[libvirt] Coverity automatic detection
Alex Jia
ajia at redhat.com
Thu Jan 5 07:13:48 UTC 2012
This email is automatically generated.
The test result is based on the following git commit:
49d8c8b Support Xen domctl v8
Analysis summary report:
------------------------
Files analyzed : 235
Total LoC input to cov-analyze : 330902
Functions analyzed : 8031
Paths analyzed : 940313
Defect occurrences found : 110 Total
7 ATOMICITY
5 CHECKED_RETURN
15 DEADCODE
6 FORWARD_NULL
13 LOCK
2 NEGATIVE_RETURNS
1 NULL_RETURNS
9 RESOURCE_LEAK
1 RETURN_LOCAL
12 REVERSE_INULL
3 SECURE_TEMP
2 STRING_NULL
12 TAINTED_SCALAR
4 TAINTED_STRING
12 TOCTOU
4 UNINIT
2 UNUSED_VALUE
Exceeded path limit of 5000 paths in 0.47% of functions (normally up to 5% of functions encounter this limitation)
For details, please see attachment.
Regards,
Alex
-------------- next part --------------
Error: ATOMICITY:
/libvirt/src/util/event_poll.c:603:
lock: Locking "eventLoop.lock.lock".
/libvirt/src/util/event_poll.c:610:
def: Assigning: "fds" = data that might be protected by the lock.
/libvirt/src/util/event_poll.c:614:
unlock: Unlocking "eventLoop.lock.lock". "fds" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/util/event_poll.c:632:
lockagain: Locking "eventLoop.lock.lock" again.
/libvirt/src/util/event_poll.c:636:
use: Using an unreliable value of "fds" inside the second locked section. If the data that "fds" depends on was changed by another thread, this use might be incorrect.
Error: ATOMICITY:
/libvirt/src/rpc/virnetclientstream.c:386:
lock: Locking "st->lock.lock".
/libvirt/src/rpc/virnetclientstream.c:397:
def: Assigning: "msg" = data that might be protected by the lock.
/libvirt/src/rpc/virnetclientstream.c:410:
unlock: Unlocking "st->lock.lock". "msg" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/rpc/virnetclientstream.c:412:
lockagain: Locking "st->lock.lock" again.
/libvirt/src/rpc/virnetclientstream.c:413:
use: Using an unreliable value of "msg" inside the second locked section. If the data that "msg" depends on was changed by another thread, this use might be incorrect.
Error: ATOMICITY:
/libvirt/src/rpc/virnetclientstream.c:96:
lock: Locking "st->lock.lock".
/libvirt/src/rpc/virnetclientstream.c:109:
def: Assigning: "cbOpaque" = data that might be protected by the lock.
/libvirt/src/rpc/virnetclientstream.c:113:
unlock: Unlocking "st->lock.lock". "cbOpaque" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/rpc/virnetclientstream.c:115:
lockagain: Locking "st->lock.lock" again.
/libvirt/src/rpc/virnetclientstream.c:119:
use: Using an unreliable value of "cbOpaque" inside the second locked section. If the data that "cbOpaque" depends on was changed by another thread, this use might be incorrect.
Error: ATOMICITY:
/libvirt/src/util/threadpool.c:95:
lock: Locking "pool->mutex.lock".
/libvirt/src/util/threadpool.c:129:
def: Assigning: "pool->jobList.firstPrio" = data that might be protected by the lock.
/libvirt/src/util/threadpool.c:143:
unlock: Unlocking "pool->mutex.lock". "pool->jobList.firstPrio" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/util/threadpool.c:146:
lockagain: Locking "pool->mutex.lock" again.
/libvirt/src/util/threadpool.c:116:
use: Using an unreliable value of "pool->jobList.firstPrio" inside the second locked section. If the data that "pool->jobList.firstPrio" depends on was changed by another thread, this use might be incorrect.
Error: ATOMICITY:
/libvirt/src/util/threadpool.c:146:
lock: Locking "pool->mutex.lock".
/libvirt/src/util/threadpool.c:129:
def: Assigning: "pool->jobList.firstPrio" = data that might be protected by the lock.
/libvirt/src/util/threadpool.c:143:
unlock: Unlocking "pool->mutex.lock". "pool->jobList.firstPrio" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/util/threadpool.c:146:
lockagain: Locking "pool->mutex.lock" again.
/libvirt/src/util/threadpool.c:116:
use: Using an unreliable value of "pool->jobList.firstPrio" inside the second locked section. If the data that "pool->jobList.firstPrio" depends on was changed by another thread, this use might be incorrect.
Error: ATOMICITY:
/libvirt/src/util/threadpool.c:146:
lock: Locking "pool->mutex.lock".
/libvirt/src/util/threadpool.c:135:
def: Assigning: "pool->jobList.head" = data that might be protected by the lock.
/libvirt/src/util/threadpool.c:143:
unlock: Unlocking "pool->mutex.lock". "pool->jobList.head" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/util/threadpool.c:146:
lockagain: Locking "pool->mutex.lock" again.
/libvirt/src/util/threadpool.c:118:
use: Using an unreliable value of "pool->jobList.head" inside the second locked section. If the data that "pool->jobList.head" depends on was changed by another thread, this use might be incorrect.
Error: ATOMICITY:
/libvirt/src/fdstream.c:146:
lock: Locking "fdst->lock.lock".
/libvirt/src/fdstream.c:153:
def: Assigning: "cbopaque" = data that might be protected by the lock.
/libvirt/src/fdstream.c:156:
unlock: Unlocking "fdst->lock.lock". "cbopaque" might now be unreliable because other threads can now change the data that it depends on.
/libvirt/src/fdstream.c:160:
lockagain: Locking "fdst->lock.lock" again.
/libvirt/src/fdstream.c:163:
use: Using an unreliable value of "cbopaque" inside the second locked section. If the data that "cbopaque" depends on was changed by another thread, this use might be incorrect.
Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd.c:844:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd.c:937:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd.c:947:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:943:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd.c:947:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:300:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:793:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/src/conf/network_conf.c:587:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 430 out of 452 times).
/libvirt/src/conf/network_conf.c:587:
unchecked_value: No check of the return value of "virAsprintf(&name, dcgettext("libvirt", "Service name is too long, limit is %d bytes", 5), 482)".
Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd.c:844:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd.c:937:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd.c:947:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:943:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd.c:947:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:300:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:793:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2888:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 430 out of 452 times).
