Bug 771021 - Coverity scan revealed defects
Summary: Coverity scan revealed defects
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.3
Hardware: x86_64
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Gunannan Ren
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Keywords:
: 811993 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-12-31 08:27 UTC by Alex Jia
Modified: 2012-06-20 06:40 UTC (History)
10 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2012-06-20 06:40:56 UTC


Attachments (Terms of Use)
CoverityScan-libvirt-0.9.9-0rc1.el6 (16.72 KB, text/plain)
2011-12-31 08:28 UTC, Alex Jia
no flags Details
CoverityScan-libvirt-0.9.9-1.el6 (17.03 KB, text/plain)
2012-01-09 15:25 UTC, Alex Jia
no flags Details
CoverityScan-libvirt-0.9.9-2.el6 (27.90 KB, text/plain)
2012-01-20 15:51 UTC, Alex Jia
no flags Details
CoverityScan-libvirt-0.9.10-0rc1.el6 (43.17 KB, text/plain)
2012-02-06 10:39 UTC, Alex Jia
no flags Details
CoverityScan-libvirt-0.9.10-1.el6 (43.44 KB, text/plain)
2012-02-14 06:50 UTC, Alex Jia
no flags Details
CoverityScan-libvirt-0.9.10-5.el6 (40.01 KB, text/plain)
2012-03-14 10:51 UTC, Alex Jia
no flags Details
CoverityScan-libvirt-0.9.10-11.el6 (38.91 KB, text/plain)
2012-04-12 10:55 UTC, Alex Jia
no flags Details
CoverityScan-libvirt-0.9.10-13.el6 (56.41 KB, text/plain)
2012-04-19 07:31 UTC, Alex Jia
no flags Details
CoverityScan-libvirt-0.9.10-18.el6 (48.65 KB, text/plain)
2012-05-09 09:19 UTC, Alex Jia
no flags Details
CoverityScan-libvirt-0.9.10-19.el6 (48.23 KB, text/plain)
2012-05-15 10:16 UTC, Alex Jia
no flags Details
CoverityScan-libvirt-0.9.10-20.el6 (36.28 KB, text/plain)
2012-05-16 07:44 UTC, Alex Jia
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2012:0748 normal SHIPPED_LIVE Low: libvirt security, bug fix, and enhancement update 2012-06-19 19:31:38 UTC

Description Alex Jia 2011-12-31 08:27:03 UTC
Description of problem:
Coverity detected some issues on libvirt-0.9.9-0rc1.el6:

Analysis summary report:
------------------------
Files analyzed                 : 237
Total LoC input to cov-analyze : 296390
Functions analyzed             : 7262
Paths analyzed                 : 794212
New defects found              : 21 Total
                                  4 CHECKED_RETURN
                                  5 DEADCODE
                                  1 FORWARD_NULL
                                  1 MISSING_RETURN
                                  1 NEGATIVE_RETURNS
                                  1 NULL_RETURNS
                                  3 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 SIZEOF_MISMATCH
                                  1 UNINIT
                                  2 UNUSED_VALUE


Version-Release number of selected component (if applicable):
# rpm -q libvirt
libvirt-0.9.9-0rc1.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. coverity scan
2.
3.
  
Actual results:
Please see attachment.

Expected results:
Fix memory leaks.

Additional info:

Comment 1 Alex Jia 2011-12-31 08:28:11 UTC
Created attachment 550104 [details]
CoverityScan-libvirt-0.9.9-0rc1.el6

Comment 3 Alex Jia 2012-01-09 15:23:52 UTC
Coverity detected some issues on libvirt-0.9.9-1.el6:

Analysis summary report:
------------------------
Files analyzed                 : 237
Total LoC input to cov-analyze : 296656
Functions analyzed             : 7265
Paths analyzed                 : 797255
New defects found              : 20 Total
                                  5 CHECKED_RETURN
                                  5 DEADCODE
                                  1 FORWARD_NULL
                                  1 MISSING_RETURN
                                  1 NEGATIVE_RETURNS
                                  1 NULL_RETURNS
                                  2 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 UNINIT
                                  2 UNUSED_VALUE

Comment 4 Alex Jia 2012-01-09 15:25:52 UTC
Created attachment 551582 [details]
CoverityScan-libvirt-0.9.9-1.el6

