Hide Forgot
Description of problem: Coverity found a number of defects that don't justify a separate BZ for reasons such as: 1. Can't affect RHEL-6. 2. Affects only unsupported usage, and impact there isn't disastrous. 3. Minor memory leak, e.g. on an error path 4. Crash rather than clean _exit(1) when running out of memory. Fixing defects carries cost and risk. But not fixing defects carries cost and risk, too. In particular, we need to continue tracking the Coverity reports, to make sure the defects stay harmless. This bug is to be used for fixing those defects we believe to be cheaper and less risky to fix than not to fix.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed
This bug is about "harmless" and "obvious" defects found by Coverity. Criteria: * There's no need to tell users what was broken, because we don't expect users to notice the breakage, or the improvement. * Patch either - fixes a real, although quite minor bug, or - strengthens brittle code that works more or less by chance now, or - cleans up a mess in the hope of easing future maintenance. Getting rid of a Coverity defect report eases future maintenance, because ignoring "known harmless" defect reports is only safe as long as nothing changes: reasons for harmlessness can go away without changing the defect report. But anything that's likely to cause more merge conflicts later on flunks the "ease future maintenance" test. * Patch is very low risk, because - it's a really, really simple change, or - it affects only stuff we don't support. Therefore, many of the defects can't be tested, and many others aren't worth testing. In fact, I'm not sure any of them is worth testing. But that's for QA to decide. I'm just providing information to help with that decision: * 01/52 Simplify qemu_realloc() commit 6c341544e189b91ab9366d17aa73eeb09bfae52d Should not change behavior; there's nothing to test. * 02/52 slirp: remove dead assignments, spotted by clang commit 9337c459eaa3afd92ea46f7162790d87faf1b0c6 No functional change; there's nothing to test. * 03/52 update bochs vbe interface commit 9d262176f9d35fa1181d1a19a39641c24d4ee5ae Fixes a latent bug; there's nothing to test. * 04/52 x86: remove dead assignments, spotted by clang analyzer commit 0cd3c549484072487ef266c7267d46aa531a6540 No functional change; there's nothing to test. * 05/52 Fix tiny leak in qemu_opts_parse commit d5cad522fc8b2be85aeadbe5bc0f0e2efb62bdd9 Minor memory leak. Could be tested with valgrind, but I doubt it's worth the effort. If you insist on testing it, I could help find a reproducer. * 06/52 Fix uint8_t comparisons with negative values commit 12cbe65e5efca396c34195b0dcb721d609eed51d No functional change; there's nothing to test. * 07/52 vl.c: Remove dead assignment commit 6516707cbe09db2414337cd5aa003b8cf9940ecf 08/52 remove pointless if from vl.c commit 5d299d7249092b41718cf8702aea80c2ffd3def8 No functional change; there's nothing to test. * 09/52 eepro100: initialize a variable in all cases commit 5d630294b14759c26346f2fb762c8f3415d9f8ae Unsupported device; not worth testing. * 10/52 vnc-auth-sasl: fix a memory leak commit 66ffa0b3a8f671718ce3a651426425d53cb09d80 Minor memory leak on error path. Could be tested with valgrind, but I doubt it's worth the effort. If you insist on testing it, I could help find a reproducer. * 11/52 loader: fix a file descriptor leak commit ebb53aa3388ac86d93ffb1ae32b2bddb0bca5200 File descriptor leak on an unsupported path to exit(). Not worth testing. * 12/52 qemu-io: fix a memory leak commit 9837b84dcccd1851f8da358e5e714584010e7d58 Memory leak in qemu-io. Only a testing tool, thus a memory leak there is are not worth testing. * 13/52 kvm: x86: Prevent sign extension of DR7 in guest debugging mode commit ce79ae86090bdf7f0a54f98230fd477a8d7d8c04 