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2888:
unchecked_value: No check of the return value of "virAsprintf(&protostr, "-d 01:80:c2:00:00:00 ")".
Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd.c:844:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd.c:937:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd.c:947:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:943:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd.c:947:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:300:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:793:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2891:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 430 out of 452 times).
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:2891:
unchecked_value: No check of the return value of "virAsprintf(&protostr, "-p 0x%04x ", l3_protocols[protoidx].attr)".
Error: CHECKED_RETURN:
/libvirt/daemon/libvirtd.c:844:
example_checked: "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir)" has its value checked in "virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", userdir) < 0".
/libvirt/daemon/libvirtd.c:937:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host")".
/libvirt/daemon/libvirtd.c:947:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:943:
example_assign: Assigning: "ret" = return value from "virAsprintf(&data->mdns_name, "Virtualization Host %s", localhost)".
/libvirt/daemon/libvirtd.c:947:
example_checked: "ret" has its value checked in "ret < 0".
/libvirt/daemon/libvirtd.c:300:
example_checked: "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir)" has its value checked in "virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", userdir) < 0".
/libvirt/daemon/libvirtd.c:793:
example_checked: "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var")" has its value checked in "virAsprintf(&tmp, "%d:file:%s/log/libvirt/libvirtd.log", virLogGetDefaultPriority(), "/usr/local/var") == -1".
/libvirt/src/qemu/qemu_process.c:2421:
check_return: Calling function "virAsprintf" without checking return value (as is done elsewhere 430 out of 452 times).
/libvirt/src/qemu/qemu_process.c:2421:
unchecked_value: No check of the return value of "virAsprintf(&msg, "was paused (%s)", virDomainPausedReasonTypeToString(reason))".
Error: CHECKED_RETURN:
/libvirt/tools/virsh.c:3425:
example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0".
/libvirt/tools/virsh.c:2956:
example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0".
/libvirt/tools/virsh.c:6295:
example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0".
/libvirt/tools/virsh.c:2630:
example_checked: "pthread_sigmask(0, &sigmask, &oldsigmask)" has its value checked in "pthread_sigmask(0, &sigmask, &oldsigmask) < 0".
/libvirt/tools/virsh.c:6491:
check_return: Calling function "pthread_sigmask" without checking return value (as is done elsewhere 4 out of 5 times).
/libvirt/tools/virsh.c:6491:
unchecked_value: No check of the return value of "pthread_sigmask(0, &sigmask, &oldsigmask)".
Error: DEADCODE:
/libvirt/gnulib/lib/strerror_r.c:155:
dead_error_condition: On this path, the condition "msg" cannot be true.
/libvirt/gnulib/lib/strerror_r.c:153:
const: After this line, the value of "msg" is equal to 0.
/libvirt/gnulib/lib/strerror_r.c:153:
assignment: Assigning: "msg" = "NULL".
/libvirt/gnulib/lib/strerror_r.c:156:
dead_error_line: Execution cannot reach this statement "return safe_copy(buf, bufle...".
Error: DEADCODE:
/libvirt/gnulib/lib/strerror.c:47:
dead_error_condition: On this path, the condition "msg" cannot be true.
/libvirt/gnulib/lib/strerror.c:46:
const: After this line, the value of "msg" is equal to 0.
/libvirt/gnulib/lib/strerror.c:46:
assignment: Assigning: "msg" = "NULL".
/libvirt/gnulib/lib/strerror.c:48:
dead_error_line: Execution cannot reach this statement "return (char *)msg;".
Error: DEADCODE:
/libvirt/src/rpc/virnetclient.c:334:
dead_error_condition: On this path, the condition "ka" cannot be true.
/libvirt/src/rpc/virnetclient.c:276:
const: After this line, the value of "ka" is equal to 0.
/libvirt/src/rpc/virnetclient.c:314:
const: After this line, the value of "ka" is equal to 0.
/libvirt/src/rpc/virnetclient.c:276:
assignment: Assigning: "ka" = "NULL".
/libvirt/src/rpc/virnetclient.c:314:
new_values: Noticing condition "ka = virKeepAliveNew(-1, 0U, client, virNetClientKeepAliveSendCB, virNetClientKeepAliveDeadCB, virNetClientEventFree)".
/libvirt/src/rpc/virnetclient.c:335:
dead_error_begin: Execution cannot reach this statement "virKeepAliveStop(ka);".
Error: DEADCODE:
/libvirt/src/libvirt.c:8635:
dead_error_condition: On this path, the condition "maplen < 0" cannot be true.
/libvirt/src/libvirt.c:8635:
at_least: After this line, the value of "maplen" is at least 1.
/libvirt/src/libvirt.c:8635:
new_values: Noticing condition "maplen <= 0".
/libvirt/src/libvirt.c:8635:
dead_error_line: Execution cannot reach this expression "0 < maxinfo" inside statement "if (!cpumaps ? maplen != 0 ...".
Error: DEADCODE:
/libvirt/src/libvirt.c:8635:
dead_error_condition: On this path, the condition "maxinfo < 0" cannot be true.
/libvirt/src/libvirt.c:8628:
at_least: After this line, the value of "maxinfo" is at least 1.
/libvirt/src/libvirt.c:8628:
new_values: Noticing condition "maxinfo < 1".
/libvirt/src/libvirt.c:8635:
dead_error_line: Execution cannot reach this expression "0 < maplen" inside statement "if (!cpumaps ? maplen != 0 ...".
Error: DEADCODE:
/libvirt/src/libvirt.c:8635:
dead_error_condition: On this path, the condition "maplen < 0" cannot be true.
/libvirt/src/libvirt.c:8635:
at_least: After this line, the value of "maplen" is at least 1.
/libvirt/src/libvirt.c:8635:
new_values: Noticing condition "maplen < 0".
/libvirt/src/libvirt.c:8635:
new_values: Noticing condition "maplen <= 0".
/libvirt/src/libvirt.c:8635:
dead_error_line: Execution cannot reach this expression "maxinfo < 0" inside statement "if (!cpumaps ? maplen != 0 ...".
Error: DEADCODE:
/libvirt/src/libvirt.c:8635:
dead_error_condition: On this path, the condition "maplen == 0" cannot be true.
/libvirt/src/libvirt.c:8635:
at_least: After this line, the value of "maplen" is at least 1.