Comment 5 Alex Jia 2012-01-20 15:49:38 UTC
Coverity detected some issues on libvirt-0.9.9-2.el6:

Analysis summary report:
------------------------
Files analyzed                 : 237
Total LoC input to cov-analyze : 296687
Functions analyzed             : 7265
Paths analyzed                 : 800811
Defect occurrences found       : 38 Total
                                  5 CHECKED_RETURN
                                 15 DEADCODE
                                  1 FORWARD_NULL
                                  1 MISSING_RETURN
                                  1 NEGATIVE_RETURNS
                                  1 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                  9 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 UNINIT
                                  2 UNUSED_VALUE

Comment 6 Alex Jia 2012-01-20 15:51:18 UTC
Created attachment 556536 [details]
CoverityScan-libvirt-0.9.9-2.el6

Comment 7 Gunannan Ren 2012-02-04 02:11:53 UTC
The log is pretty clear, I need to check what the each defect is really meant to be.

Comment 8 Alex Jia 2012-02-06 10:39:55 UTC
Created attachment 559606 [details]
CoverityScan-libvirt-0.9.10-0rc1.el6

Analysis summary report:
------------------------
Files analyzed                 : 247
Total LoC input to cov-analyze : 303350
Functions analyzed             : 7440
Paths analyzed                 : 827248
Defect occurrences found       : 54 Total
                                  6 CHECKED_RETURN
                                 22 DEADCODE
                                  1 FORWARD_NULL
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  1 NO_EFFECT
                                  3 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 10 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 SIZEOF_MISMATCH
                                  3 UNINIT
                                  2 UNUSED_VALUE

A new memory leak is introduced, it should be easy to fix:

Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_conf.c:363: alloc_fn: Calling allocation function "virNWFilterVarAccessParse".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_params.c:930: alloc_arg: "virAlloc" allocates memory that is stored into "dest".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_params.c:946: return_alloc: Returning allocated memory "dest".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_conf.c:363: var_assign: Assigning: "varAccess" =  storage returned from "virNWFilterVarAccessParse(var)".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_conf.c:369: noescape: Variable "varAccess" is not freed or pointed-to in function "virNWFilterVarAccessEqual".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_params.c:897:57: noescape: "virNWFilterVarAccessEqual" does not free or save its pointer parameter "b".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/nwfilter_conf.c:378: leaked_storage: Variable "varAccess" going out of scope leaks the storage it points to.

Comment 9 Alex Jia 2012-02-08 15:47:55 UTC
The libvirt-0.9.10-0rc2.el6 hasn't introduced new issues, the test report is the same to rc1.

Analysis summary report:
------------------------
Files analyzed                 : 247
Total LoC input to cov-analyze : 303342
Functions analyzed             : 7440
Paths analyzed                 : 827727
Defect occurrences found       : 54 Total
                                  6 CHECKED_RETURN
                                 22 DEADCODE
                                  1 FORWARD_NULL
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  1 NO_EFFECT
                                  3 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 10 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 SIZEOF_MISMATCH
                                  3 UNINIT
                                  2 UNUSED_VALUE

Comment 10 Alex Jia 2012-02-14 06:49:01 UTC
CoverityScan on libvirt-0.9.10-1.el6.

Analysis summary report:
------------------------
Files analyzed                 : 247
Total LoC input to cov-analyze : 303567
Functions analyzed             : 7445
Paths analyzed                 : 827631
Defect occurrences found       : 55 Total
                                  6 CHECKED_RETURN
                                 22 DEADCODE
                                  2 FORWARD_NULL
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  1 NO_EFFECT
                                  3 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 10 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 SIZEOF_MISMATCH
                                  3 UNINIT
                                  2 UNUSED_VALUE

Comment 11 Alex Jia 2012-02-14 06:50:05 UTC
Created attachment 561770 [details]
CoverityScan-libvirt-0.9.10-1.el6

Comment 12 Alex Jia 2012-03-01 11:15:23 UTC
CoverityScan on libvirt-0.9.10-3.el6:

Analysis summary report:
------------------------
Files analyzed                 : 248
Total LoC input to cov-analyze : 303885
Functions analyzed             : 7455
Paths analyzed                 : 828776
Defect occurrences found       : 55 Total
                                  6 CHECKED_RETURN
                                 22 DEADCODE
                                  2 FORWARD_NULL
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  1 NO_EFFECT
                                  3 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 10 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 SIZEOF_MISMATCH
                                  3 UNINIT
                                  2 UNUSED_VALUE


Notes, the same test report to libvirt-0.9.10-1.el6 version.

