[libvirt] [PATCH] build: address clang reports about virCommand
clang had 5 reports against virCommand; three were false positives (a NULL deref in ProcessIO solved by sa_assert, and two uninitialized memory operations solved by adding an initializer), but two were real. * src/util/command.c (virCommandProcessIO): Fix real bug of possible NULL dereference. Teach clang that buf is never NULL. (virCommandRun): Teach clang that infd is only ever accessed when initialized. --- src/util/command.c | 10 ++++++---- 1 files changed, 6 insertions(+), 4 deletions(-) diff --git a/src/util/command.c b/src/util/command.c index abd2dc4..0845db4 100644 --- a/src/util/command.c +++ b/src/util/command.c @@ -1,7 +1,7 @@ /* * command.c: Child command execution * - * Copyright (C) 2010 Red Hat, Inc. + * Copyright (C) 2010-2011 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -881,6 +881,8 @@ virCommandProcessIO(virCommandPtr cmd) buf = cmd->errbuf; len = &errlen; } + /* Silence a false positive from clang. */ + sa_assert(buf); done = read(fds[i].fd, data, sizeof(data)); if (done < 0) { @@ -930,9 +932,9 @@ virCommandProcessIO(virCommandPtr cmd) ret = 0; cleanup: - if (*cmd->outbuf) + if (cmd->outbuf && *cmd->outbuf) (*cmd->outbuf)[outlen] = '\0'; - if (*cmd->errbuf) + if (cmd->errbuf && *cmd->errbuf) (*cmd->errbuf)[errlen] = '\0'; return ret; } @@ -950,7 +952,7 @@ virCommandRun(virCommandPtr cmd, int *exitstatus) int ret = 0; char *outbuf = NULL; char *errbuf = NULL; - int infd[2]; + int infd[2] = { -1, -1 }; struct stat st; bool string_io; bool async_io = false; -- 1.7.4
On 02/14/2011 05:30 PM, Eric Blake wrote:
clang had 5 reports against virCommand; three were false positives (a NULL deref in ProcessIO solved by sa_assert, and two uninitialized memory operations solved by adding an initializer), but two were real.
* src/util/command.c (virCommandProcessIO): Fix real bug of possible NULL dereference. Teach clang that buf is never NULL. (virCommandRun): Teach clang that infd is only ever accessed when initialized. --- src/util/command.c | 10 ++++++---- 1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/util/command.c b/src/util/command.c index abd2dc4..0845db4 100644 --- a/src/util/command.c +++ b/src/util/command.c @@ -1,7 +1,7 @@ /* * command.c: Child command execution * - * Copyright (C) 2010 Red Hat, Inc. + * Copyright (C) 2010-2011 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -881,6 +881,8 @@ virCommandProcessIO(virCommandPtr cmd) buf = cmd->errbuf; len =&errlen; } + /* Silence a false positive from clang. */ + sa_assert(buf);
done = read(fds[i].fd, data, sizeof(data)); if (done< 0) { @@ -930,9 +932,9 @@ virCommandProcessIO(virCommandPtr cmd)
ret = 0; cleanup: - if (*cmd->outbuf) + if (cmd->outbuf&& *cmd->outbuf) (*cmd->outbuf)[outlen] = '\0'; - if (*cmd->errbuf) + if (cmd->errbuf&& *cmd->errbuf) (*cmd->errbuf)[errlen] = '\0'; return ret; } @@ -950,7 +952,7 @@ virCommandRun(virCommandPtr cmd, int *exitstatus) int ret = 0; char *outbuf = NULL; char *errbuf = NULL; - int infd[2]; + int infd[2] = { -1, -1 }; struct stat st; bool string_io; bool async_io = false;
ACK
On 02/15/2011 10:41 AM, Laine Stump wrote:
On 02/14/2011 05:30 PM, Eric Blake wrote:
clang had 5 reports against virCommand; three were false positives (a NULL deref in ProcessIO solved by sa_assert, and two uninitialized memory operations solved by adding an initializer), but two were real.
* src/util/command.c (virCommandProcessIO): Fix real bug of possible NULL dereference. Teach clang that buf is never NULL. (virCommandRun): Teach clang that infd is only ever accessed when initialized. --- src/util/command.c | 10 ++++++---- 1 files changed, 6 insertions(+), 4 deletions(-)
ACK
Thanks; pushed. As a wrap-up to my clang session yesterday, there were also some false positives in gnulib's vasnprintf implementation; discussion on the gnulib list is considering using the name assume() or invariant() instead of sa_assert() - but I doubt that it will happen before libvirt-0.8.8, so we can worry about adjusting to any gnulib changes at a later date. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
participants (2)
-
Eric Blake -
Laine Stump