/libvirt/src/libvirt.c:8635:
new_values: Noticing condition "maplen < 0".
/libvirt/src/libvirt.c:8635:
new_values: Noticing condition "maplen <= 0".
/libvirt/src/libvirt.c:8635:
dead_error_line: Execution cannot reach this expression "0" inside statement "if (!cpumaps ? maplen != 0 ...".
Error: DEADCODE:
/libvirt/src/libvirt.c:8635:
dead_error_condition: On this path, the condition "maxinfo < 0" cannot be true.
/libvirt/src/libvirt.c:8628:
at_least: After this line, the value of "maxinfo" is at least 1.
/libvirt/src/libvirt.c:8635:
at_least: After this line, the value of "maxinfo" is at least 1.
/libvirt/src/libvirt.c:8635:
new_values: Noticing condition "maxinfo < 0".
/libvirt/src/libvirt.c:8628:
new_values: Noticing condition "maxinfo < 1".
/libvirt/src/libvirt.c:8635:
dead_error_line: Execution cannot reach this expression "maxinfo" inside statement "if (!cpumaps ? maplen != 0 ...".
Error: DEADCODE:
/libvirt/src/libvirt.c:8556:
dead_error_condition: On this path, the condition "maplen < 0" cannot be true.
/libvirt/src/libvirt.c:8556:
at_least: After this line, the value of "maplen" is at least 1.
/libvirt/src/libvirt.c:8556:
new_values: Noticing condition "maplen <= 0".
/libvirt/src/libvirt.c:8556:
dead_error_line: Execution cannot reach this expression "0 < ncpumaps" inside statement "if (ncpumaps < 1 || !cpumap...".
Error: DEADCODE:
/libvirt/src/libvirt.c:8556:
dead_error_condition: On this path, the condition "ncpumaps < 0" cannot be true.
/libvirt/src/libvirt.c:8556:
at_least: After this line, the value of "ncpumaps" is at least 1.
/libvirt/src/libvirt.c:8556:
new_values: Noticing condition "ncpumaps < 1".
/libvirt/src/libvirt.c:8556:
dead_error_line: Execution cannot reach this expression "0 < maplen" inside statement "if (ncpumaps < 1 || !cpumap...".
Error: DEADCODE:
/libvirt/src/libvirt.c:8556:
dead_error_condition: On this path, the condition "maplen < 0" cannot be true.
/libvirt/src/libvirt.c:8556:
at_least: After this line, the value of "maplen" is at least 1.
/libvirt/src/libvirt.c:8556:
new_values: Noticing condition "maplen < 0".
/libvirt/src/libvirt.c:8556:
new_values: Noticing condition "maplen <= 0".
/libvirt/src/libvirt.c:8556:
dead_error_line: Execution cannot reach this expression "ncpumaps < 0" inside statement "if (ncpumaps < 1 || !cpumap...".
Error: DEADCODE:
/libvirt/src/libvirt.c:8556:
dead_error_condition: On this path, the condition "maplen == 0" cannot be true.
/libvirt/src/libvirt.c:8556:
at_least: After this line, the value of "maplen" is at least 1.
/libvirt/src/libvirt.c:8556:
new_values: Noticing condition "maplen < 0".
/libvirt/src/libvirt.c:8556:
new_values: Noticing condition "maplen <= 0".
/libvirt/src/libvirt.c:8556:
dead_error_line: Execution cannot reach this expression "0" inside statement "if (ncpumaps < 1 || !cpumap...".
Error: DEADCODE:
/libvirt/src/libvirt.c:8556:
dead_error_condition: On this path, the condition "ncpumaps < 0" cannot be true.
/libvirt/src/libvirt.c:8556:
at_least: After this line, the value of "ncpumaps" is at least 1.
/libvirt/src/libvirt.c:8556:
new_values: Noticing condition "ncpumaps < 0".
/libvirt/src/libvirt.c:8556:
new_values: Noticing condition "ncpumaps < 1".
/libvirt/src/libvirt.c:8556:
dead_error_line: Execution cannot reach this expression "ncpumaps" inside statement "if (ncpumaps < 1 || !cpumap...".
Error: DEADCODE:
/libvirt/src/qemu/qemu_driver.c:8199:
dead_error_condition: On this path, the condition "group" cannot be true.
/libvirt/src/qemu/qemu_driver.c:8079:
const: After this line, the value of "group" is equal to 0.
/libvirt/src/qemu/qemu_driver.c:8079:
assignment: Assigning: "group" = "NULL".
/libvirt/src/qemu/qemu_driver.c:8200:
dead_error_line: Execution cannot reach this statement "virCgroupFree(&group);".
Error: DEADCODE:
/libvirt/src/lxc/lxc_controller.c:885:
dead_error_condition: On this path, the condition "ret == 4" cannot be true.
/libvirt/src/lxc/lxc_controller.c:884:
at_most: After this line, the value of "ret" is at most -1.
/libvirt/src/lxc/lxc_controller.c:884:
new_values: Noticing condition "ret < 0".
/libvirt/src/lxc/lxc_controller.c:886:
dead_error_line: Execution cannot reach this statement "continue;".
Error: FORWARD_NULL:
/libvirt/src/util/command.c:1604:
var_compare_op: Comparing "cmd->errbuf" to null implies that "cmd->errbuf" might be null.
/libvirt/src/util/command.c:1661:
alias_transfer: Assigning null: "buf" = "cmd->errbuf".
/libvirt/src/util/command.c:1683:
var_deref_model: Passing null variable "buf" to function "virReallocN", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
Error: FORWARD_NULL:
/libvirt/src/util/command.c:1597:
var_compare_op: Comparing "cmd->outbuf" to null implies that "cmd->outbuf" might be null.
/libvirt/src/util/command.c:1658:
alias_transfer: Assigning null: "buf" = "cmd->outbuf".
/libvirt/src/util/command.c:1683:
var_deref_model: Passing null variable "buf" to function "virReallocN", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
Error: FORWARD_NULL:
/libvirt/src/rpc/virnetserver.c:726:
var_compare_op: Comparing "srv->clients" to null implies that "srv->clients" might be null.
/libvirt/src/rpc/virnetserver.c:748:
var_deref_op: Dereferencing null variable "srv->clients".
Error: FORWARD_NULL:
/libvirt/tools/virsh.c:15212:
var_compare_op: Comparing "from" to null implies that "from" might be null.
