[libvirt PATCH 0/4] Coverity diaries
Ján Tomko (4): security: dac: remove leftover virPCIDeviceFree qemu: saveimage: only steal domXML on success qemu: monitor: clear cpu props properly in CPUInfoClear hyperv: check return value of virUUIDGenerate src/hyperv/hyperv_driver.c | 4 +++- src/qemu/qemu_monitor.c | 1 + src/qemu/qemu_saveimage.c | 3 +-- src/security/security_dac.c | 5 ++--- 4 files changed, 7 insertions(+), 6 deletions(-) -- 2.26.2
The switch to g_auto left this one call behind. Reported by Coverity. Fixes: 4ab0d1844a1e60def576086edc8b2c3775e7c10d Signed-off-by: Ján Tomko <jtomko@redhat.com> --- src/security/security_dac.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 00eeae0d27..11f6c5c3da 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -1430,10 +1430,9 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr, if (pcisrc->backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) { g_autofree char *vfioGroupDev = virPCIDeviceGetIOMMUGroupDev(pci); - if (!vfioGroupDev) { - virPCIDeviceFree(pci); + if (!vfioGroupDev) return -1; - } + ret = virSecurityDACRestoreFileLabelInternal(mgr, NULL, vfioGroupDev, false); } else { -- 2.26.2
The comment and the caller assume virQEMUSaveDataNew only steals domXML on success, but it is copied even on failure. Also remove the misleading g_steal_pointer call on a local variable. Reported by coverity. Signed-off-by: Ján Tomko <jtomko@redhat.com> --- src/qemu/qemu_saveimage.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/qemu/qemu_saveimage.c b/src/qemu/qemu_saveimage.c index de2d63dd9a..5d542bf977 100644 --- a/src/qemu/qemu_saveimage.c +++ b/src/qemu/qemu_saveimage.c @@ -105,8 +105,6 @@ virQEMUSaveDataNew(char *domXML, data = g_new0(virQEMUSaveData, 1); - data->xml = g_steal_pointer(&domXML); - if (cookieObj && !(data->cookie = virSaveCookieFormat((virObjectPtr) cookieObj, virDomainXMLOptionGetSaveCookie(xmlopt)))) @@ -118,6 +116,7 @@ virQEMUSaveDataNew(char *domXML, header->was_running = running ? 1 : 0; header->compressed = compressed; + data->xml = domXML; return data; error: -- 2.26.2
Stay true to the name of the function and clear the pointer after freeing it. This also silences a bogus Coverity report about a double free in qemuMonitorGetCPUInfo where qemuMonitorCPUInfoClear is called right after allocating a new qemuMonitorCPUInfo to fill out the non-zero defaults. Signed-off-by: Ján Tomko <jtomko@redhat.com> --- src/qemu/qemu_monitor.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 0476d606f5..151f69acef 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -1661,6 +1661,7 @@ qemuMonitorCPUInfoClear(qemuMonitorCPUInfoPtr cpus, VIR_FREE(cpus[i].alias); VIR_FREE(cpus[i].type); virJSONValueFree(cpus[i].props); + cpus[i].props = NULL; } } -- 2.26.2
Fixes: fa66bd8cad2359b7d21676e0fd69bec472b36514 Signed-off-by: Ján Tomko <jtomko@redhat.com> --- src/hyperv/hyperv_driver.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/hyperv/hyperv_driver.c b/src/hyperv/hyperv_driver.c index c1ed4b5c7c..701456cdb3 100644 --- a/src/hyperv/hyperv_driver.c +++ b/src/hyperv/hyperv_driver.c @@ -1080,7 +1080,9 @@ hypervDomainAttachSyntheticEthernetAdapter(virDomainPtr domain, */ portResourceType = g_strdup_printf("%d", MSVM_RASD_RESOURCETYPE_ETHERNET_ADAPTER); - virUUIDGenerate(vsiGuid); + if (virUUIDGenerate(vsiGuid) < 0) + return -1; + virUUIDFormat(vsiGuid, guidString); virtualSystemIdentifiers = g_strdup_printf("{%s}", guidString); -- 2.26.2
On Thu, Feb 18, 2021 at 02:55:25PM +0100, Ján Tomko wrote:
Ján Tomko (4): security: dac: remove leftover virPCIDeviceFree qemu: saveimage: only steal domXML on success qemu: monitor: clear cpu props properly in CPUInfoClear hyperv: check return value of virUUIDGenerate
src/hyperv/hyperv_driver.c | 4 +++- src/qemu/qemu_monitor.c | 1 + src/qemu/qemu_saveimage.c | 3 +-- src/security/security_dac.c | 5 ++--- 4 files changed, 7 insertions(+), 6 deletions(-)
Reviewed-by: Erik Skultety <eskultet@redhat.com>
participants (2)
-
Erik Skultety -
Ján Tomko