Bug 771021
Summary: | Coverity scan revealed defects | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Alex Jia <ajia> |
Component: | libvirt | Assignee: | Gunannan Ren <gren> |
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.3 | CC: | acathrow, dallan, dyuan, eblake, jdenemar, jyang, mluscon, mzhan, rwu, veillard |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | libvirt-0.9.10-17.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-06-20 06:40:56 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Attachments: |
Description
Alex Jia
2011-12-31 08:27:03 UTC
Created attachment 550104 [details]
CoverityScan-libvirt-0.9.9-0rc1.el6
Coverity detected some issues on libvirt-0.9.9-1.el6: Analysis summary report: ------------------------ Files analyzed : 237 Total LoC input to cov-analyze : 296656 Functions analyzed : 7265 Paths analyzed : 797255 New defects found : 20 Total 5 CHECKED_RETURN 5 DEADCODE 1 FORWARD_NULL 1 MISSING_RETURN 1 NEGATIVE_RETURNS 1 NULL_RETURNS 2 RESOURCE_LEAK 1 RETURN_LOCAL 1 UNINIT 2 UNUSED_VALUE Created attachment 551582 [details]
CoverityScan-libvirt-0.9.9-1.el6
Coverity detected some issues on libvirt-0.9.9-2.el6: Analysis summary report: ------------------------ Files analyzed : 237 Total LoC input to cov-analyze : 296687 Functions analyzed : 7265 Paths analyzed : 800811 Defect occurrences found : 38 Total 5 CHECKED_RETURN 15 DEADCODE 1 FORWARD_NULL 1 MISSING_RETURN 1 NEGATIVE_RETURNS 1 NULL_RETURNS 1 OVERRUN_STATIC 9 RESOURCE_LEAK 1 RETURN_LOCAL 1 UNINIT 2 UNUSED_VALUE Created attachment 556536 [details]
CoverityScan-libvirt-0.9.9-2.el6
The log is pretty clear, I need to check what the each defect is really meant to be. Created attachment 559606 [details]
CoverityScan-libvirt-0.9.10-0rc1.el6
Analysis summary report:
------------------------
Files analyzed : 247
Total LoC input to cov-analyze : 303350
Functions analyzed : 7440
Paths analyzed : 827248
Defect occurrences found : 54 Total
6 CHECKED_RETURN
22 DEADCODE
1 FORWARD_NULL
1 MISSING_RETURN
2 NEGATIVE_RETURNS
1 NO_EFFECT
3 NULL_RETURNS
1 OVERRUN_STATIC
10 RESOURCE_LEAK
1 RETURN_LOCAL
1 SIZEOF_MISMATCH
3 UNINIT
2 UNUSED_VALUE
A new memory leak is introduced, it should be easy to fix:
Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_conf.c:363: alloc_fn: Calling allocation function "virNWFilterVarAccessParse".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_params.c:930: alloc_arg: "virAlloc" allocates memory that is stored into "dest".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_params.c:946: return_alloc: Returning allocated memory "dest".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_conf.c:363: var_assign: Assigning: "varAccess" = storage returned from "virNWFilterVarAccessParse(var)".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_conf.c:369: noescape: Variable "varAccess" is not freed or pointed-to in function "virNWFilterVarAccessEqual".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_params.c:897:57: noescape: "virNWFilterVarAccessEqual" does not free or save its pointer parameter "b".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_conf.c:378: leaked_storage: Variable "varAccess" going out of scope leaks the storage it points to.
