Description of problem:
/netcf-0.1.9/src/dutil_linux.c:1055, 1056 - Using uninitialized variables nphys and phys_names as a result of line #1029.
Version-Release number of selected component (if applicable):
This defect was added between RHEL-6.1 and RHEL-6.2 version of package.
*** Bug 734721 has been marked as a duplicate of this bug. ***
This bug is already fixed upstream:
Author: Laine Stump <email@example.com>
Date: Thu Aug 4 10:02:50 2011 -0400
eliminate potential use of uninitialized index/pointer in add_bridge_info
This was detected by Coverity and reported in:
Commit d32a46 moved the bit of code that adds the <bridge> element to
bridge interfaces to the top of the function so that it is always
done, even if there are no physical devices attached to the bridge
(because <bridge> is a required element of the grammar). What wasn't
noticed is that the ERR_NOMEM macro could goto error, and in this case
nphys and phys_names would be uninitialized.
Fortunately this would only happen on a failure to allocate memory.
The next build of netcf for RHEL will contain that fix.
A fix for this bug is available in a new netcf build for RHEL6:
(In reply to comment #5)
> A fix for this bug is available in a new netcf build for RHEL6:
This patch is okay and has resolved uninitialized value issues. However, Kamil provided many more test report raised by Coverity such as 'RESOURCE_LEAK' in Comment 1, IMHO, we should fix them together, you can find them in following link:
In addition, I have committed a patch to fix memory leak.
Patch for upstream:
Created attachment 525038 [details]
CoverityScan for netcf-0.1.9-2.el6.src.rpm
(In reply to comment #8)
> Patch for upstream:
Patch has been ACKed and pushed, and I haven't found 'RESOURCE_LEAK' on upstream again:
Analysis summary report:
Files analyzed : 14
Total LoC input to cov-analyze : 35436
Functions analyzed : 158
Paths analyzed : 3439
New defects found : 2 UNUSED_VALUE
So these issues have been resolved, Laine, maybe netcf need to rebase a new rpm package, but, it seems patches are quite less on upstream now, hence, whether simply set the bug to VERIFIED status firstly.
Since this would be the only patch that would go into a new build, and the impact of the bug is extremely small (it is a small leak in an infrequently used commandline tool (i.e. doesn't run for long, doesn't affect users of the API) that only occurs upon a failure to undefine an interface), we think it's best right now to not use up the extra resources it would take to process a new netcf build just for this.
So, best to mark this bug to verified (since the coverity-found regression reported originally in the bug is now fixed), and let the memory leak fix come in later when there are more updates.
(In reply to comment #11)
> So, best to mark this bug to verified (since the coverity-found regression
> reported originally in the bug is now fixed), and let the memory leak fix come
> in later when there are more updates.
Well, move the bug to VERIFIED status.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.