Bug 723229

Summary: Defects revealed by Coverity scan
Product: Red Hat Enterprise Linux 6 Reporter: Michal Luscon <mluscon>
Component: xorg-x11-drv-qxlAssignee: Søren Sandmann Pedersen <sandmann>
Status: CLOSED WONTFIX QA Contact: Desktop QE <desktop-qa-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: acathrow, kem
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-10 15:15:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Michal Luscon 2011-07-19 13:22:09 UTC 
Description of problem:

xf86-video-qxl-0.0.12/src/qxl_surface.c:392 - Function malloc without NULL check.

xf86-video-qxl-0.0.12/src/qxl_surface.c:1154 - Function malloc without NULL check.

xf86-video-qxl-0.0.12/src/qxl_driver.c:377 - Suspicious implicit sign extension: "qxl->main_mem_slot" with type "unsigned char" (8 bits, unsigned) is promoted in "qxl->main_mem_slot << qxl->slot_gen_bits" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "qxl->main_mem_slot << qxl->slot_gen_bits" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

xf86-video-qxl-0.0.12/src/qxl_driver.c:397 - Suspicious implicit sign extension: "qxl->vram_mem_slot" with type "unsigned char" (8 bits, unsigned) is promoted in "qxl->vram_mem_slot << qxl->slot_gen_bits" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "qxl->vram_mem_slot << qxl->slot_gen_bits" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

Version-Release number of selected component (if applicable):
0.0.12-9

Additional info:

These defects were probably introduced by Red Hat patches.
Comment 1 RHEL Program Management 2011-10-07 16:18:29 UTC 
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.