Comment 13 Jiri Denemark 2012-03-05 14:35:39 UTC
Commit v0.9.10-17-g2ccc4a6 should fix a 'FORWARD_NULL' error about dereferencing null variable 'host':

commit 2ccc4a607f6e122aff2e3b9d133d6e6b4b661a1e
Author: Jiri Denemark <jdenemar@redhat.com>
Date:   Wed Feb 15 12:18:25 2012 +0100

    qemu: Fix segfault when host CPU is empty
    
    In case libvirtd cannot detect host CPU model (which may happen if it
    runs inside a virtual machine), the daemon is likely to segfault when
    starting a new qemu domain. It segfaults when domain XML asks for host
    (either model or passthrough) CPU or does not ask for any specific CPU
    model at all.

Comment 14 Alex Jia 2012-03-14 10:50:09 UTC
CoverityScan on libvirt-0.9.10-5.el6:

Analysis summary report:
------------------------
Files analyzed                 : 249
Total LoC input to cov-analyze : 306833
Functions analyzed             : 7520
Paths analyzed                 : 849861
Defect occurrences found       : 49 Total
                                  6 CHECKED_RETURN
                                 13 DEADCODE
                                  3 FORWARD_NULL
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  1 NO_EFFECT
                                  3 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 11 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 REVERSE_INULL
                                  1 SIZEOF_MISMATCH
                                  3 UNINIT
                                  2 UNUSED_VALUE

Defects in patches:

Error: DEADCODE:
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2746: dead_error_condition: On this path, the switch value "netType" cannot be "VIR_DOMAIN_NET_TYPE_HOSTDEV".
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2693: const: After this line, the value of "netType" is equal to 2.
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2693: const: After this line, the value of "netType" is equal to 3.
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2693: const: After this line, the value of "netType" is equal to 4.
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2717: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_CLIENT".
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2719: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_MCAST".
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2718: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_SERVER".
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2746: dead_error_line: Execution cannot reach this statement "case VIR_DOMAIN_NET_TYPE_HO...".

Error: FORWARD_NULL:
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_hotplug.c:2065: assign_zero: Assigning: "detach" = 0.
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_hotplug.c:2079: var_deref_model: Passing null variable "detach" to function "virDomainNetGetActualType", which dereferences it.
/builddir/build/BUILD/libvirt-0.9.10/src/conf/domain_conf.c:14284: deref_parm: Directly dereferencing parameter "iface".

Error: MISSING_RETURN:
/tmp/tmpixld3n.c:1: missing_return: Arriving at the end of a function without returning a value.

Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:338: alloc_arg: Calling allocation function "virAlloc" on "srv".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
/builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:343: noescape: Variable "srv" is not freed or pointed-to in function "virMutexInit".
/builddir/build/BUILD/libvirt-0.9.10/src/util/threads-pthread.c:49:30: noescape: "virMutexInit" does not free or save its pointer parameter "m".
/builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:404: leaked_storage: Variable "srv" going out of scope leaks the storage it points to.

Error: REVERSE_INULL:
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_hotplug.c:2079: deref_ptr_in_call: Dereferencing pointer "detach".
/builddir/build/BUILD/libvirt-0.9.10/src/conf/domain_conf.c:14284: deref_parm: Directly dereferencing parameter "iface".
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_hotplug.c:2086: check_after_deref: Dereferencing "detach" before a null check.

Comment 15 Alex Jia 2012-03-14 10:51:19 UTC
Created attachment 569956 [details]
CoverityScan-libvirt-0.9.10-5.el6

Comment 16 Alex Jia 2012-03-20 09:23:50 UTC
CoverityScan on libvirt-0.9.10-6.el6:

Analysis summary report:
------------------------
Files analyzed                 : 249
Total LoC input to cov-analyze : 307044
Functions analyzed             : 7523
Paths analyzed                 : 850591
Defect occurrences found       : 49 Total
                                  6 CHECKED_RETURN
                                 13 DEADCODE
                                  1 EVALUATION_ORDER
                                  2 FORWARD_NULL
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  1 NO_EFFECT
                                  3 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 12 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 SIZEOF_MISMATCH
                                  3 UNINIT
                                  2 UNUSED_VALUE

A new memory leak is introduced:

Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:1691: alloc_arg: Calling allocation function "virAllocN" on "cpumap".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:1702: leaked_storage: Variable "cpumap" going out of scope leaks the storage it points to.

