Description of problem: Coverity reported two problems with checking return values of APIs. This could lead to a crash in error code paths. Fixed upstream in commit d6f25a7834fcad5f1ee1f8ea8f942b883086f3da Author: Daniel P. Berrange <berrange> Date: Mon Dec 10 16:59:19 2012 +0000 Fix some return value checks virDomainScreenshot and virDomainSnapshotCurrent both return pointers, so must compare " != NULL" instead of "< 0" Signed-off-by: Daniel P. Berrange <berrange> Version-Release number of selected component (if applicable): perl-Sys-Virt-0.10.2-4.el6
Coverity scan on perl-Sys-Virt-0.10.2-5.el6.src.rpm. Without patches(run0): List of Defects Error: BAD_COMPARE (CWE-628): [#def1] Sys-Virt-0.10.2/Virt.xs:2923: null_misuse: Comparing pointer "virDomainScreenshot(dom, st, screen, flags)" against NULL using anything besides == or != is likely to be incorrect. Error: BAD_COMPARE (CWE-628): [#def2] Sys-Virt-0.10.2/Virt.xs:4277: null_misuse: Comparing pointer "RETVAL = virDomainSnapshotCurrent(dom, flags)" against NULL using anything besides == or != is likely to be incorrect. Error: DEADCODE (CWE-561): [#def3] Sys-Virt-0.10.2/Virt.xs:2923: dead_error_condition: The condition "virDomainScreenshot(dom, st, screen, flags) < NULL" cannot be true. Sys-Virt-0.10.2/Virt.xs:2924: dead_error_line: Execution cannot reach this statement "_croak_error();". Error: DEADCODE (CWE-561): [#def4] Sys-Virt-0.10.2/Virt.xs:4277: dead_error_condition: The condition "(RETVAL = virDomainSnapshotCurrent(dom, flags)) < NULL" cannot be true. Sys-Virt-0.10.2/Virt.xs:4278: dead_error_line: Execution cannot reach this statement "_croak_error();". Error: NO_EFFECT (CWE-398): [#def5] Sys-Virt-0.10.2/Virt.xs:5936: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "nbytes < 0UL". Error: SIGN_EXTENSION (CWE-194): [#def6] Sys-Virt-0.10.2/Virt.xs:4112: sign_extension: Suspicious implicit sign extension: "dominfo.nrVirtCpu" with type "unsigned short" (16 bits, unsigned) is promoted in "dominfo.nrVirtCpu * maplen" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "dominfo.nrVirtCpu * maplen" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. With patches(run1): List of Defects Error: NO_EFFECT (CWE-398): [#def1] Sys-Virt-0.10.2/Virt.xs:5952: unsigned_compare: This less-than-zero comparison of an unsigned value is never true. "nbytes < 0UL". Error: SIGN_EXTENSION (CWE-194): [#def2] Sys-Virt-0.10.2/Virt.xs:4128: sign_extension: Suspicious implicit sign extension: "dominfo.nrVirtCpu" with type "unsigned short" (16 bits, unsigned) is promoted in "dominfo.nrVirtCpu * maplen" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "dominfo.nrVirtCpu * maplen" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. Notes, previous issues have been fixed, the rest of NO_EFFECT and SIGN_EXTENSION are harmless, so move the bug to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0377.html