Coverity complains about a possible leak of seclabel if !sec_managers[i]->drv->domainGenSecurityLabel is true and the seclabel might be overwritten by the next iteration of the loop. This leak should never happen, because every security driver has domainGenSecurityLabel defined. --- v1: 'Remove useless NULL check in virSecurityManagerGenLabel' https://www.redhat.com/archives/libvir-list/2014-April/msg00087.html src/security/security_manager.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/security/security_manager.c b/src/security/security_manager.c index d68c7e9..79edb07 100644 --- a/src/security/security_manager.c +++ b/src/security/security_manager.c @@ -514,6 +514,8 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, if (!sec_managers[i]->drv->domainGenSecurityLabel) { virReportUnsupportedError(); + virSecurityLabelDefFree(seclabel); + seclabel = NULL; } else { /* The seclabel must be added to @vm prior calling domainGenSecurityLabel * which may require seclabel to be presented already */ -- 1.8.3.2