Bug 732940

Summary: New coverity defects in RHEL6.2
Product: Red Hat Enterprise Linux 6 Reporter: Pavel Raiskup <praiskup>
Component: e2fsprogsAssignee: Lukáš Czerner <lczerner>
Status: CLOSED ERRATA QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2CC: sct
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: e2fsprogs-1.41.12-11.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 18:18:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 743047    

Description Pavel Raiskup 2011-08-24 08:43:02 UTC 
Defect is found by Coverity difference scan on rhel6.1 and rhel6.2 packages.

1) Unchecked return value of update_refcount()

   => misc/e2image.c:1025 return value is not checked (as is done in 5 of 6 cases)

   I'm not sure if this is really a problem, it would be nice if somebody could
   look at it.


2) Possible null dereference

   => misc/e2image.c:1329

   passing null variable 'header' to function qcow2_write_raw_image
   which dereferences it.

   a) 1239: assigning header to NULL
   b) 1290: assigning header to check_qcow2_image() return value,
            which can fail or even may not happen -->1289 (if branch)
   c) 1329: NULL used as parameter of qcow2_write_raw_image() which 
            dereferences it.
Comment 2 Pavel Raiskup 2011-08-24 08:54:54 UTC 
I forget to notice third defect:

3) Check for negative value on unsigned variable 'offset'

   => misc/e2image.c:771

   error in 'llseek' will not be recorded when occurs -- never can reach less
   than zero value.

   Variable 'offset' should be signed type (e.g. ext2_loff_t which is correct
   ext2fs_llseek return type?)
Comment 3 Eric Sandeen 2011-08-24 15:17:24 UTC 
I think that these came about as a result of Lukas' e2image work, so I will assign to him.

Lukas just sent a patch upstream for the issue in comment #2, FWIW.

Thanks,
-Eric
Comment 4 Lukáš Czerner 2011-08-25 10:09:00 UTC 
Thanks Eric,

The problem 1) is false positive, because we really do not need to check return value from the update_refcount() in that case.

Problem 2) Is also false positive, because if check_qcow2_image() would return NULL, then E2IMAGE_IS_QCOW2_FLAG would not be set, hence qcow2_write_raw_image() would not be called at all.

Problem 3) is real, however should not cause any real troubles because if the lseek would fail and we would not catch that, the next lseek will catch the problem, because we are using the offset there as well. However it is a bug and should be fixed.

As Eric already pointed out, I did sent the patch upstream for the problem 3. Problems 1 and 2 are not real, hence no need to fix anything there.

Thanks!
-Lukas
Comment 5 Lukáš Czerner 2011-09-15 09:51:31 UTC 
Built and tagged in e2fsprogs-1.41.12-11.el6
Comment 8 Pavel Raiskup 2011-09-26 15:54:14 UTC 
Hi, 

I have re-ran Coverity for e2fsprogs-1.41.12-11.el6 and reported problem (3) was successfully removed.

Pavel
Comment 10 errata-xmlrpc 2011-12-06 18:18:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1735.html