Comment 17 Alex Jia 2012-03-29 02:29:52 UTC
CoverityScan on libvirt-0.9.10-8.el6:

Analysis summary report:
------------------------
Files analyzed                 : 249
Total LoC input to cov-analyze : 308322
Functions analyzed             : 7551
Paths analyzed                 : 856402
Defect occurrences found       : 51 Total
                                  6 CHECKED_RETURN
                                 13 DEADCODE
                                  1 EVALUATION_ORDER
                                  4 FORWARD_NULL
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  1 NO_EFFECT
                                  3 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 12 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 SIZEOF_MISMATCH
                                  3 UNINIT
                                  2 UNUSED_VALUE

There are 2 new FORWARD_NULL are introduced on this build:

Error: FORWARD_NULL:
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_driver.c:9850: assign_zero: Assigning: "driverType" = 0.
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_driver.c:9907: var_deref_model: Passing null variable "driverType" to function "qemuMonitorDiskSnapshot", which dereferences it.
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_monitor.c:2632: deref_parm_in_call: Function "__coverity_strcmp" dereferences parameter "format".

Error: FORWARD_NULL:
/builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:392: assign_zero: Assigning: "params" = 0.
/builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:505: var_deref_model: Passing null variable "params" to function "getPyVirTypedParameter", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Comment 18 Alex Jia 2012-04-12 10:51:12 UTC
CoverityScan on libvirt-0.9.10-11.el6:
Analysis summary report:
------------------------
Files analyzed                 : 249
Total LoC input to cov-analyze : 308611
Functions analyzed             : 7563
Paths analyzed                 : 857338
Defect occurrences found       : 48 Total
                                  6 CHECKED_RETURN
                                 13 DEADCODE
                                  1 EVALUATION_ORDER
                                  2 FORWARD_NULL
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  1 NO_EFFECT
                                  3 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 11 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 SIZEOF_MISMATCH
                                  3 UNINIT
                                  2 UNUSED_VALUE

New leaks:

Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:1733: alloc_arg: Calling allocation function "virAllocN" on "cpumap".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: alloc_fn: Storage is returned from allocation function "calloc".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:129: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:1744: leaked_storage: Variable "cpumap" going out of scope leaks the storage it points to.

Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:338: alloc_arg: Calling allocation function "virAlloc" on "srv".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
/builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:343: noescape: Variable "srv" is not freed or pointed-to in function "virMutexInit".
/builddir/build/BUILD/libvirt-0.9.10/src/util/threads-pthread.c:49:30: noescape: "virMutexInit" does not free or save its pointer parameter "m".
/builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:404: leaked_storage: Variable "srv" going out of scope leaks the storage it points to.

Comment 19 Alex Jia 2012-04-12 10:55:09 UTC
Created attachment 577032 [details]
CoverityScan-libvirt-0.9.10-11.el6

Comment 20 Michal Luscon 2012-04-16 09:25:23 UTC
*** Bug 811993 has been marked as a duplicate of this bug. ***

Comment 21 Alex Jia 2012-04-19 07:30:14 UTC
CoverityScan on libvirt-0.9.10-13.el6:

Analysis summary report:
------------------------
Files analyzed                 : 227
Total LoC input to cov-analyze : 380801
Functions analyzed             : 6323
Paths analyzed                 : 447757
Defect occurrences found       : 68 Total
                                  7 CHECKED_RETURN
                                  5 DEADCODE
                                  2 FORWARD_NULL
                                  2 MISSING_BREAK
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  4 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 24 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                 14 REVERSE_INULL
                                  1 SIGN_EXTENSION
                                  4 UNINIT


Defects in patches:

Error: FORWARD_NULL:
/builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:355: assign_zero: Assigning: "params" = 0.
/builddir/build/BUILD/libvirt-0.9.10/python/libvirt-override.c:458: var_deref_model: Passing null variable "params" to function "getPyVirTypedParameter", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)

Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:338: alloc_arg: Calling allocation function "virAlloc" on "srv".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: alloc_fn: Storage is returned from allocation function "calloc".
/builddir/build/BUILD/libvirt-0.9.10/src/util/memory.c:101: var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
/builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:343: noescape: Variable "srv" is not freed or pointed-to in function "virMutexInit".
/builddir/build/BUILD/libvirt-0.9.10/src/util/threads-pthread.c:49:30: noescape: "virMutexInit" does not free or save its pointer parameter "m".
/builddir/build/BUILD/libvirt-0.9.10/src/util/virnetlink.c:404: leaked_storage: Variable "srv" going out of scope leaks the storage it points to.

Comment 22 Alex Jia 2012-04-19 07:31:19 UTC
Created attachment 578527 [details]
CoverityScan-libvirt-0.9.10-13.el6

Comment 23 Alex Jia 2012-04-25 05:56:54 UTC
CoverityScan on libvirt-0.9.10-14.el6:

Analysis summary report:
------------------------
Files analyzed                 : 227
Total LoC input to cov-analyze : 381431
Functions analyzed             : 6323
Paths analyzed                 : 447675
Defect occurrences found       : 68 Total
                                  7 CHECKED_RETURN
                                  5 DEADCODE
                                  2 FORWARD_NULL
                                  2 MISSING_BREAK
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  4 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 24 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                 14 REVERSE_INULL
                                  1 SIGN_EXTENSION
                                  4 UNINIT

The -14 test report is the same to -13, there are not new issues are introduced.

Comment 25 Alex Jia 2012-05-02 07:42:22 UTC
CoverityScan on libvirt-0.9.10-15.el6:

Analysis summary report:
------------------------
Files analyzed                 : 227
Total LoC input to cov-analyze : 381570
Functions analyzed             : 6324
Paths analyzed                 : 447540
Defect occurrences found       : 68 Total
                                  7 CHECKED_RETURN
                                  5 DEADCODE
                                  2 FORWARD_NULL
                                  2 MISSING_BREAK
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  4 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 24 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                 14 REVERSE_INULL
                                  1 SIGN_EXTENSION
                                  4 UNINIT

The -15 test report is the same to -14, there are not new issues are
introduced.

Comment 26 Alex Jia 2012-05-02 10:33:35 UTC
CoverityScan on libvirt-0.9.10-16.el6:

Analysis summary report:
------------------------
Files analyzed                 : 227
Total LoC input to cov-analyze : 381600
Functions analyzed             : 6324
Paths analyzed                 : 447540
Defect occurrences found       : 68 Total
                                  7 CHECKED_RETURN
                                  5 DEADCODE
                                  2 FORWARD_NULL
                                  2 MISSING_BREAK
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  4 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 24 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                 14 REVERSE_INULL
                                  1 SIGN_EXTENSION
                                  4 UNINIT

The -16 test report is the same to -15, there are not new issues are
introduced.

Comment 27 Osier Yang 2012-05-02 13:20:25 UTC
Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:351: open_fn: Calling
opening function "open".
/builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:351: var_assign:
Assigning: "fd_out" =  handle returned from "open(def->source.data.file.path,
1089, 432)".
/builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:358: noescape: Variable
"fd_out" is not freed or pointed-to in function "virAsprintf".
/builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:358: noescape: Variable
"fd_out" is not closed or saved in function "virAsprintf".
/builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:363: noescape: Variable
"fd_out" is not closed or saved in function "virCommandTransferFD".
/builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:364: leaked_handle:
Handle variable "fd_out" going out of scope leaks the handle.

====
For the above leak, it's not a valid checking, virCommandTransferFD will close
the file handle.

