Bug 750418

Summary: Coverity scan revealed defects
Product: Red Hat Enterprise Linux 6 Reporter: Min Zhan <mzhan>
Component: libvirt-cimAssignee: Daniel Veillard <veillard>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2CC: ajia, dallan, dyuan, elima, kdudka, mluscon, mzhan, ovasik, rwu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-cim-0.6.1-3.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 728245 Environment:
Last Closed: 2012-06-20 12:01:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 728245    
Bug Blocks:    
Attachments:
Description Flags
CoverityScan on libvirt-cim-0.6.0-1.el6.src.rpm
none
Patch for version 0.6.1 none

Comment 1 Eduardo Lima (Etrunko) 2011-11-22 19:41:58 UTC
FYI, the patches which fix the issues raised by this last report have been pushed upstream. See the following thread on libvirt-cim mailing list for reference:

https://www.redhat.com/archives/libvirt-cim/2011-November/msg00017.html

Comment 2 Dave Allan 2012-01-04 21:23:05 UTC
(In reply to comment #1)
> FYI, the patches which fix the issues raised by this last report have been
> pushed upstream. See the following thread on libvirt-cim mailing list for
> reference:
> 
> https://www.redhat.com/archives/libvirt-cim/2011-November/msg00017.html

Moving to POST.

Comment 3 Daniel Veillard 2012-01-12 06:15:24 UTC
All the patches should be included in the rebased version: libvirt-cim-0.6.0-1.el6

Daniel

Comment 4 Alex Jia 2012-01-12 07:09:47 UTC
CoverityScan on libvirt-cim-0.6.0-1.el6.src.rpm, it seems we still need to fix some memory leaks and NULL pointer dereference issues.

Analysis summary report:
------------------------
Files analyzed                 : 65
Total LoC input to cov-analyze : 55054
Functions analyzed             : 988
Paths analyzed                 : 23737
Defect occurrences found       : 49 Total
                                  2 ARRAY_VS_SINGLETON
                                  7 CHECKED_RETURN
                                  3 DEADCODE
                                  2 FORWARD_NULL
                                  2 NO_EFFECT
                                  6 NULL_RETURNS
                                 14 RESOURCE_LEAK
                                  2 UNINIT
                                  9 UNUSED_VALUE
                                  2 USE_AFTER_FREE

Comment 5 Alex Jia 2012-01-12 07:10:14 UTC
Created attachment 552325 [details]
CoverityScan on libvirt-cim-0.6.0-1.el6.src.rpm

Comment 7 Alex Jia 2012-01-12 09:13:00 UTC
Hi Daniel, 
This version has fixed many issues, however, some RESOURCE_LEAK and FORWARD_NULL still exist, Is it okay for you?

Thanks,
Alex

Comment 8 Eduardo Lima (Etrunko) 2012-01-12 14:57:04 UTC
(In reply to comment #5)
> Created attachment 552325 [details]
> CoverityScan on libvirt-cim-0.6.0-1.el6.src.rpm

Thanks once again for the report. Will take a look and provide patches for these issues ASAP.

Comment 9 Eduardo Lima (Etrunko) 2012-01-20 17:51:45 UTC
Patches were reviewed and are pushed upstream. Latest HEAD should include fixes to these and also remove some compilation warnings. The hash is f0494d4a864642bed51ccc99af1311e2f9dd2b72

Comment 10 Alex Jia 2012-03-06 05:29:55 UTC
(In reply to comment #9)
> Patches were reviewed and are pushed upstream. Latest HEAD should include fixes
> to these and also remove some compilation warnings. The hash is
> f0494d4a864642bed51ccc99af1311e2f9dd2b72

Dear Eduardo,
The 0.6.1-1.el6 version has fixed 2 FORWARD_NULL, 11 RESOURCE_LEAK, 2 UNINIT,  6 NULL_RETURNS, 1 DEADCODE, and 2 USE_AFTER_FREE issues for previous version, however, the Coverity still complains 3 RESOURCE_LEAK in the following report, I haven't seen actually codes, it may be a positive branch, Eduardo, do you want to fix them? 