The libvirt-0.9.10-0rc2.el6 hasn't introduced new issues, the test report is the same to rc1. Analysis summary report: ------------------------ Files analyzed : 247 Total LoC input to cov-analyze : 303342 Functions analyzed : 7440 Paths analyzed : 827727 Defect occurrences found : 54 Total 6 CHECKED_RETURN 22 DEADCODE 1 FORWARD_NULL 1 MISSING_RETURN 2 NEGATIVE_RETURNS 1 NO_EFFECT 3 NULL_RETURNS 1 OVERRUN_STATIC 10 RESOURCE_LEAK 1 RETURN_LOCAL 1 SIZEOF_MISMATCH 3 UNINIT 2 UNUSED_VALUE CoverityScan on libvirt-0.9.10-1.el6. Analysis summary report: ------------------------ Files analyzed : 247 Total LoC input to cov-analyze : 303567 Functions analyzed : 7445 Paths analyzed : 827631 Defect occurrences found : 55 Total 6 CHECKED_RETURN 22 DEADCODE 2 FORWARD_NULL 1 MISSING_RETURN 2 NEGATIVE_RETURNS 1 NO_EFFECT 3 NULL_RETURNS 1 OVERRUN_STATIC 10 RESOURCE_LEAK 1 RETURN_LOCAL 1 SIZEOF_MISMATCH 3 UNINIT 2 UNUSED_VALUE Created attachment 561770 [details]
CoverityScan-libvirt-0.9.10-1.el6
CoverityScan on libvirt-0.9.10-3.el6: Analysis summary report: ------------------------ Files analyzed : 248 Total LoC input to cov-analyze : 303885 Functions analyzed : 7455 Paths analyzed : 828776 Defect occurrences found : 55 Total 6 CHECKED_RETURN 22 DEADCODE 2 FORWARD_NULL 1 MISSING_RETURN 2 NEGATIVE_RETURNS 1 NO_EFFECT 3 NULL_RETURNS 1 OVERRUN_STATIC 10 RESOURCE_LEAK 1 RETURN_LOCAL 1 SIZEOF_MISMATCH 3 UNINIT 2 UNUSED_VALUE Notes, the same test report to libvirt-0.9.10-1.el6 version. Commit v0.9.10-17-g2ccc4a6 should fix a 'FORWARD_NULL' error about dereferencing null variable 'host': commit 2ccc4a607f6e122aff2e3b9d133d6e6b4b661a1e Author: Jiri Denemark <jdenemar> Date: Wed Feb 15 12:18:25 2012 +0100 qemu: Fix segfault when host CPU is empty In case libvirtd cannot detect host CPU model (which may happen if it runs inside a virtual machine), the daemon is likely to segfault when starting a new qemu domain. It segfaults when domain XML asks for host (either model or passthrough) CPU or does not ask for any specific CPU model at all. CoverityScan on libvirt-0.9.10-5.el6: Analysis summary report: ------------------------ Files analyzed : 249 Total LoC input to cov-analyze : 306833 Functions analyzed : 7520 Paths analyzed : 849861 Defect occurrences found : 49 Total 6 CHECKED_RETURN 13 DEADCODE 3 FORWARD_NULL 1 MISSING_RETURN 2 NEGATIVE_RETURNS 1 NO_EFFECT 3 NULL_RETURNS 1 OVERRUN_STATIC 11 RESOURCE_LEAK 1 RETURN_LOCAL 1 REVERSE_INULL 1 SIZEOF_MISMATCH 3 UNINIT 2 UNUSED_VALUE Defects in patches: Error: DEADCODE: /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2746: dead_error_condition: On this path, the switch value "netType" cannot be "VIR_DOMAIN_NET_TYPE_HOSTDEV". /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2693: const: After this line, the value of "netType" is equal to 2. /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2693: const: After this line, the value of "netType" is equal to 3. /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2693: const: After this line, the value of "netType" is equal to 4. /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2717: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_CLIENT". /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2719: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_MCAST". /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2718: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_SERVER". /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2746: dead_error_line: Execution cannot reach this statement "case VIR_DOMAIN_NET_TYPE_HO...". Error: FORWARD_NULL: /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_hotplug.c:2065: assign_zero: Assigning: "detach" = 0. /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_hotplug.c:2079: var_deref_model: Passing null variable "detach" to function "virDomainNetGetActualType", which dereferences it. /builddir/build/BUILD/libvirt-0.9.10/src/conf/domain_conf.c:14284: deref_parm: Directly dereferencing parameter "iface". Error: MISSING_RETURN: /tmp/tmpixld3n.c:1: missing_return: Arriving at the end of a function without returning a value. Error: RESOURCE_LEAK: /builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:338: alloc_arg: Calling allocation function "virAlloc" on "srv". /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)". /builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:343: noescape: Variable "srv" is not freed or pointed-to in function "virMutexInit". /builddir/build/BUILD/libvirt-0.9.10/src/util/threads-pthread.c:49:30: noescape: "virMutexInit" does not free or save its pointer parameter "m". /builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:404: leaked_storage: Variable "srv" going out of scope leaks the storage it points to. Error: REVERSE_INULL: /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_hotplug.c:2079: deref_ptr_in_call: Dereferencing pointer "detach". /builddir/build/BUILD/libvirt-0.9.10/src/conf/domain_conf.c:14284: deref_parm: Directly dereferencing parameter "iface". /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_hotplug.c:2086: check_after_deref: Dereferencing "detach" before a null check. Created attachment 569956 [details]
CoverityScan-libvirt-0.9.10-5.el6
CoverityScan on libvirt-0.9.10-6.el6: Analysis summary report: ------------------------ Files analyzed : 249 Total LoC input to cov-analyze : 307044 Functions analyzed : 7523 Paths analyzed : 850591 Defect occurrences found : 49 Total 6 CHECKED_RETURN 13 DEADCODE 1 EVALUATION_ORDER 2 FORWARD_NULL 1 MISSING_RETURN 2 NEGATIVE_RETURNS 1 NO_EFFECT 3 NULL_RETURNS 1 OVERRUN_STATIC 12 RESOURCE_LEAK 1 RETURN_LOCAL 1 SIZEOF_MISMATCH 3 UNINIT 2 UNUSED_VALUE A new memory leak is introduced: Error: RESOURCE_LEAK: /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:1691: alloc_arg: Calling allocation function "virAllocN" on "cpumap". /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)". /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:1702: leaked_storage: Variable "cpumap" going out of scope leaks the storage it points to. CoverityScan on libvirt-0.9.10-8.el6: Analysis summary report: ------------------------ Files analyzed : 249 Total LoC input to cov-analyze : 308322 Functions analyzed : 7551 Paths analyzed : 856402 Defect occurrences found : 51 Total 6 CHECKED_RETURN 13 DEADCODE 1 EVALUATION_ORDER 4 FORWARD_NULL 1 MISSING_RETURN 2 NEGATIVE_RETURNS 1 NO_EFFECT 3 NULL_RETURNS 1 OVERRUN_STATIC 12 RESOURCE_LEAK 1 RETURN_LOCAL 1 SIZEOF_MISMATCH 3 UNINIT 2 UNUSED_VALUE There are 2 new FORWARD_NULL are introduced on this build: Error: FORWARD_NULL: /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_driver.c:9850: assign_zero: Assigning: "driverType" = 0. /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_driver.c:9907: var_deref_model: Passing null variable "driverType" to function "qemuMonitorDiskSnapshot", which dereferences it. /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_monitor.c:2632: deref_parm_in_call: Function "__coverity_strcmp" dereferences parameter "format". Error: FORWARD_NULL: /builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:392: assign_zero: Assigning: "params" = 0. /builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:505: var_deref_model: Passing null variable "params" to function "getPyVirTypedParameter", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) CoverityScan on libvirt-0.9.10-11.el6: Analysis summary report: ------------------------ Files analyzed : 249 Total LoC input to cov-analyze : 308611 Functions analyzed : 7563 Paths analyzed : 857338 Defect occurrences found : 48 Total 6 CHECKED_RETURN 13 DEADCODE 1 EVALUATION_ORDER 2 FORWARD_NULL 1 MISSING_RETURN 2 NEGATIVE_RETURNS 1 NO_EFFECT 3 NULL_RETURNS 1 OVERRUN_STATIC 11 RESOURCE_LEAK 1 RETURN_LOCAL 1 SIZEOF_MISMATCH 3 UNINIT 2 UNUSED_VALUE New leaks: Error: RESOURCE_LEAK: /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:1733: alloc_arg: Calling allocation function "virAllocN" on "cpumap". /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)". /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:1744: leaked_storage: Variable "cpumap" going out of scope leaks the storage it points to. Error: RESOURCE_LEAK: /builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:338: alloc_arg: Calling allocation function "virAlloc" on "srv". /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)". /builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:343: noescape: Variable "srv" is not freed or pointed-to in function "virMutexInit". /builddir/build/BUILD/libvirt-0.9.10/src/util/threads-pthread.c:49:30: noescape: "virMutexInit" does not free or save its pointer parameter "m". /builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:404: leaked_storage: Variable "srv" going out of scope leaks the storage it points to. Created attachment 577032 [details]