/libvirt/tools/virsh.c:15213:
var_deref_model: Passing null variable "from" to function "__coverity_strcmp", which dereferences it.
Error: FORWARD_NULL:
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:3580:
var_compare_op: Comparing "inst" to null implies that "inst" might be null.
/libvirt/src/nwfilter/nwfilter_ebiptables_driver.c:3587:
var_deref_op: Dereferencing null variable "inst".
Error: FORWARD_NULL:
/libvirt/src/qemu/qemu_driver.c:6438:
assign_zero: Assigning: "group" = 0.
/libvirt/src/qemu/qemu_driver.c:6544:
var_deref_model: Passing null variable "group" to function "virCgroupGetMemoryHardLimit", which dereferences it.
/libvirt/src/util/cgroup.c:1106:
deref_parm_in_call: Function "virCgroupGetValueU64" dereferences parameter "group".
/libvirt/src/util/cgroup.c:434:
deref_parm_in_call: Function "virCgroupGetValueStr" dereferences parameter "group".
/libvirt/src/util/cgroup.c:343:
deref_parm_in_call: Function "virCgroupPathOfController" dereferences parameter "group".
/libvirt/src/util/cgroup.c:280:
deref_parm: Directly dereferencing parameter "group".
Error: LOCK:
/libvirt/src/datatypes.c:406:
lock: "virMutexLock" locks "network->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:413:
missing_unlock: Returning without unlocking "network->conn->lock.lock".
Error: LOCK:
/libvirt/src/datatypes.c:1067:
lock: "virMutexLock" locks "secret->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:1074:
missing_unlock: Returning without unlocking "secret->conn->lock.lock".
Error: LOCK:
/libvirt/src/datatypes.c:144:
lock: "virMutexLock" locks "conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:151:
missing_unlock: Returning without unlocking "conn->lock.lock".
Error: LOCK:
/libvirt/src/util/event_poll.c:441:
lock: "virMutexLock" locks "eventLoop.lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/util/event_poll.c:444:
missing_unlock: Returning without unlocking "eventLoop.lock.lock".
Error: LOCK:
/libvirt/src/nwfilter/nwfilter_learnipaddr.c:180:
lock: "virMutexLock" locks "ifaceLock->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/nwfilter/nwfilter_learnipaddr.c:182:
missing_unlock: Returning without unlocking "ifaceLock->lock.lock".
Error: LOCK:
/libvirt/src/datatypes.c:275:
lock: "virMutexLock" locks "domain->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:282:
missing_unlock: Returning without unlocking "domain->conn->lock.lock".
Error: LOCK:
/libvirt/src/datatypes.c:1125:
lock: "virMutexLock" locks "st->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:1132:
missing_unlock: Returning without unlocking "st->conn->lock.lock".
Error: LOCK:
/libvirt/src/datatypes.c:676:
lock: "virMutexLock" locks "pool->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:683:
missing_unlock: Returning without unlocking "pool->conn->lock.lock".
Error: LOCK:
/libvirt/src/datatypes.c:1351:
lock: "virMutexLock" locks "snapshot->domain->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:1358:
missing_unlock: Returning without unlocking "snapshot->domain->conn->lock.lock".
Error: LOCK:
/libvirt/src/datatypes.c:820:
lock: "virMutexLock" locks "vol->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:827:
missing_unlock: Returning without unlocking "vol->conn->lock.lock".
Error: LOCK:
/libvirt/src/datatypes.c:938:
lock: "virMutexLock" locks "dev->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:945:
missing_unlock: Returning without unlocking "dev->conn->lock.lock".
Error: LOCK:
/libvirt/src/datatypes.c:1260:
lock: "virMutexLock" locks "nwfilter->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:1268:
missing_unlock: Returning without unlocking "nwfilter->conn->lock.lock".
Error: LOCK:
/libvirt/src/datatypes.c:542:
lock: "virMutexLock" locks "iface->conn->lock.lock".
/libvirt/src/util/threads-pthread.c:85:
lock: "pthread_mutex_lock" locks "m->lock".
/libvirt/src/datatypes.c:549:
missing_unlock: Returning without unlocking "iface->conn->lock.lock".
Error: NEGATIVE_RETURNS:
/libvirt/src/util/buf.c:147:
negative_return_fn: Function "virBufferGetIndent(buf, true)" returns a negative number.
/libvirt/src/util/buf.c:89:
return_negative_constant: Explicitly returning negative value "-1".
/libvirt/src/util/buf.c:147:
var_assign: Assigning: signed variable "indent" = "virBufferGetIndent".
/libvirt/src/util/buf.c:157:
negative_returns: "indent" is passed to a parameter that cannot be negative.
Error: NEGATIVE_RETURNS:
/libvirt/src/util/command.c:1620:
var_tested_neg: Variable "infd" tests negative.
/libvirt/src/util/command.c:1699:
negative_returns: "infd" is passed to a parameter that cannot be negative.
Error: NULL_RETURNS:
/libvirt/src/qemu/qemu_hostdev.c:102:
example_checked: "pciDeviceListFind(driver->activePciHostdevs, dev)" has its value checked in "activeDev = pciDeviceListFind(driver->activePciHostdevs, dev)".
/libvirt/src/qemu/qemu_hostdev.c:493:
example_assign: Assigning: "activeDev" = return value from "pciDeviceListFind(driver->activePciHostdevs, dev)".
/libvirt/src/qemu/qemu_hostdev.c:494:
example_checked: "activeDev" has its value checked in "activeDev".
/libvirt/src/qemu/qemu_hostdev.c:196:
example_checked: "pciDeviceListFind(driver->activePciHostdevs, dev)" has its value checked in "other = pciDeviceListFind(driver->activePciHostdevs, dev)".
/libvirt/src/qemu/qemu_hostdev.c:268:
example_checked: "pciDeviceListFind(pcidevs, dev)" has its value checked in "pcidev = pciDeviceListFind(pcidevs, dev)".
/libvirt/src/util/pci.c:1488:
example_checked: "pciDeviceListFind(list, dev)" has its value checked in "pciDeviceListFind(list, dev)".
/libvirt/src/qemu/qemu_hostdev.c:243:
returned_null: Function "pciDeviceListFind" returns null (checked 9 out of 10 times).
/libvirt/src/util/pci.c:1572:
return_null: Explicitly returning NULL.