Thanks,
Alex


The following are CoverityScan report on libvirt-cim-0.6.1-1.el6.src.rpm:


Analysis summary report:
------------------------
Files analyzed                 : 66
Total LoC input to cov-analyze : 55314
Functions analyzed             : 1009
Paths analyzed                 : 24006
Defect occurrences found       : 23 Total
                                  2 ARRAY_VS_SINGLETON
                                  7 CHECKED_RETURN
                                  2 DEADCODE
                                  2 NO_EFFECT
                                  3 RESOURCE_LEAK
                                  7 UNUSED_VALUE


For details:

Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-cim-0.6.1/src/Virt_AppliedFilterList.c:608: alloc_arg: Calling allocation function "get_dominfo" on "dominfo".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/device_parsing.c:1251: alloc_arg: "get_dominfo_from_xml" allocates memory that is stored into "*dominfo".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/device_parsing.c:1205: alloc_fn: Storage is returned from allocation function "calloc".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/device_parsing.c:1205: var_assign: Assigning: "*dominfo" = "calloc(1UL, 216UL)".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/device_parsing.c:1209: noescape: Variable "*dominfo" is not freed or pointed-to in function "_get_dominfo".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/device_parsing.c:1168:57: noescape: "_get_dominfo" does not free or save its pointer parameter "dominfo".
/builddir/build/BUILD/libvirt-cim-0.6.1/src/Virt_AppliedFilterList.c:644: leaked_storage: Variable "dominfo" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-cim-0.6.1/src/Virt_AppliedFilterList.c:485: alloc_arg: Calling allocation function "get_dominfo" on "dominfo".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/device_parsing.c:1251: alloc_arg: "get_dominfo_from_xml" allocates memory that is stored into "*dominfo".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/device_parsing.c:1205: alloc_fn: Storage is returned from allocation function "calloc".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/device_parsing.c:1205: var_assign: Assigning: "*dominfo" = "calloc(1UL, 216UL)".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/device_parsing.c:1209: noescape: Variable "*dominfo" is not freed or pointed-to in function "_get_dominfo".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/device_parsing.c:1168:57: noescape: "_get_dominfo" does not free or save its pointer parameter "dominfo".
/builddir/build/BUILD/libvirt-cim-0.6.1/src/Virt_AppliedFilterList.c:529: leaked_storage: Variable "dominfo" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/misc_util.c:275: alloc_arg: Calling allocation function "get_domain_list" on "list".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/cs_util_instance.c:52: alloc_fn: Storage is returned from allocation function "calloc".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/cs_util_instance.c:52: var_assign: Assigning: "list" = "calloc(n_names + n_ids, 8UL)".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/cs_util_instance.c:112: var_assign: Assigning: "*_list" = "list".
/builddir/build/BUILD/libvirt-cim-0.6.1/libxkutil/misc_util.c:277: leaked_storage: Variable "list" going out of scope leaks the storage it points to.

Comment 11 Eduardo Lima (Etrunko) 2012-03-06 13:14:10 UTC
(In reply to comment #10)
> (In reply to comment #9)
> > Patches were reviewed and are pushed upstream. Latest HEAD should include fixes
> > to these and also remove some compilation warnings. The hash is
> > f0494d4a864642bed51ccc99af1311e2f9dd2b72
> 
> Dear Eduardo,
> The 0.6.1-1.el6 version has fixed 2 FORWARD_NULL, 11 RESOURCE_LEAK, 2 UNINIT, 
> 6 NULL_RETURNS, 1 DEADCODE, and 2 USE_AFTER_FREE issues for previous version,
> however, the Coverity still complains 3 RESOURCE_LEAK in the following report,
> I haven't seen actually codes, it may be a positive branch, Eduardo, do you
> want to fix them? 
> 

Can you confirm the hash/tag you used for this package? I assume it is release_0_6_1. I have some commits on top of the latest release and would rather provide a patch backported for that version instead of you having to pull the latest changes, which might include more bugs.

