Bug 758194

Summary: Coverity omnibus
Product: Red Hat Enterprise Linux 6 Reporter: Markus Armbruster <armbru>
Component: qemu-kvmAssignee: Markus Armbruster <armbru>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2CC: acathrow, areis, bsarathy, chayang, juzhang, mkenneth, tburke, virt-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-0.12.1.2-2.235.el6 Doc Type: Bug Fix
Doc Text:
No documentation needed
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 11:37:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Coverity scan on qemu-kvm-293 none

Description Markus Armbruster 2011-11-29 14:03:12 UTC 
Description of problem:
Coverity found a number of defects that don't justify a separate BZ for reasons such as:

1. Can't affect RHEL-6.

2. Affects only unsupported usage, and impact there isn't disastrous.

3. Minor memory leak, e.g. on an error path

4. Crash rather than clean _exit(1) when running out of memory.

Fixing defects carries cost and risk.  But not fixing defects carries cost and risk, too.  In particular, we need to continue tracking the Coverity reports, to make sure the defects stay harmless.

This bug is to be used for fixing those defects we believe to be cheaper and less risky to fix than not to fix.
Comment 5 Dor Laor 2012-04-22 11:30:25 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed
Comment 6 Markus Armbruster 2012-04-26 12:17:52 UTC 
This bug is about "harmless" and "obvious" defects found by Coverity. Criteria:

* There's no need to tell users what was broken, because we don't
  expect users to notice the breakage, or the improvement.

* Patch either

  - fixes a real, although quite minor bug, or

  - strengthens brittle code that works more or less by chance now, or

  - cleans up a mess in the hope of easing future maintenance.

  Getting rid of a Coverity defect report eases future maintenance,
  because ignoring "known harmless" defect reports is only safe as
  long as nothing changes: reasons for harmlessness can go away
  without changing the defect report.

  But anything that's likely to cause more merge conflicts later on
  flunks the "ease future maintenance" test.

* Patch is very low risk, because

  - it's a really, really simple change, or

  - it affects only stuff we don't support.

Therefore, many of the defects can't be tested, and many others aren't worth testing.  In fact, I'm not sure any of them is worth testing. But that's for QA to decide.  I'm just providing information to help with that decision:

* 01/52 Simplify qemu_realloc()
  commit 6c341544e189b91ab9366d17aa73eeb09bfae52d

  Should not change behavior; there's nothing to test.

* 02/52 slirp: remove dead assignments, spotted by clang
  commit 9337c459eaa3afd92ea46f7162790d87faf1b0c6

  No functional change; there's nothing to test.

* 03/52 update bochs vbe interface
  commit 9d262176f9d35fa1181d1a19a39641c24d4ee5ae

  Fixes a latent bug; there's nothing to test.

* 04/52 x86: remove dead assignments, spotted by clang analyzer
  commit 0cd3c549484072487ef266c7267d46aa531a6540

  No functional change; there's nothing to test.

* 05/52 Fix tiny leak in qemu_opts_parse
  commit d5cad522fc8b2be85aeadbe5bc0f0e2efb62bdd9

  Minor memory leak.  Could be tested with valgrind, but I doubt it's worth the effort.  If you insist on testing it, I could help find a reproducer.

* 06/52 Fix uint8_t comparisons with negative values
  commit 12cbe65e5efca396c34195b0dcb721d609eed51d

  No functional change; there's nothing to test.

* 07/52 vl.c: Remove dead assignment
  commit 6516707cbe09db2414337cd5aa003b8cf9940ecf
  08/52 remove pointless if from vl.c
  commit 5d299d7249092b41718cf8702aea80c2ffd3def8

  No functional change; there's nothing to test.

* 09/52 eepro100: initialize a variable in all cases
  commit 5d630294b14759c26346f2fb762c8f3415d9f8ae

  Unsupported device; not worth testing.

* 10/52 vnc-auth-sasl: fix a memory leak
  commit 66ffa0b3a8f671718ce3a651426425d53cb09d80

  Minor memory leak on error path.  Could be tested with valgrind, but I doubt it's worth the effort.  If you insist on testing it, I could help find a reproducer.

* 11/52 loader: fix a file descriptor leak
  commit ebb53aa3388ac86d93ffb1ae32b2bddb0bca5200

  File descriptor leak on an unsupported path to exit().  Not worth testing.

* 12/52 qemu-io: fix a memory leak
  commit 9837b84dcccd1851f8da358e5e714584010e7d58

  Memory leak in qemu-io.  Only a testing tool, thus a memory leak there is are not worth testing.

* 13/52 kvm: x86: Prevent sign extension of DR7 in guest debugging mode
  commit ce79ae86090bdf7f0a54f98230fd477a8d7d8c04

  gdbstub is an unsupported feature; not worth testing.

