Bug 965944 - [Hyper-V][CoverityScan][RHEL6.5]Unchecked_value, null returns and resource leak
[Hyper-V][CoverityScan][RHEL6.5]Unchecked_value, null returns and resource leak
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: hypervkvpd (Show other bugs)
6.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Tomáš Hozza
Virtualization Bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-22 03:00 EDT by Shengnan Wang
Modified: 2013-11-20 23:52 EST (History)
5 users (show)

See Also:
Fixed In Version: hypervkvpd-0-0.10.el6
Doc Type: Bug Fix
Doc Text:
Cause: Static analysis of hypervkvpd source discovered some potential errors. Consequence: There were no real consequences so far caused by found errors. Potential errors were fixed for sanity reasons. Fix: Found errors were fixed (unclosed file descriptors were closed, return values checks were added to some function calls). Result: Fixed errors are no longer reported by static analysis of the daemon source code.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-20 23:52:01 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Shengnan Wang 2013-05-22 03:00:27 EDT
Description of problem:

Run CoverityScan with hypervkvpd-0-0.9.el6.src.rpm, there are 15 issues in the result.

Analysis summary report:
------------------------
Files analyzed                  : 8
Total LoC input to cov-analyze  : 17779
Functions analyzed              : 41
Paths analyzed                  : 4674
Time taken by Coverity analysis : 00:00:04
Defect occurrences found        : 15 Total
                                   2 CHECKED_RETURN
                                   1 CONSTANT_EXPRESSION_RESULT
                                   1 NULL_RETURNS
                                   3 RESOURCE_LEAK
                                   7 STRING_OVERFLOW
                                   1 TOCTOU

Details, please have a look at http://cov01.lab.eng.brq.redhat.com/covscanhub/task/2679/log/hypervkvpd-0-0.9.el6/run1/hypervkvpd-0-0.9.el6.err .

Discussed with tomas by email, CHECKED_RETURN, NULL_RETURNS, RESOURCE_LEAK issues will be fixed. So file the bug to trace the issue. 

Error: CHECKED_RETURN (CWE-252):
hypervkvpd-0/hv_kvp_daemon.c:1467: check_return: Calling function "poll(&pfd, 1UL, -1)" without checking return value. This library function may fail and return an error code.
hypervkvpd-0/hv_kvp_daemon.c:1467: unchecked_value: No check of the return value of "poll(&pfd, 1UL, -1)". 

Error: CHECKED_RETURN (CWE-252):
hypervkvpd-0/hv_kvp_daemon.c:1440: check_return: Calling function "setsockopt(fd, 270, 1, &sock_opt, 4U)" without checking return value. This library function may fail and return an error code.
hypervkvpd-0/hv_kvp_daemon.c:1440: unchecked_value: No check of the return value of "setsockopt(fd, 270, 1, &sock_opt, 4U)".

Error: NULL_RETURNS (CWE-476):
hypervkvpd-0/hv_kvp_daemon.c:751: returned_null: Function "__coverity_strchr(char const *, int)" returns null (checked 6 out of 7 times).
hypervkvpd-0/hv_kvp_daemon.c:615: example_assign: Example1: Assigning: "x" = return value from "__coverity_strchr(p, 10)".
hypervkvpd-0/hv_kvp_daemon.c:616: example_checked: Example1 (cont.): "x" has its value checked in "x".
hypervkvpd-0/hv_kvp_daemon.c:540: example_assign: Example2: Assigning: "p" = return value from "__coverity_strchr(buf, 10)"
hypervkvpd-0/hv_kvp_daemon.c:541: example_checked: Example2 (cont.): "p" has its value checked in "p".
hypervkvpd-0/hv_kvp_daemon.c:551: example_assign: Example3: Assigning: "p" = return value from "__coverity_strchr(buf, 10)".
hypervkvpd-0/hv_kvp_daemon.c:552: example_checked: Example3 (cont.): "p" has its value checked in "p".
hypervkvpd-0/hv_kvp_daemon.c:658: example_assign: Example4: Assigning: "x" = return value from "__coverity_strchr(p, 10)".
hypervkvpd-0/hv_kvp_daemon.c:659: example_checked: Example4 (cont.): "x" has its value checked in "x".
hypervkvpd-0/hv_kvp_daemon.c:704: example_assign: Example5: Assigning: "x" = return value from "__coverity_strchr(p, 10)".
hypervkvpd-0/hv_kvp_daemon.c:705: example_checked: Example5 (cont.): "x" has its value checked in "x".
hypervkvpd-0/hv_kvp_daemon.c:751: var_assigned: Assigning: "x" = null return value from "__coverity_strchr(char const *, int)".
hypervkvpd-0/hv_kvp_daemon.c:752: dereference: Dereferencing a null pointer "x".

Error: RESOURCE_LEAK (CWE-772):
hypervkvpd-0/hv_kvp_daemon.c:248: open_fn: Returning handle opened by function "open(char const *, int, ...)".
hypervkvpd-0/hv_kvp_daemon.c:248: var_assign: Assigning: "fd" = handle returned from "open(fname, 524354, 420)".
hypervkvpd-0/hv_kvp_daemon.c:256: leaked_handle: Handle variable "fd" going out of scope leaks the handle. 

Error: RESOURCE_LEAK (CWE-772):
hypervkvpd-0/hv_kvp_daemon.c:248: open_fn: Returning handle opened by function "open(char const *, int, ...)".
hypervkvpd-0/hv_kvp_daemon.c:248: var_assign: Assigning: "fd" = handle returned from "open(fname, 524354, 420)".
hypervkvpd-0/hv_kvp_daemon.c:261: leaked_handle: Handle variable "fd" going out of scope leaks the handle. 

Error: RESOURCE_LEAK (CWE-772):
hypervkvpd-0/hv_kvp_daemon.c:248: open_fn: Returning handle opened by function "open(char const *, int, ...)".
hypervkvpd-0/hv_kvp_daemon.c:248: var_assign: Assigning: "fd" = handle returned from "open(fname, 524354, 420)".
hypervkvpd-0/hv_kvp_daemon.c:284: leaked_handle: Handle variable "fd" going out of scope leaks the handle.

How reproducible:
100%

Steps to Reproduce:
These issues were found by static analysis tool. Run the CoverityScan test tools and check the report.

Actual results:
CHECKED_RETURN, NULL_RETURNS, RESOURCE_LEAK issues in the result report when run CoverityScan test.

Expected results:
No these issues in the result report when run CoverityScan test.

Additional info:
Comment 2 Tomáš Hozza 2013-05-22 04:20:51 EDT
I already sent patches to upstream and I'm waiting for their acceptance.
Comment 6 RHEL Product and Program Management 2013-06-04 09:20:44 EDT
This request was evaluated by Red Hat Product Management for
inclusion in a Red Hat Enterprise Linux release.  Product
Management has requested further review of this request by
Red Hat Engineering, for potential inclusion in a Red Hat
Enterprise Linux release for currently deployed products.
This request is not yet committed for inclusion in a release.
Comment 16 errata-xmlrpc 2013-11-20 23:52:01 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1539.html

Note You need to log in before you can comment on or make changes to this bug.