Comment 12 Eduardo Lima (Etrunko) 2012-03-06 18:20:58 UTC
Created attachment 568024 [details]
Patch for version 0.6.1

Comment 13 Alex Jia 2012-03-07 02:34:41 UTC
(In reply to comment #12)
> Created attachment 568024 [details]
> Patch for version 0.6.1

Thanks for your patch again.

Comment 14 Alex Jia 2012-03-07 02:36:10 UTC
Hello Daniel,
We need a new rpm build with latest Eduardo's patch.

Regards,
Alex

Comment 15 Alex Jia 2012-03-09 07:18:58 UTC
Hello Daniel,
It seems version 0.6.1-2 hasn't included latest Eduardo's patch, the Coverity test report is the same to  0.6.1-1 (see Comment 10 details):

Analysis summary report:
------------------------
Files analyzed                 : 66
Total LoC input to cov-analyze : 55314
Functions analyzed             : 1009
Paths analyzed                 : 24006
Defect occurrences found       : 23 Total
                                  2 ARRAY_VS_SINGLETON
                                  7 CHECKED_RETURN
                                  2 DEADCODE
                                  2 NO_EFFECT
                                  3 RESOURCE_LEAK
                                  7 UNUSED_VALUE

Notes, Coverity still complains 3 RESOURCE_LEAK on libvirt-cim-0.6.1-2.el6.


Regards,
Alex

Comment 16 Eduardo Lima (Etrunko) 2012-03-09 13:13:07 UTC
(In reply to comment #15)
> Hello Daniel,
> It seems version 0.6.1-2 hasn't included latest Eduardo's patch, the Coverity
> test report is the same to  0.6.1-1 (see Comment 10 details):
> 
> Analysis summary report:
> ------------------------
> Files analyzed                 : 66
> Total LoC input to cov-analyze : 55314
> Functions analyzed             : 1009
> Paths analyzed                 : 24006
> Defect occurrences found       : 23 Total
>                                   2 ARRAY_VS_SINGLETON
>                                   7 CHECKED_RETURN
>                                   2 DEADCODE
>                                   2 NO_EFFECT
>                                   3 RESOURCE_LEAK
>                                   7 UNUSED_VALUE
> 
> Notes, Coverity still complains 3 RESOURCE_LEAK on libvirt-cim-0.6.1-2.el6.
> 

Are these the same reported previously?

Comment 17 Alex Jia 2012-03-09 14:46:37 UTC
(In reply to comment #16)
> (In reply to comment #15)
> > Notes, Coverity still complains 3 RESOURCE_LEAK on libvirt-cim-0.6.1-2.el6.
> > 
> 
> Are these the same reported previously?

Dear Eduardo,
Yes, these are same with previous 0.6.1-1 report, including 3 same RESOURCE_LEAK, so I said it seemed 0.6.1-2 hadn't include your patch.

Regards,
Alex

Comment 18 Daniel Veillard 2012-03-13 05:57:00 UTC
Right, I was hoping that patch had been commited upstream but not it's just
posted there. So we need a new build !

Daniel

Comment 19 Daniel Veillard 2012-03-13 06:16:58 UTC
libvirt-cim-0.6.1-3.el6 is built with the latest patch

Daniel

Comment 20 Alex Jia 2012-03-13 06:43:22 UTC
The following is CoverityScan report on libvirt-cim-0.6.1-3.el6.src.rpm:

Analysis summary report:
------------------------
Files analyzed                 : 66
Total LoC input to cov-analyze : 55315
Functions analyzed             : 1009
Paths analyzed                 : 24045
Defect occurrences found       : 20 Total
                                  2 ARRAY_VS_SINGLETON
                                  7 CHECKED_RETURN
                                  2 DEADCODE
                                  2 NO_EFFECT
                                  7 UNUSED_VALUE

The previous 3 RESOURCE_LEAK have been fixed on 0.6.1-3.el6, the rest of issues aren't important, we may ignore them, so move the bug to VERIFIED.

Comment 23 errata-xmlrpc 2012-06-20 12:01:46 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0757.html