/libvirt/src/qemu/qemu_hostdev.c:243:
var_assigned: Assigning: "activeDev" = null return value from "pciDeviceListFind".
/libvirt/src/qemu/qemu_hostdev.c:245:
dereference: Dereferencing a pointer that might be null "activeDev" when calling "pciDeviceSetUsedBy".
/libvirt/src/util/pci.c:1436:
deref_parm: Directly dereferencing parameter "dev".
Error: RESOURCE_LEAK:
/libvirt/src/util/uuid.c:238:
open_fn: Calling opening function "open".
/libvirt/src/util/uuid.c:238:
var_assign: Assigning: "fd" = handle returned from "open(paths[i], 0)".
/libvirt/src/util/uuid.c:239:
off_by_one: Testing whether handle "fd" is strictly greater than zero is suspicious. Did you intend to include equality with zero? "fd" leaks when it is zero.
/libvirt/src/util/uuid.c:247:
leaked_handle: Handle variable "fd" going out of scope leaks the handle.
Error: RESOURCE_LEAK:
/libvirt/src/qemu/qemu_hostdev.c:333:
alloc_fn: Calling allocation function "usbDeviceListNew".
/libvirt/src/util/hostusb.c:274:
alloc_arg: "virAlloc" allocates memory that is stored into "list".
/libvirt/src/util/memory.c:101:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:101:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(1UL, size)".
/libvirt/src/util/hostusb.c:279:
return_alloc: Returning allocated memory "list".
/libvirt/src/qemu/qemu_hostdev.c:333:
var_assign: Assigning: "list" = storage returned from "usbDeviceListNew()".
/libvirt/src/qemu/qemu_hostdev.c:374:
noescape: Variable "list" is not freed or pointed-to in function "usbDeviceListAdd".
/libvirt/src/util/hostusb.c:298:33:
noescape: "usbDeviceListAdd" does not free or save its pointer parameter "list".
/libvirt/src/qemu/qemu_hostdev.c:354:
leaked_storage: Variable "list" going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK:
/libvirt/src/esx/esx_vi.c:1893:
alloc_arg: Calling allocation function "esxVI_ObjectSpec_Alloc" on "objectSpec".
/libvirt/src/esx/esx_vi_types.generated.c:2065:
alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
/libvirt/src/esx/esx_vi.c:1626:
alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
/libvirt/src/util/memory.c:129:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:129:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
/libvirt/src/esx/esx_vi.c:2006:
leaked_storage: Variable "objectSpec" going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK:
/libvirt/src/esx/esx_vi.c:1945:
alloc_arg: Calling allocation function "esxVI_PropertySpec_Alloc" on "propertySpec".
/libvirt/src/esx/esx_vi_types.generated.c:2693:
alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
/libvirt/src/esx/esx_vi.c:1626:
alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
/libvirt/src/util/memory.c:129:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:129:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
/libvirt/src/esx/esx_vi.c:2006:
leaked_storage: Variable "propertySpec" going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK:
/libvirt/src/nodeinfo.c:587:
alloc_fn: Calling allocation function "fopen".
/libvirt/src/nodeinfo.c:587:
var_assign: Assigning: "cpuinfo" = storage returned from "fopen("/proc/cpuinfo", "r")".
/libvirt/src/nodeinfo.c:596:
leaked_storage: Variable "cpuinfo" going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK:
/libvirt/src/esx/esx_vi.c:3913:
alloc_arg: Calling allocation function "esxVI_ObjectSpec_Alloc" on "objectSpec".
/libvirt/src/esx/esx_vi_types.generated.c:2065:
alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
/libvirt/src/esx/esx_vi.c:1626:
alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
/libvirt/src/util/memory.c:129:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:129:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
/libvirt/src/esx/esx_vi.c:4075:
leaked_storage: Variable "objectSpec" going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK:
/libvirt/src/esx/esx_vi.c:3920:
alloc_arg: Calling allocation function "esxVI_PropertySpec_Alloc" on "propertySpec".
/libvirt/src/esx/esx_vi_types.generated.c:2693:
alloc_arg: "esxVI_Alloc" allocates memory that is stored into "*ptrptr".
/libvirt/src/esx/esx_vi.c:1626:
alloc_arg: "virAllocN" allocates memory that is stored into "*ptrptr".
/libvirt/src/util/memory.c:129:
alloc_fn: Storage is returned from allocation function "calloc".
/libvirt/src/util/memory.c:129:
var_assign: Assigning: "*((void **)ptrptr)" = "calloc(count, size)".
/libvirt/src/esx/esx_vi.c:4075:
leaked_storage: Variable "propertySpec" going out of scope leaks the storage it points to.
Error: RESOURCE_LEAK:
/libvirt/daemon/libvirtd.c:200:
open_fn: Calling opening function "open".
/libvirt/daemon/libvirtd.c:200:
var_assign: Assigning: "stdinfd" = handle returned from "open("/dev/null", 0)".
/libvirt/daemon/libvirtd.c:204:
noescape: Variable "stdinfd" is not closed or saved in function "dup2".
/libvirt/daemon/libvirtd.c:221:
leaked_handle: Handle variable "stdinfd" going out of scope leaks the handle.
Error: RESOURCE_LEAK:
/libvirt/daemon/libvirtd.c:202:
open_fn: Calling opening function "open".
/libvirt/daemon/libvirtd.c:202:
var_assign: Assigning: "stdoutfd" = handle returned from "open("/dev/null", 1)".
/libvirt/daemon/libvirtd.c:206:
noescape: Variable "stdoutfd" is not closed or saved in function "dup2".
/libvirt/daemon/libvirtd.c:208:
noescape: Variable "stdoutfd" is not closed or saved in function "dup2".
/libvirt/daemon/libvirtd.c:221:
leaked_handle: Handle variable "stdoutfd" going out of scope leaks the handle.
Error: RETURN_LOCAL:
/libvirt/gnulib/lib/careadlinkat.c:101:
local_ptr_assign_local: Assigning: "buffer" = "stack_buf" (address of local variable "stack_buf").
/libvirt/gnulib/lib/careadlinkat.c:105:
local_ptr_assign_ptr: Assigning: "buf" = "buffer".
/libvirt/gnulib/lib/careadlinkat.c:152:
return_local_addr_alias: Returning pointer "buf" which points to local variable "stack_buf".