* 14/52 pci: Fix memory leak
  commit 5ae4389a5749d362e7c2635e3fda22f1f25abf62

  Minor memory leak on error path.  Could be tested with valgrind, but I doubt it's worth the effort.  If you insist on testing it, I could help find a reproducer.

* 15/52 Fix warning on OpenBSD
  commit 8d24cc71d5dffb71e557331d40e4fa0cc571ba1c
  16/52 Fix net_check_clients warnings: make it per vlan.
  commit c1841e6bea92d8b5f184164f012013acf30d0830

  Fixes bogus "vlan %d with no nics" warning.  I doubt that's worth testing, and the bogus warning could be difficult to reproduce (depends on contents of uninitialized auto variable).  If you insist, I could assist in finding a reproducer.

* 17/52 pcnet: Fix sign extension: make ipxe work with >2G RAM
  commit 939a1563cfefbe03f216ddeecae0c96d62b3cb7f

  Unsupported device; not worth testing.

* 18/52 qcow2: Fix memory leaks in error cases
  commit 146cb245562e61e512e193d57a6fc5cfe6e39571

  Memory leaks on qemu-img check error paths.  Could be tested with valgrind, but I don't think it's worth the effort.  If you insist on testing it, I could help find a reproducer.

* 19/52 Do not use dprintf
  commit b7c19cf2629a037e0d611caf72f08db42a210216
  20/52 qemu-io: fix aio help texts
  commit f4b722391de129f7854c0fddeb8be8836f8ed122
  21/52 Fix %lld or %llx printf format use
  commit 1c375c70923dfbb2f87d2b029a020f54c506e4e9
  22/52 vhost_net.c: v2 Fix build failure introduced by 0bfcd599e3f5c5679cc7d0165a0a1822e2f60de2
  commit 4e26d97a63c56147cfaf9d1a81c1a198e4ed6788
  23/52 qemu-io: Fix formatting
  commit 7921759fcbd127741e53a1d045ec7829a8cc9024
  24/52 qemu-io: Fix if scoping bug
  commit 9c526c29e14b794ca7a67fc3f8203bc971aa01b1

  Broken input sanity checking in qemu-io.  Only a testing tool, thus such a bug isn't worth testing.

* 25/52 fix memory leak in aio_write_f
  commit 46dbafc37e5cdfe5fe9fd70ab24930057b338acd

  Memory leak in qemu-io.  Only a testing tool, thus a memory leak there is are not worth testing.

* 26/52 block: Fix bdrv_open use after free
  commit eaae78ac334b90ff2fadebe2b7469a38d2245677

  Fixes a latent bug; there's nothing to test.

* 27/52 block: Remove dead code
  commit 6ca8abc9ecb202a4d49793920c1e2f217edf99fa

  No functional change; there's nothing to test.

* 28/52 ide: Fix off-by-one error in array index check
  commit d4b1cde3c37d5c7c7c9aab1f96c0e734c77b79ad

  Sanity check of incoming migration data is broken.  We'd need a specially doctored migration source to reproduce.  I doubt that's worth doing.  If you insist, I could advise on how to doctor the migration source.

* 29/52 sysbus: Supply missing va_end()
  commit 9aace0dadd3a48f11d70c8e128dc56c0a1f743b2

  Bug can't bite on x86; there's nothing to test.

* 30/52 Fix warning about uninitialized variable
  commit 4e7ccea80d3f99706b325f17390eeba958eb4bd5
  31/52 Error check find_ram_offset
  commit 10e4d0c9e2439c47168af4a5200409d2e3b28d41

  Should never happen; there's nothing to test.

* 32/52 readline: Fix buffer overrun on re-add to history
  commit 87c16c7216f6c7862e06704139e3f073bd1e73f6

  Fixes a latent bug; there's nothing to test.

* 33/52 Clean up assertion in get_boot_devices_list()
  commit 3ee7adee815063ac974745d4aea5541c4b692662

  No functional change; there's nothing to test.

* 34/52 malloc shims to simplify backporting
  commit fcada79f2730846c988c7729c841b531277bfaf6
  35/52 ui/vnc: Convert sasl.mechlist to g_malloc() & friends
  commit fcec1a92c76c91ad7ca0221606e38154ee5e7637

  Crash on out-of-memory condition.  I doubt that's worth testing.  If you insist, I could advise on which malloc() call you need to make fail to reproduce the crash.

