WRITEFUNCTION, curl_callback);

...

...

CID 444096: Incorrect expression (BAD_SIZEOF) Taking the size of "&data", which is the address of an object, is suspicious.

961 curl_easy_setopt(mon->handle, CURLOPT_WRITEDATA, (void *)&data); 962 963 responseCode = virCHMonitorCurlPerform(mon->handle); 964 } 965 966 if (responseCode == 200 || responseCode == 204) {

________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2B...