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1875:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1934:
check_after_deref: Dereferencing "machineName" before a null check.
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1875:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1934:
check_after_deref: Dereferencing "machineName" before a null check.
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1387:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1412:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1387:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1412:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1387:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1412:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1387:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1412:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1875:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1934:
check_after_deref: Dereferencing "machineName" before a null check.
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1387:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1412:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1875:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1934:
check_after_deref: Dereferencing "machineName" before a null check.
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1875:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1934:
check_after_deref: Dereferencing "machineName" before a null check.
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1875:
deref_ptr_in_call: Dereferencing pointer "machineName".
/libvirt/src/vbox/vbox_tmpl.c:1934:
check_after_deref: Dereferencing "machineName" before a null check.
Error: REVERSE_INULL:
/libvirt/src/vbox/vbox_tmpl.c:1387:
deref_ptr_in_call: Dereferencing pointer "machineNameUtf8".
/libvirt/src/vbox/vbox_tmpl.c:1412:
check_after_deref: Dereferencing "machineNameUtf8" before a null check.
Error: SECURE_TEMP:
/libvirt/src/secret/secret_driver.c:174:
secure_temp: Calling "mkstemp" without securely setting umask first.
Error: SECURE_TEMP:
/libvirt/src/qemu/qemu_driver.c:8368:
secure_temp: Calling "mkstemp" without securely setting umask first.
Error: SECURE_TEMP:
/libvirt/src/qemu/qemu_driver.c:3084:
secure_temp: Calling "mkstemp" without securely setting umask first.
Error: STRING_NULL:
/libvirt/src/util/uuid.c:272:
string_null_argument: Function "getDMISystemUUID" does not terminate string "*dmiuuid".
/libvirt/src/util/uuid.c:240:
string_null_argument: Function "saferead" fills array "*uuid" with a non-terminated string.
/libvirt/src/util/util.c:100:
string_null_argument: Function "read" fills array "*buf" with a non-terminated string.
/libvirt/src/util/uuid.c:273:
string_null: Passing unterminated string "dmiuuid" to a function expecting a null-terminated string.
/libvirt/src/util/uuid.c:137:
var_assign_parm: Assigning: "cur" = "uuidstr". They now point to the same thing.
/libvirt/src/util/uuid.c:163:
string_null_sink_loop: Searching for null termination in an unterminated array "cur".
Error: STRING_NULL:
/libvirt/src/node_device/node_device_linux_sysfs.c:80:
string_null_argument: Function "saferead" does not terminate string "*buf".
/libvirt/src/util/util.c:100:
string_null_argument: Function "read" fills array "*buf" with a non-terminated string.
/libvirt/src/node_device/node_device_linux_sysfs.c:87:
string_null: Passing unterminated string "buf" to a function expecting a null-terminated string.
Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:364:
tainted_data_return: Function "pciRead8" returns tainted data.
/libvirt/src/util/pci.c:228:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:214:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:100:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:229:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:364:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:373:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:374:
tainted_data: Passing tainted variable "pos" to a tainted sink.
/libvirt/src/util/pci.c:228:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:214:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
/libvirt/src/util/pci.c:381:
tainted_data: Passing tainted variable "pos + 1" to a tainted sink.
/libvirt/src/util/pci.c:228:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:214:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:373:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:374:
tainted_data: Passing tainted variable "pos" to a tainted sink.
/libvirt/src/util/pci.c:228:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:214:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
/libvirt/src/util/pci.c:381:
tainted_data_return: Function "pciRead8" returns tainted data.
/libvirt/src/util/pci.c:228:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:214:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:100:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:229:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:381:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:381:
tainted_data: Passing tainted variable "pos + 1" to a tainted sink.
/libvirt/src/util/pci.c:228:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:214:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:373:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:373:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:374:
tainted_data: Passing tainted variable "pos" to a tainted sink.
/libvirt/src/util/pci.c:228:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:214:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
/libvirt/src/util/pci.c:381:
tainted_data_return: Function "pciRead8" returns tainted data.
/libvirt/src/util/pci.c:228:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:214:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:100:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:229:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:381:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:381:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:442:
tainted_data_return: Function "pciFindCapabilityOffset" returns tainted data.
/libvirt/src/util/pci.c:381:
tainted_data_return: Function "pciRead8" returning tainted data.
/libvirt/src/util/pci.c:228:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:214:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:100:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:229:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:381:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:373:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:378:
return_tainted_data: Returning tainted variable "pos".
/libvirt/src/util/pci.c:442:
var_assign: Assigning: "pos" = "pciFindCapabilityOffset", which taints "pos".
/libvirt/src/util/pci.c:444:
tainted_data: Passing tainted variable "pos + 3" to a tainted sink.
/libvirt/src/util/pci.c:236:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:214:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:733:
tainted_data_return: Function "pciFindCapabilityOffset" returns tainted data.
/libvirt/src/util/pci.c:381:
tainted_data_return: Function "pciRead8" returning tainted data.
/libvirt/src/util/pci.c:228:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:214:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:100:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:229:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:381:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:373:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:378:
return_tainted_data: Returning tainted variable "pos".
/libvirt/src/util/pci.c:733:
var_assign: Assigning: "dev->pcie_cap_pos" = "pciFindCapabilityOffset", which taints "dev->pcie_cap_pos".
/libvirt/src/util/pci.c:735:
tainted_data: Passing tainted variable "dev->pcie_cap_pos" to a tainted sink.
/libvirt/src/util/pci.c:431:
tainted_data_sink_lv_call: Passing tainted variable "dev->pcie_cap_pos + 4U" to tainted data sink "pciRead32".
/libvirt/src/util/pci.c:244:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:214:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:734:
tainted_data_return: Function "pciFindCapabilityOffset" returns tainted data.
/libvirt/src/util/pci.c:381:
tainted_data_return: Function "pciRead8" returning tainted data.
/libvirt/src/util/pci.c:228:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:214:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:100:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:229:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:381:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:373:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:378:
return_tainted_data: Returning tainted variable "pos".
/libvirt/src/util/pci.c:734:
var_assign: Assigning: "dev->pci_pm_cap_pos" = "pciFindCapabilityOffset", which taints "dev->pci_pm_cap_pos".
/libvirt/src/util/pci.c:739:
tainted_data: Passing tainted variable "dev->pci_pm_cap_pos" to a tainted sink.
