Bug 732940 - New coverity defects in RHEL6.2
Summary: New coverity defects in RHEL6.2
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: e2fsprogs
Version: 6.2
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Lukáš Czerner
QA Contact: BaseOS QE - Apps
Depends On:
Blocks: 743047
TreeView+ depends on / blocked
Reported: 2011-08-24 08:43 UTC by Pavel Raiskup
Modified: 2011-12-06 18:18 UTC (History)
1 user (show)

Fixed In Version: e2fsprogs-1.41.12-11.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2011-12-06 18:18:10 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1735 normal SHIPPED_LIVE e2fsprogs bug fix and enhancement update 2011-12-06 01:01:55 UTC

Description Pavel Raiskup 2011-08-24 08:43:02 UTC
Defect is found by Coverity difference scan on rhel6.1 and rhel6.2 packages.

1) Unchecked return value of update_refcount()

   => misc/e2image.c:1025 return value is not checked (as is done in 5 of 6 cases)

   I'm not sure if this is really a problem, it would be nice if somebody could
   look at it.

2) Possible null dereference

   => misc/e2image.c:1329

   passing null variable 'header' to function qcow2_write_raw_image
   which dereferences it.

   a) 1239: assigning header to NULL
   b) 1290: assigning header to check_qcow2_image() return value,
            which can fail or even may not happen -->1289 (if branch)
   c) 1329: NULL used as parameter of qcow2_write_raw_image() which 
            dereferences it.

Comment 2 Pavel Raiskup 2011-08-24 08:54:54 UTC
I forget to notice third defect:

3) Check for negative value on unsigned variable 'offset'

   => misc/e2image.c:771

   error in 'llseek' will not be recorded when occurs -- never can reach less
   than zero value.

   Variable 'offset' should be signed type (e.g. ext2_loff_t which is correct
   ext2fs_llseek return type?)

Comment 3 Eric Sandeen 2011-08-24 15:17:24 UTC
I think that these came about as a result of Lukas' e2image work, so I will assign to him.

Lukas just sent a patch upstream for the issue in comment #2, FWIW.


Comment 4 Lukáš Czerner 2011-08-25 10:09:00 UTC
Thanks Eric,

The problem 1) is false positive, because we really do not need to check return value from the update_refcount() in that case.

Problem 2) Is also false positive, because if check_qcow2_image() would return NULL, then E2IMAGE_IS_QCOW2_FLAG would not be set, hence qcow2_write_raw_image() would not be called at all.

Problem 3) is real, however should not cause any real troubles because if the lseek would fail and we would not catch that, the next lseek will catch the problem, because we are using the offset there as well. However it is a bug and should be fixed.

As Eric already pointed out, I did sent the patch upstream for the problem 3. Problems 1 and 2 are not real, hence no need to fix anything there.


Comment 5 Lukáš Czerner 2011-09-15 09:51:31 UTC
Built and tagged in e2fsprogs-1.41.12-11.el6

Comment 8 Pavel Raiskup 2011-09-26 15:54:14 UTC

I have re-ran Coverity for e2fsprogs-1.41.12-11.el6 and reported problem (3) was successfully removed.


Comment 10 errata-xmlrpc 2011-12-06 18:18:10 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.