* 36/52 x86/cpuid: move CPUID functions into separate file
  commit 15226b0513210babdf16e84a3f5151d1190f1570
  37/52 x86/cpuid: Convert remaining strdup() to g_strdup()
  commit 8f2c699960df206acc4b6579be10371ce14d1b80
  38/52 x86/cpuid: Plug memory leak in cpudef_setfield()
  commit af5205ce0658a7e2fa2f0781489e4e470f6384b5
  39/52 x86/cpuid: Fix crash on -cpu ""
  commit 975dd918bf2e556ceff25d2082167edde4dac31b

  We crash on -cpu "" (silly thing to do), when strdup() fails (we're
  screwed anyway), and leak memory on duplicate name options in
  [cpudef] (another silly thing to do).

  -cpu "" is easy to test, so why not test it.  I doubt testing the other two is worth the effort.  If you insist, I could help find reproducers.

* 40/52 keymaps: Use glib memory allocation and free functions
  commit 455885da6d9c9854c673d40fa15b3a1ea690fa3c
  41/52 ui: Plug memory leaks on parse_keyboard_layout() error path
  commit e27ac9c966ba94718b1a0390ba29c820224bc58c

  Minor memory leak on error path.  Could be tested with valgrind, but I doubt it's worth the effort.  If you insist on testing it, I could help find a reproducer.

* 42/52 87ea92d raw-posix: Always check paio_init result
  commit 8bb63f77bb5fa46d2749ec4d3662ac88b7ff5938
  43/52 posix-aio-compat: Plug memory leak on paio_init() error path
  commit 61f8acd2ccfe2f9744c538364e9b1aebfeeeb8a8

  Memory leak on unlikely syscall failure.  I doubt that's worth testing.  If you insist, I could advise on which system call exactly you need to make fail to reproduce the leak.

* 44/52 os-posix: Plug fd leak in qemu_create_pidfile()
  commit c38bf687bbcffe29c64e881ee078f95fbe5ebe34
  53/52 keep the PID file locked for the lifetime of the process
  commit 83e3a339d958373a96cb569a343a41c95e860797

  File descriptor leak on unlikely error paths.  I doubt that's worth testing.  If you insist, I could advise on which system call exactly you need to make fail to reproduce the leak.

* 45/52 qemu-sockets: Plug fd leak on unix_connect_opts() error path
  commit a2203ef07e39ee80172f609c79cdd2456295e647

  File descriptor leak on error path.  I doubt that's worth testing. If you insist, I could advise on which system call exactly you need to make fail to reproduce the leak.

* 46/52 usb-linux: Disable legacy /proc/bus/usb and /dev/bus/usb scan
  commit 98a7a39cf4b3890b80b5232895f64d0de66d16a8

  Unsupported code, believed to be unreachable on RHEL-6; there's nothing to test.

* 47/52 ehci: add assert
  commit b142c4d48135bb9845dbe931a96c8112867d27e3

  Merely adds an assertion, and we're quite confident it's always true; there's nothing to test.

* 48/52 slirp: Clean up net_slirp_hostfwd_remove()'s use of get_str_sep()
  commit f449cba0ed6e07943a64a42c5a30cb7358509467

  No functional change; there's nothing to test.

* 49/52 cutils: Drop broken support for zero strtosz default_suffix
  commit 26e77be17defa4d16bb2c3a3bdc1c66449cdc18f

  No functional change; there's nothing to test.

* 50/52 console: Fix qemu_default_pixelformat() for 24 bpp
  commit a8752b83ad2f6953fab3b44de3b29b314ea497f9

  No functional change; there's nothing to test.

* 51/52 console: Clean up confusing indentation in console_putchar()
  commit ae3b836a3306a71ab37288883a53a4103ef76dac
  52/52 console: Fix console_putchar() for CSI J
  commit fa3e32a56283843ddbdc86e8203b762a49e795ef

  No obvservable change; there's nothing to test.
Comment 7 Chao Yang 2012-05-18 04:46:55 UTC 
QE decides to take Markus' suggestion and only test patch 39/52, x86/cpuid: Fix crash on -cpu "" . And perform Coverity scan on fixed qemu-kvm build then attach the defects report. 

On qemu-kvm-222, I cannot reproduce the crash by /usr/libexec/qemu-kvm -cpu "".

Hi Markus,
 Can you point me the way to reproduce the crash? Thanks in advance.
Comment 8 Chao Yang 2012-05-18 04:49:27 UTC 
Created attachment 585332 [details]
Coverity scan on qemu-kvm-293
Comment 9 Markus Armbruster 2012-05-21 12:31:07 UTC 
I claimed the crash on '-cpu "" is easy to test, so why not test it' in comment#6.  This isn't true; I had forgotten that the bug is masked by our non-upstream use of setdef_cpu_model().  Thus, it's a latent bug, and there is nothing to test.  Sorry for misleading you.
Comment 12 errata-xmlrpc 2012-06-20 11:37:19 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0746.html