Comment 28 Osier Yang 2012-05-02 14:21:36 UTC
(In reply to comment #27)
> Error: RESOURCE_LEAK:
> /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:351: open_fn: Calling
> opening function "open".
> /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:351: var_assign:
> Assigning: "fd_out" =  handle returned from "open(def->source.data.file.path,
> 1089, 432)".
> /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:358: noescape: Variable
> "fd_out" is not freed or pointed-to in function "virAsprintf".
> /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:358: noescape: Variable
> "fd_out" is not closed or saved in function "virAsprintf".
> /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:363: noescape: Variable
> "fd_out" is not closed or saved in function "virCommandTransferFD".
> /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:364: leaked_handle:
> Handle variable "fd_out" going out of scope leaks the handle.
> 
> ====
> For the above leak, it's not a valid checking, virCommandTransferFD will close
> the file handle.

Likewise for below:

Error: RESOURCE_LEAK:
/builddir/build/BUILD/libvirt-0.9.10/src/rpc/virnetsocket.c:324: open_fn: Calling opening function "socket".
/builddir/build/BUILD/libvirt-0.9.10/src/rpc/virnetsocket.c:324: var_assign: Assigning: "fd" =  handle returned from "socket(1, 1, 0)".
/builddir/build/BUILD/libvirt-0.9.10/src/rpc/virnetsocket.c:342: noescape: Variable "fd" is not closed or saved in function "bind".
/builddir/build/BUILD/libvirt-0.9.10/src/rpc/virnetsocket.c:361: noescape: Variable "fd" is not closed or saved in function "virNetSocketNew".
/builddir/build/BUILD/libvirt-0.9.10/src/rpc/virnetsocket.c:364: leaked_handle: Handle variable "fd" going out of scope leaks the handle.

The file descriptor will be marked as close-on-exec in virNetSocketNew.

Comment 31 Alex Jia 2012-05-02 15:46:52 UTC
(In reply to comment #27)
> /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:363: noescape: Variable
> "fd_out" is not closed or saved in function "virCommandTransferFD".
> /builddir/build/BUILD/libvirt-0.9.10/src/uml/uml_conf.c:364: leaked_handle:
> Handle variable "fd_out" going out of scope leaks the handle.
> 
> ====
> For the above leak, it's not a valid checking, virCommandTransferFD will close
> the file handle.

 826 /*
 827  * Preserve the specified file descriptor in the child, instead of
 828  * closing it.  FD must not be one of the three standard streams.  If
 829  * transfer is true, then fd will be closed in the parent after a call
 830  * to Run/RunAsync/Free, otherwise caller is still responsible for fd.
 831  * Returns true if a transferring caller should close FD now, and
 832  * false if the transfer is successfully recorded.
 833  */
 834 static bool
 835 virCommandKeepFD(virCommandPtr cmd, int fd, bool transfer)

Comment 35 Alex Jia 2012-05-09 09:18:42 UTC
CoverityScan on libvirt-0.9.10-18.el6:

Analysis summary report:
------------------------
Files analyzed                 : 227
Total LoC input to cov-analyze : 382010
Functions analyzed             : 6329
Paths analyzed                 : 448825
Defect occurrences found       : 61 Total
                                  7 CHECKED_RETURN
                                  5 DEADCODE
                                  2 FORWARD_NULL
                                  2 MISSING_BREAK
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  3 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 18 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                 14 REVERSE_INULL
                                  1 SIGN_EXTENSION
                                  4 UNINIT

Exceeded path limit of 5000 paths in 0.22% of functions (normally up to 5% of functions encounter this limitation)
Elapsed time: 00:07:16

In addition, a new issue is introduced by patch:

Error: FORWARD_NULL:
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:2477: assign_zero: Assigning: "nodemask" = 0.
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:2534: var_deref_model: Passing null variable "nodemask" to function "qemuProcessInitCpuAffinity", which dereferences it.
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_process.c:1754: deref_parm: Directly dereferencing parameter "nodemask".

For 18 RESOURCE_LEAK, please help confirm them except previous Comment 27-30(7 leaks), also need to check 14 REVERSE_INULL

Comment 36 Alex Jia 2012-05-09 09:19:29 UTC
Created attachment 583201 [details]
CoverityScan-libvirt-0.9.10-18.el6

Comment 39 Alex Jia 2012-05-15 08:12:44 UTC
CoverityScan on libvirt-0.9.10-19.el6:

Analysis summary report:
------------------------
Files analyzed                 : 227
Total LoC input to cov-analyze : 382017
Functions analyzed             : 6329
Paths analyzed                 : 449426
Defect occurrences found       : 60 Total
                                  7 CHECKED_RETURN
                                  5 DEADCODE
                                  1 FORWARD_NULL
                                  2 MISSING_BREAK
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  3 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                 18 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                 14 REVERSE_INULL
                                  1 SIGN_EXTENSION
                                  4 UNINIT

Hasn't a new issue is introduced by patches.

