Bug 728184

Summary: Coverity scan results
Product: Red Hat Enterprise Linux 6 Reporter: Michal Luscon <mluscon>
Component: netcfAssignee: Laine Stump <laine>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2CC: ajia, dallan, dyuan, kdudka, mzhan, praiskup, rwu, vbian
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: netcf-0.1.9-2.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 15:19:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
CoverityScan for netcf-0.1.9-2.el6.src.rpm none

Description Michal Luscon 2011-08-04 10:15:33 UTC
Description of problem:

/netcf-0.1.9/src/dutil_linux.c:1055, 1056 - Using uninitialized variables nphys and phys_names as a result of line #1029.

Version-Release number of selected component (if applicable):
0.1.9

Additional info:

This defect was added between RHEL-6.1 and RHEL-6.2 version of package.

Comment 2 Laine Stump 2011-09-06 17:56:51 UTC
*** Bug 734721 has been marked as a duplicate of this bug. ***

Comment 3 Laine Stump 2011-09-21 18:17:58 UTC
This bug is already fixed upstream:

commit af17ee0ce5d0fbfb5afa5cfc4e6c5f3fd14d8c9a
Author: Laine Stump <laine>
Date:   Thu Aug 4 10:02:50 2011 -0400

    eliminate potential use of uninitialized index/pointer in add_bridge_info
    
    This was detected by Coverity and reported in:
    
    https://bugzilla.redhat.com/show_bug.cgi?id=728184
    
    Commit d32a46 moved the bit of code that adds the <bridge> element to
    bridge interfaces to the top of the function so that it is always
    done, even if there are no physical devices attached to the bridge
    (because <bridge> is a required element of the grammar). What wasn't
    noticed is that the ERR_NOMEM macro could goto error, and in this case
    nphys and phys_names would be uninitialized.
    
    Fortunately this would only happen on a failure to allocate memory.

The next build of netcf for RHEL will contain that fix.

Comment 5 Laine Stump 2011-09-26 19:03:39 UTC
A fix for this bug is available in a new netcf build for RHEL6:

  https://brewweb.devel.redhat.com/buildinfo?buildID=180923

Comment 7 Alex Jia 2011-09-27 06:30:46 UTC
(In reply to comment #5)
> A fix for this bug is available in a new netcf build for RHEL6:
> 
>   https://brewweb.devel.redhat.com/buildinfo?buildID=180923

Hi Laine,

This patch is okay and has resolved uninitialized value issues. However, Kamil provided many more test report raised by Coverity such as 'RESOURCE_LEAK' in Comment 1, IMHO, we should fix them together, you can find them in following link:

https://dell-per610-03.lab.eng.brq.redhat.com/coverity/rhel-6.2-20110729/netcf-0.1.9-1.el6/run1/netcf-0.1.9-1.el6.html

In addition, I have committed a patch to fix memory leak.

Alex

Comment 8 Alex Jia 2011-09-27 06:40:06 UTC
Patch for upstream:
https://fedorahosted.org/pipermail/netcf-devel/2011-September/000635.html

Comment 9 Alex Jia 2011-09-27 07:08:05 UTC
Created attachment 525038 [details]
CoverityScan for netcf-0.1.9-2.el6.src.rpm

Comment 10 Alex Jia 2011-09-28 02:55:51 UTC
(In reply to comment #8)
> Patch for upstream:
> https://fedorahosted.org/pipermail/netcf-devel/2011-September/000635.html

Patch has been ACKed and pushed, and I haven't found 'RESOURCE_LEAK' on upstream again:

Analysis summary report:
------------------------
Files analyzed                 : 14
Total LoC input to cov-analyze : 35436
Functions analyzed             : 158
Paths analyzed                 : 3439
New defects found              : 2 UNUSED_VALUE

So these issues have been resolved, Laine, maybe netcf need to rebase a new rpm package, but, it seems patches are quite less on upstream now, hence, whether simply set the bug to VERIFIED status firstly.

Comment 11 Laine Stump 2011-09-28 18:07:40 UTC
Since this would be the only patch that would go into a new build, and the impact of the bug is extremely small (it is a small leak in an infrequently used commandline tool (i.e. doesn't run for long, doesn't affect users of the API) that only occurs upon a failure to undefine an interface), we think it's best right now to not use up the extra resources it would take to process a new netcf build just for this.

So, best to mark this bug to verified (since the coverity-found regression reported originally in the bug is now fixed), and let the memory leak fix come in later when there are more updates.

Comment 12 Alex Jia 2011-09-29 02:37:16 UTC
(In reply to comment #11)
> So, best to mark this bug to verified (since the coverity-found regression
> reported originally in the bug is now fixed), and let the memory leak fix come
> in later when there are more updates.

Well, move the bug to VERIFIED status.

Comment 13 errata-xmlrpc 2011-12-06 15:19:16 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1631.html