Bug 878376

Summary: Coverity scan founds some resource leaks and USE_AFTER_FREE
Product: Red Hat Enterprise Linux 6 Reporter: zhe peng <zpeng>
Component: libvirtAssignee: Ján Tomko <jtomko>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.4CC: acathrow, ajia, dyasny, dyuan, mzhan, pkrempa, rwu
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-0.10.2-11.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 07:27:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 886216    
Attachments:
Description Flags
libvirt covscan error result none

Comment 2 Ján Tomko 2012-11-29 14:44:18 UTC 
  1 CONSTANT_EXPRESSION_RESULT - in stdio.h, not libvirt
  1 COPY_PASTE_ERROR
    fixed by upstream commit 924a6c7f6ad3fb3c3bb91feadccd12e6e471856f
    virsh: fix error messages in iface-bridge
 17 FORWARD_NULL
    4 in gnulib, look like false positives
    5 assume that 0 < 0
    3 fixed by bug 880919
    1 is a bad NULL check in a function that is never called with NULL
      fixed by cb02215 and 89cf363 upstream, not worth backporting IMO
      nwfilter: fix NULL pointer check in virNWFilterSnoopReqNew
      nwfilter: drop dead code
    4 left to check
  1 MISSING_BREAK
    fixed upstream by 7475ee0
        libssh2_session: support DSS keys as well
  2 MISSING_RETURN
    files in /tmp
  5 NEGATIVE_RETURNS
    1 in src/util/buf.c:159 can't happen, we already checked for the cases where virBufferGetIndent returns -1 before calling it
    3 regarding virXPathNodeSet
      fixed upstream by 34e5791
      conf: check the return value of virXPathNodeSet
    1 in src/conf/snapshot_conf.c
      fixed upstream by commit 0361917
      conf: snapshot: check return value of virDomainSnapshotObjListNum
  1 NO_EFFECT
    has no effect :)
  2 NULL_RETURNS
    1 in src/qemu/qemu_hostdev.c
      pciDeviceListFind should not return NULL, since the device was succesfully added 2 cycles ago
    1 to be checked      
  2 OVERRUN
    1 check in virCgroupAddTaskController is off by one, however it's checked in all the places where it's called. harmless not to backport
    fixed upstream by commit 28a6fd9
    cgroup: fix impossible overrun in virCgroupAddTaskController
  4 REVERSE_INULL
    1 in bridge_driver.c useless NULL check, can be removed
    1 in esx_vi.c is harmless as well, objectSpec is allocated at this point and can be removed as well
    1 in netdev_bandwidth_conf.c is a bad NULL check, but none of the callers call virNetDevBandwidthParse with NULL, patch to follow
    1 in src/util/processinfo.c is a bad check of allocation, patch to follow.
  2 SIZEOF_MISMATCH
    both in virsh-domain.c, result in allocating a bit more memory than needed,
    patch to follow
  6 UNINIT
    1 in src/rpc/virnetmessage.c, uninitialized value is used on OOM, patch to follow.
    4 in virsh.c, unitialized before and after values, patch to follow
    1 in src/conf/snapshot_conf.c, unitialized value on OOM, patch to follow
  5 UNUSED_VALUE
    these look OK
 10 USE_AFTER_FREE
    all false positives, assuming the file descriptors are both equal and not equal

still left to check:
 53 BAD_SIZEOF
  4 CHECKED_RETURN
 22 DEADCODE
  4 FORWARD_NULL
libvirt-0.10.2/src/conf/storage_conf.c:461: var_deref_model: Passing null pointer "uuid" to function "virUUIDParse(char const *, unsigned char *)", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
libvirt-0.10.2/src/util/virauthconfig.c:158:5: deref_parm_in_call: Function "virKeyFileHasValue(virKeyFilePtr, char const *, char const *)" dereferences "credname". (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
libvirt-0.10.2/src/network/bridge_driver.c:3681: var_deref_model: Passing null pointer "&iface->data.network.actual->vlan" to function "virNetDevVlanCopy(virNetDevVlanPtr, virNetDevVlanPtr const)", which dereferences it.
libvirt-0.10.2/src/lxc/lxc_container.c:1375: var_deref_model: Passing null pointer "*root" to function "opendir(char const *)", which dereferences it.
  1 NULL_RETURNS
libvirt-0.10.2/src/lxc/lxc_container.c:1350: dereference: Dereferencing a null pointer "tmp".
175 RESOURCE_LEAK
  1 UNREACHABLE
Comment 3 Peter Krempa 2012-12-03 14:35:21 UTC 
In POST as of: http://post-office.corp.redhat.com/archives/rhvirt-patches/2012-December/msg00011.html
Comment 6 zhe peng 2012-12-06 10:44:23 UTC 
Created attachment 658663 [details]
libvirt covscan error result
Comment 7 Ján Tomko 2012-12-11 09:56:44 UTC 
I don't see anything critical.
Comment 8 zhe peng 2012-12-11 10:48:29 UTC 
thanks jtomko's confirm.
per comment 5 & comment 7 , move to verified.
Comment 9 errata-xmlrpc 2013-02-21 07:27:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html