/libvirt/src/util/pci.c:486:
tainted_data_sink_lv_call: Passing tainted variable "dev->pci_pm_cap_pos + 4U" to tainted data sink "pciRead32".
/libvirt/src/util/pci.c:244:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:214:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:1635:
tainted_data_argument: Calling function "pciInitDevice" taints argument "dev->pcie_cap_pos".
/libvirt/src/util/pci.c:733:
tainted_data_return: "pciFindCapabilityOffset" returns tainted data.
/libvirt/src/util/pci.c:381:
tainted_data_return: Function "pciRead8" returning tainted data.
/libvirt/src/util/pci.c:228:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:214:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:100:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:229:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:381:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:373:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:378:
return_tainted_data: Returning tainted variable "pos".
/libvirt/src/util/pci.c:733:
parm_assign: Assigning: "dev->pcie_cap_pos" = "pciFindCapabilityOffset(dev, 16U)", which taints "dev->pcie_cap_pos".
/libvirt/src/util/pci.c:1638:
var_assign_var: Assigning: "pos" = "dev->pcie_cap_pos". Both are now tainted.
/libvirt/src/util/pci.c:1642:
tainted_data: Passing tainted variable "pos + 2U" to a tainted sink.
/libvirt/src/util/pci.c:236:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:214:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
Error: TAINTED_SCALAR:
/libvirt/src/util/pci.c:1693:
tainted_data_argument: Calling function "pciDeviceDownstreamLacksACS" taints argument "parent->pcie_cap_pos".
/libvirt/src/util/pci.c:1635:
tainted_data_argument: Calling function "pciInitDevice" taints parameter "dev->pcie_cap_pos".
/libvirt/src/util/pci.c:733:
tainted_data_return: "pciFindCapabilityOffset" returns tainted data.
/libvirt/src/util/pci.c:381:
tainted_data_return: Function "pciRead8" returning tainted data.
/libvirt/src/util/pci.c:228:
tainted_data_argument: Function "pciRead" taints argument "buf".
/libvirt/src/util/pci.c:214:
tainted_data_argument: Calling function "saferead" taints parameter "*buf".
/libvirt/src/util/util.c:100:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/util/pci.c:229:
return_tainted_data: Returning tainted variable "buf".
/libvirt/src/util/pci.c:381:
var_assign: Assigning: "pos" = "pciRead8", which taints "pos".
/libvirt/src/util/pci.c:373:
lower_bounds: Checking lower bounds of unsigned scalar "pos" by "pos >= 64".
/libvirt/src/util/pci.c:378:
return_tainted_data: Returning tainted variable "pos".
/libvirt/src/util/pci.c:733:
parm_assign: Assigning: "dev->pcie_cap_pos" = "pciFindCapabilityOffset(dev, 16U)", which taints "dev->pcie_cap_pos".
/libvirt/src/util/pci.c:1693:
tainted_data: Passing tainted variable "parent->pcie_cap_pos" to a tainted sink.
/libvirt/src/util/pci.c:1638:
var_assign_parm: Assigning: "pos" = "dev->pcie_cap_pos". "pos" is now tainted.
/libvirt/src/util/pci.c:1642:
tainted_data_sink_lv_call: Passing tainted variable "pos + 2U" to tainted data sink "pciRead16".
/libvirt/src/util/pci.c:236:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "pciRead".
/libvirt/src/util/pci.c:214:
tainted_data_sink_lv_call: Passing tainted variable "pos" to tainted data sink "lseek".
Error: TAINTED_SCALAR:
/libvirt/src/qemu/qemu_driver.c:3859:
tainted_data_argument: Calling function "saferead" taints argument "header".
/libvirt/src/util/util.c:100:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/qemu/qemu_driver.c:3917:
tainted_data: Passing tainted variable "header.xml_len" to a tainted sink.
/libvirt/src/util/util.c:99:
lower_bounds: Checking lower bounds of unsigned scalar "count" by "count > 0UL".
/libvirt/src/util/util.c:100:
tainted_data_sink_lv_call: Passing tainted variable "count" to tainted data sink "read".
Error: TAINTED_SCALAR:
/libvirt/src/qemu/qemu_driver.c:3859:
tainted_data_argument: Calling function "saferead" taints argument "header".
/libvirt/src/util/util.c:100:
tainted_data_argument: Calling function "read" taints parameter "*buf".
/libvirt/src/qemu/qemu_driver.c:3906:
lower_bounds: Checking lower bounds of unsigned scalar "header.xml_len" by "header.xml_len <= 0U".
/libvirt/src/qemu/qemu_driver.c:3912:
tainted_data: Passing tainted variable "header.xml_len" to a tainted sink.
/libvirt/src/util/memory.c:129:
tainted_data_sink_lv_call: Passing tainted variable "count" to tainted data sink "calloc".
Error: TAINTED_SCALAR:
/libvirt/src/uml/uml_driver.c:909:
tainted_data_argument: Calling function "recvfrom" taints argument "res".
/libvirt/src/uml/uml_driver.c:928:
tainted_data: Passing tainted variable "res.length" to a tainted sink.
Error: TAINTED_SCALAR:
/libvirt/src/uml/uml_driver.c:909:
tainted_data_argument: Calling function "recvfrom" taints argument "res".
/libvirt/src/uml/uml_driver.c:929:
var_assign_var: Compound assignment involving tainted variable "res.length - 1U" to variable "retlen" taints "retlen".
/libvirt/src/uml/uml_driver.c:930:
tainted_data: Using tainted variable "retlen" as an index to pointer "retdata".
Error: TAINTED_STRING:
/libvirt/src/util/virnetdevmacvlan.c:342:
tainted_string_argument: Call to "fscanf(file, "%d", &ifindex)" taints "ifindex".
/libvirt/src/util/virnetdevmacvlan.c:352:
vararg_transitive: Call to "snprintf" with tainted argument "ifindex" taints "tapname".
/libvirt/src/util/virnetdevmacvlan.c:362:
tainted_string: Passing tainted string "tapname" to a function that cannot accept tainted data.
Error: TAINTED_STRING:
/libvirt/gnulib/lib/localcharset.c:135:
tainted_string_return_content: "getenv" returns tainted string content.
/libvirt/gnulib/lib/localcharset.c:135:
var_assign: Assigning: "dir" = "getenv("CHARSETALIASDIR")", which taints "dir".
