Bug 886028
Summary: | Incorrect return value checks can lead to crash | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Daniel Berrangé <berrange> |
Component: | perl-Sys-Virt | Assignee: | Daniel Berrangé <berrange> |
Status: | CLOSED ERRATA | QA Contact: | Virtualization Bugs <virt-bugs> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.5 | CC: | ajia, bsarathy, dallan, dyuan, mjenner, mzhan, rwu, weizhan, zpeng |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | perl-Sys-Virt-0.10.2-5.el6 | Doc Type: | Bug Fix |
Doc Text: |
Cause:
When checking return value of some methods, the wrong data type was assumed
Consequence:
Errors were not handled with some methods leading to application crashes
Fix:
The error handling was fixed
Result:
API errors are correctly handled for the screenshot and current_snapshot methods
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2013-02-21 09:52:42 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Daniel Berrangé
2012-12-11 10:53:57 UTC
Coverity scan on perl-Sys-Virt-0.10.2-5.el6.src.rpm. Without patches(run0): List of Defects Error: BAD_COMPARE (CWE-628): [#def1] Sys-Virt-0.10.2/Virt.xs:2923: null_misuse: Comparing pointer "virDomainScreenshot(dom, st, screen, flags)" against NULL using anything besides == or != is likely to be incorrect. Error: BAD_COMPARE (CWE-628): [#def2] Sys-Virt-0.10.2/Virt.xs:4277: null_misuse: Comparing pointer "RETVAL = virDomainSnapshotCurrent(dom, flags)" against NULL using anything besides == or != is likely to be incorrect. Error: DEADCODE (CWE-561): [#def3] Sys-Virt-0.10.2/Virt.xs:2923: dead_error_condition: The condition "virDomainScreenshot(dom, st, screen, flags) < NULL" cannot be true. Sys-Virt-0.10.2/Virt.xs:2924: dead_error_line: Execution cannot reach this statement "_croak_error();". Error: DEADCODE (CWE-561): [#def4] Sys-Virt-0.10.2/Virt.xs:4277: dead_error_condition: The condition "(RETVAL = virDomainSnapshotCurrent(dom, flags)) < NULL" cannot be true. Sys-Virt-0.10.2/Virt.xs:4278: dead_error_line: Execution cannot reach this statement "_croak_error();". Error: NO_EFFECT (CWE-398): [#def5] Sys-Virt-0.10.2/Virt.xs:5936: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "nbytes < 0UL". Error: SIGN_EXTENSION (CWE-194): [#def6] Sys-Virt-0.10.2/Virt.xs:4112: sign_extension: Suspicious implicit sign extension: "dominfo.nrVirtCpu" with type "unsigned short" (16 bits, unsigned) is promoted in "dominfo.nrVirtCpu * maplen" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "dominfo.nrVirtCpu * maplen" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. With patches(run1): List of Defects Error: NO_EFFECT (CWE-398): [#def1] Sys-Virt-0.10.2/Virt.xs:5952: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "nbytes < 0UL". Error: SIGN_EXTENSION (CWE-194): [#def2] Sys-Virt-0.10.2/Virt.xs:4128: sign_extension: Suspicious implicit sign extension: "dominfo.nrVirtCpu" with type "unsigned short" (16 bits, unsigned) is promoted in "dominfo.nrVirtCpu * maplen" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "dominfo.nrVirtCpu * maplen" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. Notes, previous issues have been fixed, the rest of NO_EFFECT and SIGN_EXTENSION are harmless, so move the bug to verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0377.html |