CoverityScan-libvirt-0.9.10-11.el6
*** Bug 811993 has been marked as a duplicate of this bug. *** CoverityScan on libvirt-0.9.10-13.el6: Analysis summary report: ------------------------ Files analyzed : 227 Total LoC input to cov-analyze : 380801 Functions analyzed : 6323 Paths analyzed : 447757 Defect occurrences found : 68 Total 7 CHECKED_RETURN 5 DEADCODE 2 FORWARD_NULL 2 MISSING_BREAK 1 MISSING_RETURN 2 NEGATIVE_RETURNS 4 NULL_RETURNS 1 OVERRUN_STATIC 24 RESOURCE_LEAK 1 RETURN_LOCAL 14 REVERSE_INULL 1 SIGN_EXTENSION 4 UNINIT Defects in patches: Error: FORWARD_NULL: /builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:355: assign_zero: Assigning: "params" = 0. /builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:458: var_deref_model: Passing null variable "params" to function "getPyVirTypedParameter", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) Error: RESOURCE_LEAK: /builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:338: alloc_arg: Calling allocation function "virAlloc" on "srv". /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc". /builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)". /builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:343: noescape: Variable "srv" is not freed or pointed-to in function "virMutexInit". /builddir/build/BUILD/libvirt-0.9.10/src/util/threads-pthread.c:49:30: noescape: "virMutexInit" does not free or save its pointer parameter "m". /builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:404: leaked_storage: Variable "srv" going out of scope leaks the storage it points to. Created attachment 578527 [details]
CoverityScan-libvirt-0.9.10-13.el6
CoverityScan on libvirt-0.9.10-14.el6: Analysis summary report: ------------------------ Files analyzed : 227 Total LoC input to cov-analyze : 381431 Functions analyzed : 6323 Paths analyzed : 447675 Defect occurrences found : 68 Total 7 CHECKED_RETURN 5 DEADCODE 2 FORWARD_NULL 2 MISSING_BREAK 1 MISSING_RETURN 2 NEGATIVE_RETURNS 4 NULL_RETURNS 1 OVERRUN_STATIC 24 RESOURCE_LEAK 1 RETURN_LOCAL 14 REVERSE_INULL 1 SIGN_EXTENSION 4 UNINIT The -14 test report is the same to -13, there are not new issues are introduced. CoverityScan on libvirt-0.9.10-15.el6: Analysis summary report: ------------------------ Files analyzed : 227 Total LoC input to cov-analyze : 381570 Functions analyzed : 6324 Paths analyzed : 447540 Defect occurrences found : 68 Total 7 CHECKED_RETURN 5 DEADCODE 2 FORWARD_NULL 2 MISSING_BREAK 1 MISSING_RETURN 2 NEGATIVE_RETURNS 4 NULL_RETURNS 1 OVERRUN_STATIC 24 RESOURCE_LEAK 1 RETURN_LOCAL 14 REVERSE_INULL 1 SIGN_EXTENSION 4 UNINIT The -15 test report is the same to -14, there are not new issues are introduced. CoverityScan on libvirt-0.9.10-16.el6: Analysis summary report: ------------------------ Files analyzed : 227 Total LoC input to cov-analyze : 381600 Functions analyzed : 6324 Paths analyzed : 447540 Defect occurrences found : 68 Total 7 CHECKED_RETURN 5 DEADCODE 2 FORWARD_NULL 2 MISSING_BREAK 1 MISSING_RETURN 2 NEGATIVE_RETURNS 4 NULL_RETURNS 1 OVERRUN_STATIC 24 RESOURCE_LEAK 1 RETURN_LOCAL 14 REVERSE_INULL 1 SIGN_EXTENSION 4 UNINIT The -16 test report is the same to -15, there are not new issues are introduced. Error: RESOURCE_LEAK: /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:351: open_fn: Calling opening function "open". /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:351: var_assign: Assigning: "fd_out" = handle returned from "open(def->source.data.file.path, 1089, 432)". /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:358: noescape: Variable "fd_out" is not freed or pointed-to in function "virAsprintf". /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:358: noescape: Variable "fd_out" is not closed or saved in function "virAsprintf". /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:363: noescape: Variable "fd_out" is not closed or saved in function "virCommandTransferFD". /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:364: leaked_handle: Handle variable "fd_out" going out of scope leaks the handle. ==== For the above leak, it's not a valid checking, virCommandTransferFD will close the file handle. (In reply to comment #27) > Error: RESOURCE_LEAK: > /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:351: open_fn: Calling > opening function "open". > /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:351: var_assign: > Assigning: "fd_out" = handle returned from "open(def->source.data.file.path, > 1089, 432)". > /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:358: noescape: Variable > "fd_out" is not freed or pointed-to in function "virAsprintf". > /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:358: noescape: Variable > "fd_out" is not closed or saved in function "virAsprintf". > /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:363: noescape: Variable > "fd_out" is not closed or saved in function "virCommandTransferFD". > /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:364: leaked_handle: > Handle variable "fd_out" going out of scope leaks the handle. > > ==== > For the above leak, it's not a valid checking, virCommandTransferFD will close > the file handle. Likewise for below: Error: RESOURCE_LEAK: /builddir/build/BUILD/libvirt-0.9.10/src/rpc/virnetsocket.c:324: open_fn: Calling opening function "socket". /builddir/build/BUILD/libvirt-0.9.10/src/rpc/virnetsocket.c:324: var_assign: Assigning: "fd" = handle returned from "socket(1, 1, 0)". /builddir/build/BUILD/libvirt-0.9.10/src/rpc/virnetsocket.c:342: noescape: Variable "fd" is not closed or saved in function "bind". /builddir/build/BUILD/libvirt-0.9.10/src/rpc/virnetsocket.c:361: noescape: Variable "fd" is not closed or saved in function "virNetSocketNew". /builddir/build/BUILD/libvirt-0.9.10/src/rpc/virnetsocket.c:364: leaked_handle: Handle variable "fd" going out of scope leaks the handle. The file descriptor will be marked as close-on-exec in virNetSocketNew. (In reply to comment #27) > /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:363: noescape: Variable > "fd_out" is not closed or saved in function "virCommandTransferFD". > /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:364: leaked_handle: > Handle variable "fd_out" going out of scope leaks the handle. > > ==== > For the above leak, it's not a valid checking, virCommandTransferFD will close > the file handle. 826 /* 827 * Preserve the specified file descriptor in the child, instead of 828 * closing it. FD must not be one of the three standard streams. If 829 * transfer is true, then fd will be closed in the parent after a call 830 * to Run/RunAsync/Free, otherwise caller is still responsible for fd. 831 * Returns true if a transferring caller should close FD now, and 832 * false if the transfer is successfully recorded. 833 */ 834 static bool 835 virCommandKeepFD(virCommandPtr cmd, int fd, bool transfer) CoverityScan on libvirt-0.9.10-18.el6: Analysis summary report: ------------------------ Files analyzed : 227 Total LoC input to cov-analyze : 382010 Functions analyzed : 6329 Paths analyzed : 448825 Defect occurrences found : 61 Total 7 CHECKED_RETURN 5 DEADCODE 2 FORWARD_NULL 2 MISSING_BREAK 1 MISSING_RETURN 2 NEGATIVE_RETURNS 3 NULL_RETURNS 1 OVERRUN_STATIC 18 RESOURCE_LEAK 1 RETURN_LOCAL 14 REVERSE_INULL 1 SIGN_EXTENSION 4 UNINIT Exceeded path limit of 5000 paths in 0.22% of functions (normally up to 5% of functions encounter this limitation) Elapsed time: 00:07:16 In addition, a new issue is introduced by patch: Error: FORWARD_NULL: /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:2477: assign_zero: Assigning: "nodemask" = 0. /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:2534: var_deref_model: Passing null variable "nodemask" to function "qemuProcessInitCpuAffinity", which dereferences it. /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:1754: deref_parm: Directly dereferencing parameter "nodemask". For 18 RESOURCE_LEAK, please help confirm them except previous Comment 27-30(7 leaks), also need to check 14 REVERSE_INULL Created attachment 583201 [details]