gdbstub is an unsupported feature; not worth testing. * 14/52 pci: Fix memory leak commit 5ae4389a5749d362e7c2635e3fda22f1f25abf62 Minor memory leak on error path. Could be tested with valgrind, but I doubt it's worth the effort. If you insist on testing it, I could help find a reproducer. * 15/52 Fix warning on OpenBSD commit 8d24cc71d5dffb71e557331d40e4fa0cc571ba1c 16/52 Fix net_check_clients warnings: make it per vlan. commit c1841e6bea92d8b5f184164f012013acf30d0830 Fixes bogus "vlan %d with no nics" warning. I doubt that's worth testing, and the bogus warning could be difficult to reproduce (depends on contents of uninitialized auto variable). If you insist, I could assist in finding a reproducer. * 17/52 pcnet: Fix sign extension: make ipxe work with >2G RAM commit 939a1563cfefbe03f216ddeecae0c96d62b3cb7f Unsupported device; not worth testing. * 18/52 qcow2: Fix memory leaks in error cases commit 146cb245562e61e512e193d57a6fc5cfe6e39571 Memory leaks on qemu-img check error paths. Could be tested with valgrind, but I don't think it's worth the effort. If you insist on testing it, I could help find a reproducer. * 19/52 Do not use dprintf commit b7c19cf2629a037e0d611caf72f08db42a210216 20/52 qemu-io: fix aio help texts commit f4b722391de129f7854c0fddeb8be8836f8ed122 21/52 Fix %lld or %llx printf format use commit 1c375c70923dfbb2f87d2b029a020f54c506e4e9 22/52 vhost_net.c: v2 Fix build failure introduced by 0bfcd599e3f5c5679cc7d0165a0a1822e2f60de2 commit 4e26d97a63c56147cfaf9d1a81c1a198e4ed6788 23/52 qemu-io: Fix formatting commit 7921759fcbd127741e53a1d045ec7829a8cc9024 24/52 qemu-io: Fix if scoping bug commit 9c526c29e14b794ca7a67fc3f8203bc971aa01b1 Broken input sanity checking in qemu-io. Only a testing tool, thus such a bug isn't worth testing. * 25/52 fix memory leak in aio_write_f commit 46dbafc37e5cdfe5fe9fd70ab24930057b338acd Memory leak in qemu-io. Only a testing tool, thus a memory leak there is are not worth testing. * 26/52 block: Fix bdrv_open use after free commit eaae78ac334b90ff2fadebe2b7469a38d2245677 Fixes a latent bug; there's nothing to test. * 27/52 block: Remove dead code commit 6ca8abc9ecb202a4d49793920c1e2f217edf99fa No functional change; there's nothing to test. * 28/52 ide: Fix off-by-one error in array index check commit d4b1cde3c37d5c7c7c9aab1f96c0e734c77b79ad Sanity check of incoming migration data is broken. We'd need a specially doctored migration source to reproduce. I doubt that's worth doing. If you insist, I could advise on how to doctor the migration source. * 29/52 sysbus: Supply missing va_end() commit 9aace0dadd3a48f11d70c8e128dc56c0a1f743b2 Bug can't bite on x86; there's nothing to test. * 30/52 Fix warning about uninitialized variable commit 4e7ccea80d3f99706b325f17390eeba958eb4bd5 31/52 Error check find_ram_offset commit 10e4d0c9e2439c47168af4a5200409d2e3b28d41 Should never happen; there's nothing to test. * 32/52 readline: Fix buffer overrun on re-add to history commit 87c16c7216f6c7862e06704139e3f073bd1e73f6 Fixes a latent bug; there's nothing to test. * 33/52 Clean up assertion in get_boot_devices_list() commit 3ee7adee815063ac974745d4aea5541c4b692662 No functional change; there's nothing to test. * 34/52 malloc shims to simplify backporting commit fcada79f2730846c988c7729c841b531277bfaf6 35/52 ui/vnc: Convert sasl.mechlist to g_malloc() & friends commit fcec1a92c76c91ad7ca0221606e38154ee5e7637 Crash on out-of-memory condition. I doubt that's worth testing. If you insist, I could advise on which malloc() call you need to make fail to reproduce the crash. * 36/52 x86/cpuid: move CPUID functions into separate file commit 15226b0513210babdf16e84a3f5151d1190f1570 37/52 x86/cpuid: Convert remaining strdup() to g_strdup() commit 8f2c699960df206acc4b6579be10371ce14d1b80 38/52 x86/cpuid: Plug memory leak in cpudef_setfield() commit af5205ce0658a7e2fa2f0781489e4e470f6384b5 39/52 x86/cpuid: Fix crash on -cpu "" commit 975dd918bf2e556ceff25d2082167edde4dac31b We crash on -cpu "" (silly thing to do), when strdup() fails (we're screwed anyway), and leak memory on duplicate name options in [cpudef] (another silly thing to do). -cpu "" is easy to test, so why not test it. I doubt testing the other two is worth the effort. If you insist, I could help find reproducers. * 40/52 keymaps: Use glib memory allocation and free functions commit 455885da6d9c9854c673d40fa15b3a1ea690fa3c 41/52 ui: Plug memory leaks on parse_keyboard_layout() error path commit e27ac9c966ba94718b1a0390ba29c820224bc58c Minor memory leak on error path. Could be tested with valgrind, but I doubt it's worth the effort. If you insist on testing it, I could help find a reproducer. * 42/52 87ea92d raw-posix: Always check paio_init result commit 8bb63f77bb5fa46d2749ec4d3662ac88b7ff5938 43/52 posix-aio-compat: Plug memory leak on paio_init() error path commit 61f8acd2ccfe2f9744c538364e9b1aebfeeeb8a8 Memory leak on unlikely syscall failure. I doubt that's worth testing. If you insist, I could advise on which system call exactly you need to make fail to reproduce the leak. * 44/52 os-posix: Plug fd leak in qemu_create_pidfile() commit c38bf687bbcffe29c64e881ee078f95fbe5ebe34 53/52 keep the PID file locked for the lifetime of the process commit 83e3a339d958373a96cb569a343a41c95e860797 File descriptor leak on unlikely error paths. I doubt that's worth testing. If you insist, I could advise on which system call exactly you need to make fail to reproduce the leak. * 45/52 qemu-sockets: Plug fd leak on unix_connect_opts() error path commit a2203ef07e39ee80172f609c79cdd2456295e647 File descriptor leak on error path. I doubt that's worth testing. If you insist, I could advise on which system call exactly you need to make fail to reproduce the leak. * 46/52 usb-linux: Disable legacy /proc/bus/usb and /dev/bus/usb scan commit 98a7a39cf4b3890b80b5232895f64d0de66d16a8 Unsupported code, believed to be unreachable on RHEL-6; there's nothing to test. * 47/52 ehci: add assert commit b142c4d48135bb9845dbe931a96c8112867d27e3 Merely adds an assertion, and we're quite confident it's always true; there's nothing to test. * 48/52 slirp: Clean up net_slirp_hostfwd_remove()'s use of get_str_sep() commit f449cba0ed6e07943a64a42c5a30cb7358509467 No functional change; there's nothing to test. * 49/52 cutils: Drop broken support for zero strtosz default_suffix commit 26e77be17defa4d16bb2c3a3bdc1c66449cdc18f No functional change; there's nothing to test. * 50/52 console: Fix qemu_default_pixelformat() for 24 bpp commit a8752b83ad2f6953fab3b44de3b29b314ea497f9 No functional change; there's nothing to test. * 51/52 console: Clean up confusing indentation in console_putchar() commit ae3b836a3306a71ab37288883a53a4103ef76dac 52/52 console: Fix console_putchar() for CSI J commit fa3e32a56283843ddbdc86e8203b762a49e795ef No obvservable change; there's nothing to test.
QE decides to take Markus' suggestion and only test patch 39/52, x86/cpuid: Fix crash on -cpu "" . And perform Coverity scan on fixed qemu-kvm build then attach the defects report. On qemu-kvm-222, I cannot reproduce the crash by /usr/libexec/qemu-kvm -cpu "". Hi Markus, Can you point me the way to reproduce the crash? Thanks in advance.
Created attachment 585332 [details] Coverity scan on qemu-kvm-293
I claimed the crash on '-cpu "" is easy to test, so why not test it' in comment#6. This isn't true; I had forgotten that the bug is masked by our non-upstream use of setdef_cpu_model(). Thus, it's a latent bug, and there is nothing to test. Sorry for misleading you.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0746.html