Bug 728184
Summary: | Coverity scan results | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Michal Luscon <mluscon> | ||||
Component: | netcf | Assignee: | Laine Stump <laine> | ||||
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 6.2 | CC: | ajia, dallan, dyuan, kdudka, mzhan, praiskup, rwu, vbian | ||||
Target Milestone: | rc | Keywords: | Regression | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | netcf-0.1.9-2.el6 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2011-12-06 15:19:16 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Michal Luscon
2011-08-04 10:15:33 UTC
*** Bug 734721 has been marked as a duplicate of this bug. *** This bug is already fixed upstream: commit af17ee0ce5d0fbfb5afa5cfc4e6c5f3fd14d8c9a Author: Laine Stump <laine> Date: Thu Aug 4 10:02:50 2011 -0400 eliminate potential use of uninitialized index/pointer in add_bridge_info This was detected by Coverity and reported in: https://bugzilla.redhat.com/show_bug.cgi?id=728184 Commit d32a46 moved the bit of code that adds the <bridge> element to bridge interfaces to the top of the function so that it is always done, even if there are no physical devices attached to the bridge (because <bridge> is a required element of the grammar). What wasn't noticed is that the ERR_NOMEM macro could goto error, and in this case nphys and phys_names would be uninitialized. Fortunately this would only happen on a failure to allocate memory. The next build of netcf for RHEL will contain that fix. A fix for this bug is available in a new netcf build for RHEL6: https://brewweb.devel.redhat.com/buildinfo?buildID=180923 (In reply to comment #5) > A fix for this bug is available in a new netcf build for RHEL6: > > https://brewweb.devel.redhat.com/buildinfo?buildID=180923 Hi Laine, This patch is okay and has resolved uninitialized value issues. However, Kamil provided many more test report raised by Coverity such as 'RESOURCE_LEAK' in Comment 1, IMHO, we should fix them together, you can find them in following link: https://dell-per610-03.lab.eng.brq.redhat.com/coverity/rhel-6.2-20110729/netcf-0.1.9-1.el6/run1/netcf-0.1.9-1.el6.html In addition, I have committed a patch to fix memory leak. Alex Patch for upstream: https://fedorahosted.org/pipermail/netcf-devel/2011-September/000635.html Created attachment 525038 [details]
CoverityScan for netcf-0.1.9-2.el6.src.rpm
(In reply to comment #8) > Patch for upstream: > https://fedorahosted.org/pipermail/netcf-devel/2011-September/000635.html Patch has been ACKed and pushed, and I haven't found 'RESOURCE_LEAK' on upstream again: Analysis summary report: ------------------------ Files analyzed : 14 Total LoC input to cov-analyze : 35436 Functions analyzed : 158 Paths analyzed : 3439 New defects found : 2 UNUSED_VALUE So these issues have been resolved, Laine, maybe netcf need to rebase a new rpm package, but, it seems patches are quite less on upstream now, hence, whether simply set the bug to VERIFIED status firstly. Since this would be the only patch that would go into a new build, and the impact of the bug is extremely small (it is a small leak in an infrequently used commandline tool (i.e. doesn't run for long, doesn't affect users of the API) that only occurs upon a failure to undefine an interface), we think it's best right now to not use up the extra resources it would take to process a new netcf build just for this. So, best to mark this bug to verified (since the coverity-found regression reported originally in the bug is now fixed), and let the memory leak fix come in later when there are more updates. (In reply to comment #11) > So, best to mark this bug to verified (since the coverity-found regression > reported originally in the bug is now fixed), and let the memory leak fix come > in later when there are more updates. Well, move the bug to VERIFIED status. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1631.html |