Hide Forgot
Description of problem: 1. /src/Virt_SwitchService.c:5 - Comparing "stream" to null implies that "stream" might be null. /src/Virt_SwitchService.c:94 - Passing null variable "stream" to function "pclose", which dereferences it. 2. /src/Virt_VirtualSystemManagementService.c:1048 - Comparing "path" to null implies that "path" might be null. /src/Virt_VirtualSystemManagementService.c:1057 - Dereferencing null variable "path". 3. /src/Virt_VirtualSystemManagementService.c:1088 - Comparing "port" to null implies that "port" might be null. /src/Virt_VirtualSystemManagementService.c:1094 - Dereferencing null variable "port". 4. /libxkutil/acl_parsing.c:630, 659: - Function "malloc" without NULL check. 5. libxkutil/acl_parsing.c:397 - Dynamically allocated variable rule is not freed in function parse_acl_filter as a result of line #399. 5. /libxkutil/device_parsing.c:106 - Function cleanup_virt_device does not free its parameter dev (this causes a lot of Coverity Resource leak warnings). 6. /libxkutil/acl_parsing.c144 - Function cleanup_filter does not free its parameter filter (this causes a lot of Coverity Resource leak warnings). Version-Release number of selected component (if applicable): 0.5.14 Additional info: These defects were added between RHEL-6.1 and RHEL-6.2 version of package.
(In reply to comment #0) > Description of problem: > Patches on the mailing list, waiting for review and push. > 1. > /src/Virt_SwitchService.c:5 - Comparing "stream" to null implies that "stream" > might be null. > /src/Virt_SwitchService.c:94 - Passing null variable "stream" to function > "pclose", which dereferences it. > https://www.redhat.com/archives/libvirt-cim/2011-August/msg00010.html > 2. > /src/Virt_VirtualSystemManagementService.c:1048 - Comparing "path" to null > implies that "path" might be null. > /src/Virt_VirtualSystemManagementService.c:1057 - Dereferencing null variable > "path". > > 3. > /src/Virt_VirtualSystemManagementService.c:1088 - Comparing "port" to null > implies that "port" might be null. > /src/Virt_VirtualSystemManagementService.c:1094 - Dereferencing null variable > "port". > https://www.redhat.com/archives/libvirt-cim/2011-August/msg00008.html > 4. > /libxkutil/acl_parsing.c:630, 659: - Function "malloc" without NULL check. > > 5. > libxkutil/acl_parsing.c:397 - Dynamically allocated variable rule is not freed > in function parse_acl_filter as a result of line #399. > > 6. > /libxkutil/acl_parsing.c144 - Function cleanup_filter does not free its > parameter filter (this causes a lot of Coverity Resource leak warnings). > > https://www.redhat.com/archives/libvirt-cim/2011-August/msg00009.html > 5. > /libxkutil/device_parsing.c:106 - Function cleanup_virt_device does not free > its parameter dev (this causes a lot of Coverity Resource leak warnings). > https://www.redhat.com/archives/libvirt-cim/2011-August/msg00015.html
Okay but it would be better if that was commited to Mercurial :-) Daniel
Build libvirt-cim-0.5.14-2.el6 done including the patches Daniel
Last one of those patches went upstream, but there were other patches pushed as well. If possible, use mercurial revision 1133. Thanks for the report.
There are still many issues need be resolved such as resource leak: Analysis summary report: ------------------------ Files analyzed : 65 Total LoC input to cov-analyze : 54250 Functions analyzed : 981 Paths analyzed : 21930 New defects found : 101 Total 2 ARRAY_VS_SINGLETON 6 CHECKED_RETURN 2 DEADCODE 14 FORWARD_NULL 4 NEGATIVE_RETURNS 2 NO_EFFECT 7 NULL_RETURNS 34 RESOURCE_LEAK 5 REVERSE_INULL 6 UNINIT 9 UNUSED_VALUE 10 USE_AFTER_FREE For details, please see attachment. Alex
Created attachment 530435 [details] CoverityScan covscan on libvirt-cim-0.5.14-2.el6.
Alex - with these CoverityScan bugzillas we care only about the differences from previous RHEL-6 version of the package - from the rest, only the most important issues should be fixed in the RHEL-6. As any fix brings some risk of introducing new issues the further cleanup of defects found by Coverity should probably be done upstream and possibly for the most critical ones new 6.3 bugzilla should be opened.
(In reply to comment #9) > Created attachment 530435 [details] > CoverityScan > > covscan on libvirt-cim-0.5.14-2.el6. Thanks for the detailed report, we will address those as soon as possible.
FYI, the patches which fix the issues raised by this last report have been pushed upstream.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1587.html