Comment 40 Alex Jia 2012-05-15 10:16:39 UTC
Created attachment 584630 [details]
CoverityScan-libvirt-0.9.10-19.el6

Comment 41 Alex Jia 2012-05-16 07:41:33 UTC
CoverityScan on libvirt-0.9.10-20.el6:

Analysis summary report:
------------------------
Files analyzed                 : 249
Total LoC input to cov-analyze : 310014
Functions analyzed             : 7587
Paths analyzed                 : 868885
Defect occurrences found       : 43 Total
                                  6 CHECKED_RETURN
                                 13 DEADCODE
                                  1 EVALUATION_ORDER
                                  1 FORWARD_NULL
                                  1 MISSING_RETURN
                                  2 NEGATIVE_RETURNS
                                  1 NO_EFFECT
                                  3 NULL_RETURNS
                                  1 OVERRUN_STATIC
                                  7 RESOURCE_LEAK
                                  1 RETURN_LOCAL
                                  1 SIZEOF_MISMATCH
                                  3 UNINIT
                                  2 UNUSED_VALUE

There are many issues are fixed by this build, and still need to confirm the following items:

1 FORWARD_NULL         if 'from' is NULL, need to check the following codes:
<snip>
16808     if (tree) {
16809         char indentBuf[INDENT_BUFLEN];
16810         for (i = 0 ; i < actual ; i++) {
16811             memset(indentBuf, '\0', sizeof(indentBuf));
16812             if (ctl->useSnapshotOld ? STREQ(names[i], from) : !parents[i])
</snip>
  
7 RESOURCE_LEAK        (it should be confirmed by Osier)
3 UNINIT               (need to confirm them)

In addition, for other error, please also confirm whether they're harmless for libvirt.

Comment 42 Alex Jia 2012-05-16 07:43:43 UTC
Moreover, there are 2 new issues are introduced by patches:

Error: DEADCODE:
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2852: dead_error_condition: On this path, the switch value "netType" cannot be "VIR_DOMAIN_NET_TYPE_HOSTDEV".
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2799: const: After this line, the value of "netType" is equal to 2.
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2799: const: After this line, the value of "netType" is equal to 3.
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2799: const: After this line, the value of "netType" is equal to 4.
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2823: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_CLIENT".
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2825: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_MCAST".
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2824: equality_cond: Jumping to case "VIR_DOMAIN_NET_TYPE_SERVER".
/builddir/build/BUILD/libvirt-0.9.10/src/qemu/qemu_command.c:2852: dead_error_line: Execution cannot reach this statement "case VIR_DOMAIN_NET_TYPE_HO...".

Error: EVALUATION_ORDER:
/builddir/build/BUILD/libvirt-0.9.10/src/conf/domain_conf.c:7159: write_write_order: In "disk = disk = def->disks[i]", "disk" is written in "disk" (the assignment left-hand side) and written in "disk = def->disks[i]" but the order in which the side effects take place is undefined because there is no intervening sequence point.

IMHO, they should be harmless for libvirt.

Comment 43 Alex Jia 2012-05-16 07:44:19 UTC
Created attachment 584879 [details]
CoverityScan-libvirt-0.9.10-20.el6

Comment 44 Alex Jia 2012-05-29 03:03:41 UTC
Coverity hasn't new complaint for libvirt-0.9.10-21.el6 except new "Error: MISSING_RETURN", it's harmless for libvirt. 

In addition, some memory leaks issues have been fixed and still need to confirm NULL pointer defering issues, I will close the bug then file a new bug for 6.4 to trace reset of Coverity relevant issues, meanwhile, the bug is a tracking bug for 6.4 like 6.3.

Comment 45 Alex Jia 2012-05-29 03:14:36 UTC
File a new bug for 6.4:
https://bugzilla.redhat.com/show_bug.cgi?id=825903

Comment 47 errata-xmlrpc 2012-06-20 06:40:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0748.html


Note You need to log in before you can comment on or make changes to this bug.