From: Alex Jia <ajia(a)redhat.com&gt; Detected by Coverity. the only case is caller passes a NULL to 'format' variable, then taking 'if (format)' false branch, the function qcow2GetBackingStoreFormat will directly dereferences the NULL 'format' pointer variable. Signed-off-by: Alex Jia <ajia(a)redhat.com&gt; --- src/util/storage_file.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/util/storage_file.c b/src/util/storage_file.c index f33ea74..ba9cfc5 100644 --- a/src/util/storage_file.c +++ b/src/util/storage_file.c @@ -333,7 +333,7 @@ qcowXGetBackingStore(char **res, * between the end of the header (QCOW2_HDR_TOTAL_SIZE) * and the start of the backingStoreName (offset) */ - if (isQCow2) + if (isQCow2 && format) qcow2GetBackingStoreFormat(format, buf, buf_size, QCOW2_HDR_TOTAL_SIZE, offset); return BACKING_STORE_OK; -- 1.7.1