/libvirt/gnulib/lib/localcharset.c:147:
tainted_data_transitive: Call to function "memcpy" with tainted argument "dir" transitively taints "file_name".
/libvirt/gnulib/lib/localcharset.c:147:
tainted_data_transitive: Call to function "memcpy" with tainted argument "file_name" returns tainted data.
/libvirt/gnulib/lib/localcharset.c:168:
tainted_string: Passing tainted string "file_name" to a function that cannot accept tainted data.
Error: TAINTED_STRING:
/libvirt/tools/virsh.c:14270:
tainted_string_return_content: "editWriteToTempFile" returns tainted string content.
/libvirt/tools/virsh.c:13984:
tainted_string_return_content: Function "getenv" returning tainted string content.
/libvirt/tools/virsh.c:13984:
var_assign: Assigning: "tmpdir" = "getenv("TMPDIR")", which taints "tmpdir".
/libvirt/tools/virsh.c:13986:
vararg_transitive: Call to "snprintf" with tainted argument "tmpdir" taints "ret".
/libvirt/tools/virsh.c:14012:
return_tainted_string: Returning tainted string "ret".
/libvirt/tools/virsh.c:14270:
var_assign: Assigning: "tmp" = "editWriteToTempFile(ctl, doc)", which taints "tmp".
/libvirt/tools/virsh.c:14277:
tainted_string: Passing tainted string "tmp" to a function that cannot accept tainted data.
/libvirt/tools/virsh.c:14076:
tainted_string_sink_content_lv_call: Passing tainted string "filename" to "virFileReadAll", which depends on its content.
/libvirt/src/util/util.c:449:
tainted_string_sink_content_lv_call: Passing tainted string "path" to "open", which depends on its content.
/libvirt/tools/virsh.c:14322:
tainted_string: Passing tainted string "tmp" to a function that cannot accept tainted data.
Error: TAINTED_STRING:
/libvirt/src/util/iohelper.c:238:
var_assign_var: Assigning: "path" = "argv[1]". Both are now tainted.
/libvirt/src/util/iohelper.c:264:
tainted_string: Passing tainted string "path" to a function that cannot accept tainted data.
/libvirt/src/util/iohelper.c:52:
tainted_string_sink_content_lv_call: Passing tainted string "path" to "open", which depends on its content.
Error: TOCTOU:
/libvirt/src/util/util.c:1101:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/util/util.c:1126:
toctou: Calling function "mkdir" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: TOCTOU:
/libvirt/src/util/cgroup.c:546:
fs_check_call: Calling function "access" to perform check on "path".
/libvirt/src/util/cgroup.c:547:
toctou: Calling function "mkdir" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: TOCTOU:
/libvirt/src/storage/storage_backend.c:1016:
fs_check_call: Calling function "lstat" to perform check on "path".
/libvirt/src/storage/storage_backend.c:1031:
toctou: Calling function "open" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: TOCTOU:
/libvirt/src/qemu/qemu_driver.c:2318:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/qemu/qemu_driver.c:2332:
toctou: Calling function "open" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: TOCTOU:
/libvirt/src/util/util.c:799:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/util/util.c:804:
toctou: Calling function "chown" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
/libvirt/src/util/util.c:811:
toctou: Calling function "chmod" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: TOCTOU:
/libvirt/src/locking/lock_manager.c:144:
fs_check_call: Calling function "access" to perform check on "modfile".
/libvirt/src/locking/lock_manager.c:151:
toctou: Calling function "dlopen" that uses "modfile" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: TOCTOU:
/libvirt/tools/virsh.c:17834:
fs_check_call: Calling function "stat" to perform check on "ctl->logfile".
/libvirt/tools/virsh.c:17851:
toctou: Calling function "open" that uses "ctl->logfile" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: TOCTOU:
/libvirt/src/storage/storage_backend.c:583:
fs_check_call: Calling function "stat" to perform check on "vol->target.path".
/libvirt/src/storage/storage_backend.c:592:
toctou: Calling function "chown" that uses "vol->target.path" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: TOCTOU:
/libvirt/src/storage/storage_backend.c:572:
fs_check_call: Calling function "stat" to perform check on "vol->target.path".
/libvirt/src/storage/storage_backend.c:592:
toctou: Calling function "chown" that uses "vol->target.path" after a check function. This can cause a time-of-check, time-of-use race condition.
/libvirt/src/storage/storage_backend.c:599:
toctou: Calling function "chmod" that uses "vol->target.path" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: TOCTOU:
/libvirt/src/util/virpidfile.c:353:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/util/virpidfile.c:319:
toctou: Calling function "open" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: TOCTOU:
/libvirt/src/util/util.c:974:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/util/util.c:1020:
toctou: Calling function "mkdir" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: TOCTOU:
/libvirt/src/util/util.c:1031:
fs_check_call: Calling function "stat" to perform check on "path".
/libvirt/src/util/util.c:1037:
toctou: Calling function "chown" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
/libvirt/src/util/util.c:1044:
toctou: Calling function "chmod" that uses "path" after a check function. This can cause a time-of-check, time-of-use race condition.
Error: UNINIT:
/libvirt/src/util/command.c:154:
var_decl: Declaring variable "sig_action" without initializer.
/libvirt/src/util/command.c:234:
uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction".
Error: UNINIT:
/libvirt/tools/virsh.c:608:
var_decl: Declaring variable "sig_action" without initializer.
/libvirt/tools/virsh.c:614:
uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction".
Error: UNINIT:
/libvirt/tools/virsh.c:6429:
var_decl: Declaring variable "sig_action" without initializer.
/libvirt/tools/virsh.c:6446:
uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction".
Error: UNINIT:
/libvirt/src/rpc/virnetserver.c:283:
var_decl: Declaring variable "sig_action" without initializer.
/libvirt/src/rpc/virnetserver.c:297:
uninit_use_in_call: Using uninitialized value "sig_action": field "sig_action".sa_restorer is uninitialized when calling "sigaction".
Error: UNUSED_VALUE:
/libvirt/tools/virsh.c:8505:
returned_pointer: Pointer "br_node" returned by "virXPathNode("./bridge", ctxt)" is never used.
Error: UNUSED_VALUE:
/libvirt/tools/virsh.c:8510:
returned_pointer: Pointer "if_node" returned by "virXPathNode("./bridge/interface[2]", ctxt)" is never used.
More information about the libvir-list
mailing list