CoverityScan-libvirt-0.9.10-18.el6
CoverityScan on libvirt-0.9.10-19.el6: Analysis summary report: ------------------------ Files analyzed : 227 Total LoC input to cov-analyze : 382017 Functions analyzed : 6329 Paths analyzed : 449426 Defect occurrences found : 60 Total 7 CHECKED_RETURN 5 DEADCODE 1 FORWARD_NULL 2 MISSING_BREAK 1 MISSING_RETURN 2 NEGATIVE_RETURNS 3 NULL_RETURNS 1 OVERRUN_STATIC 18 RESOURCE_LEAK 1 RETURN_LOCAL 14 REVERSE_INULL 1 SIGN_EXTENSION 4 UNINIT Hasn't a new issue is introduced by patches. Created attachment 584630 [details]
CoverityScan-libvirt-0.9.10-19.el6
CoverityScan on libvirt-0.9.10-20.el6: Analysis summary report: ------------------------ Files analyzed : 249 Total LoC input to cov-analyze : 310014 Functions analyzed : 7587 Paths analyzed : 868885 Defect occurrences found : 43 Total 6 CHECKED_RETURN 13 DEADCODE 1 EVALUATION_ORDER 1 FORWARD_NULL 1 MISSING_RETURN 2 NEGATIVE_RETURNS 1 NO_EFFECT 3 NULL_RETURNS 1 OVERRUN_STATIC 7 RESOURCE_LEAK 1 RETURN_LOCAL 1 SIZEOF_MISMATCH 3 UNINIT 2 UNUSED_VALUE There are many issues are fixed by this build, and still need to confirm the following items: 1 FORWARD_NULL if 'from' is NULL, need to check the following codes: <snip> 16808 if (tree) { 16809 char indentBuf[INDENT_BUFLEN]; 16810 for (i = 0 ; i < actual ; i++) { 16811 memset(indentBuf, '\0', sizeof(indentBuf)); 16812 if (ctl->useSnapshotOld ? STREQ(names[i], from) : !parents[i]) </snip> 7 RESOURCE_LEAK (it should be confirmed by Osier) 3 UNINIT (need to confirm them) In addition, for other error, please also confirm whether they're harmless for libvirt. Moreover, there are 2 new issues are introduced by patches: Error: DEADCODE: /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2852: dead_error_condition: On this path, the switch value "netType" cannot be "VIR_DOMAIN_NET_TYPE_HOSTDEV". /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2799: const: After this line, the value of "netType" is equal to 2. /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2799: const: After this line, the value of "netType" is equal to 3. /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2799: const: After this line, the value of "netType" is equal to 4. /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2823: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_CLIENT". /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2825: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_MCAST". /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2824: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_SERVER". /builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2852: dead_error_line: Execution cannot reach this statement "case VIR_DOMAIN_NET_TYPE_HO...". Error: EVALUATION_ORDER: /builddir/build/BUILD/libvirt-0.9.10/src/conf/domain_conf.c:7159: write_write_order: In "disk = disk = def->disks[i]", "disk" is written in "disk" (the assignment left-hand side) and written in "disk = def->disks[i]" but the order in which the side effects take place is undefined because there is no intervening sequence point. IMHO, they should be harmless for libvirt. Created attachment 584879 [details]
CoverityScan-libvirt-0.9.10-20.el6
Coverity hasn't new complaint for libvirt-0.9.10-21.el6 except new "Error: MISSING_RETURN", it's harmless for libvirt. In addition, some memory leaks issues have been fixed and still need to confirm NULL pointer defering issues, I will close the bug then file a new bug for 6.4 to trace reset of Coverity relevant issues, meanwhile, the bug is a tracking bug for 6.4 like 6.3. File a new bug for 6.4: https://bugzilla.redhat.com/show_bug.cgi?id=825903 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2012-0748.html |