2:49 a.m.
All of these were spotted by coverity tool.
Michal Privoznik (3):
vbox: Avoid signed and unsigned comparison
xen: Check return value of virStringReplace
qemuBuildCommandLine: Change the condition for -nographics
src/qemu/qemu_command.c | 2 +-
src/vbox/vbox_common.c | 8 +++-----
src/xenconfig/xen_xl.c | 7 ++++++-
3 files changed, 10 insertions(+), 7 deletions(-)
--
2.4.10
2:49 a.m.
New subject: [libvirt] [PATCH 1/3] vbox: Avoid signed and unsigned comparison
After 457ff97fa there are two defects in our code. In both of
them we use a signed variable to hold up a number of snapshots
that domain has. We use a helper function to count the number.
However, the helper function may fail in which case it returns
a negative one and control jumps to cleanup label where an
unsigned variable is used to iterate over array of snapshots. The
loop condition thus compare signed and unsigned variables which
in this specific case ends up badly for us.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/vbox/vbox_common.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/src/vbox/vbox_common.c b/src/vbox/vbox_common.c
index 5302d1c..8c00a4f 100644
--- a/src/vbox/vbox_common.c
+++ b/src/vbox/vbox_common.c
@@ -5507,11 +5507,10 @@ vboxDomainSnapshotGet(vboxGlobalData *data,
ISnapshot **snapshots = NULL;
ISnapshot *snapshot = NULL;
nsresult rc;
- int count = 0;
- size_t i;
+ ssize_t i, count = 0;
if ((count = vboxDomainSnapshotGetAll(dom, machine, &snapshots)) < 0)
- goto cleanup;
+ return NULL;
for (i = 0; i < count; i++) {
PRUnichar *nameUtf16;
@@ -6188,8 +6187,7 @@ static int vboxDomainSnapshotListNames(virDomainPtr dom, char
**names,
IMachine *machine = NULL;
nsresult rc;
ISnapshot **snapshots = NULL;
- int count = 0;
- size_t i;
+ ssize_t i, count = 0;
int ret = -1;
if (!data->vboxObj)
--
2.4.10
5:42 a.m.
New subject: [libvirt] [PATCH 1/3] vbox: Avoid signed and unsigned comparison
On Tue, Feb 23, 2016 at 09:49:07AM +0100, Michal Privoznik wrote:
After 457ff97fa there are two defects in our code. In both of
them we use a signed variable to hold up a number of snapshots
that domain has. We use a helper function to count the number.
However, the helper function may fail in which case it returns
a negative one and control jumps to cleanup label where an
unsigned variable is used to iterate over array of snapshots. The
loop condition thus compare signed and unsigned variables which
in this specific case ends up badly for us.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/vbox/vbox_common.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
ACK.
Does virStorageBackendRBDCleanupSnapshots need the same treatment?
I'm having trouble deciphering the code flow.
Jan
2:49 a.m.
New subject: [libvirt] [PATCH 2/3] xen: Check return value of virStringReplace
After 6604a3dd9f8 in which new helper function has been
introduced, the code calls virStringReplace and dereference the
result immediately. The string function can, however, return NULL
so this would SIGSEGV right away. Check for the return value of
the string function.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/xenconfig/xen_xl.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/xenconfig/xen_xl.c b/src/xenconfig/xen_xl.c
index 585ef9b..e65f5c6 100644
--- a/src/xenconfig/xen_xl.c
+++ b/src/xenconfig/xen_xl.c
@@ -254,7 +254,12 @@ xenParseXLDiskSrc(virDomainDiskDefPtr disk, char *srcstr)
int ret = -1;
if (STRPREFIX(srcstr, "rbd:")) {
- tmpstr = virStringReplace(srcstr, "\\\\", "\\");
+ if (!(tmpstr = virStringReplace(srcstr, "\\\\", "\\"))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unable to parse disk source string: %s"),
+ srcstr);
+ goto cleanup;
+ }
virDomainDiskSetType(disk, VIR_STORAGE_TYPE_NETWORK);
disk->src->protocol = VIR_STORAGE_NET_PROTOCOL_RBD;
--
2.4.10
5:42 a.m.
New subject: [libvirt] [PATCH 2/3] xen: Check return value of virStringReplace
On Tue, Feb 23, 2016 at 09:49:08AM +0100, Michal Privoznik wrote:
After 6604a3dd9f8 in which new helper function has been
introduced, the code calls virStringReplace and dereference the
result immediately. The string function can, however, return NULL
so this would SIGSEGV right away. Check for the return value of
the string function.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/xenconfig/xen_xl.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
ACK with the virReportError removed.
diff --git a/src/xenconfig/xen_xl.c b/src/xenconfig/xen_xl.c
index 585ef9b..e65f5c6 100644
--- a/src/xenconfig/xen_xl.c
+++ b/src/xenconfig/xen_xl.c
@@ -254,7 +254,12 @@ xenParseXLDiskSrc(virDomainDiskDefPtr disk, char *srcstr)
int ret = -1;
if (STRPREFIX(srcstr, "rbd:")) {
- tmpstr = virStringReplace(srcstr, "\\\\", "\\");
+ if (!(tmpstr = virStringReplace(srcstr, "\\\\", "\\"))) {
virStringReplace reports an error on OOM.
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unable to parse disk source string: %s"),
+ srcstr);
This error is wrong and would overwrite the OOM error (or wouldn't,
since there's no memory for it).
Jan
+ goto cleanup;
+ }
2:49 a.m.
New subject: [libvirt] [PATCH 3/3] qemuBuildCommandLine: Change the condition for -nographics
There's this check when building command line that whenever
domain has no graphics card configured we put -nographics onto
qemu command line. The check is 'if (!def->graphics)'. This
makes coverity think that def->graphics can be NULL, which is
true. But later in the code every access to def->graphics is
guarded by check for def->ngraphics, so no crash occurs. But this
is something that coverity fails to deduct.
In order to shut coverity up lets change the condition to
'if (!def->ngraphics)'.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_command.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 78423e7..854e51c 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7130,7 +7130,7 @@ qemuBuildCommandLine(virConnectPtr conn,
* if you ask for nographic. So we have to make sure we override
* these defaults ourselves...
*/
- if (!def->graphics) {
+ if (!def->ngraphics) {
virCommandAddArg(cmd, "-nographic");
if (cfg->nogfxAllowHostAudio)
--
2.4.10
5:51 a.m.
New subject: [libvirt] [PATCH 3/3] qemuBuildCommandLine: Change the condition for -nographics
On Tue, Feb 23, 2016 at 09:49:09AM +0100, Michal Privoznik wrote:
There's this check when building command line that whenever
domain has no graphics card configured we put -nographics onto
qemu command line. The check is 'if (!def->graphics)'. This
makes coverity think that def->graphics can be NULL, which is
true. But later in the code every access to def->graphics is
guarded by check for def->ngraphics, so no crash occurs. But this
is something that coverity fails to deduct.
In order to shut coverity up lets change the condition to
'if (!def->ngraphics)'.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_command.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
ACK
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 78423e7..854e51c 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -7130,7 +7130,7 @@ qemuBuildCommandLine(virConnectPtr conn,
* if you ask for nographic. So we have to make sure we override
* these defaults ourselves...
*/
- if (!def->graphics) {
+ if (!def->ngraphics) {
For integers, I have a slight preference for == 0, but this seems to be
the prevailing style in qemuBuildCommandLine.
Jan
3198
days inactive
3198
days old
6 comments
2 participants
participants (2)
-
Ján Tomko -
Michal Privoznik