[libvirt] [PATCH 8/8] daemon: Resolve Coverity FORWARD_NULL
Martin Kletzander
mkletzan at redhat.com
Mon Sep 15 12:15:13 UTC 2014
On Mon, Sep 15, 2014 at 07:49:09AM -0400, John Ferlan wrote:
>On 09/15/2014 04:36 AM, Martin Kletzander wrote:
>> On Sat, Sep 13, 2014 at 09:27:45AM -0400, John Ferlan wrote:
>>> Coverity complains that the comparison:
>>>
>>> if (nfds && nfds > ((int)!!sock_path + (int)!!sock_path_ro))
>>>
>>> could mean 'sock_path' is NULL. Later in virNetSocketNewListenUNIX
>>> there's a direct dereference of path in the error path:
>>>
>>> if (path[0] != '@')
>>>
>>> A bit of sleuthing proves that upon entry to daemonSetupNetworking
>>> there is no way for 'sock_path' to be NULL since daemonUnixSocketPaths
>>> will set up 'sock_file' (although it may not set up 'sock_file_ro')
>>> in all 3 paths.
>>>
>>> So to keep Coverity quiet - add an sa_assert prior to the call.
>>>
>>> Signed-off-by: John Ferlan <jferlan at redhat.com>
>>> ---
>>> daemon/libvirtd.c | 1 +
>>> 1 file changed, 1 insertion(+)
>>>
>>> diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
>>> index 05ee50e..028145e 100644
>>> --- a/daemon/libvirtd.c
>>> +++ b/daemon/libvirtd.c
>>> @@ -502,6 +502,7 @@ static int daemonSetupNetworking(virNetServerPtr srv,
>>> return -1;
>>> }
>>>
>>> + sa_assert(sock_path);
>>> if (nfds && nfds > ((int)!!sock_path + (int)!!sock_path_ro)) {
>>
>> Well, if sock_path cannot be NULL, then why not change it to:
>>
>> if (nfds > (1 + !!sock_path_ro)) {
>>
>> or something like that?
>
>Sure, but while I ensured that "today" - who's to say tomorrow someone
>doesn't make a change in the future that alters that assumption? Just
>removing "sock_path" still "hides" the fact that someone could
>incorrectly pass a NULL sock_path here. At least the sa_assert() will
>cover that.
>
>The "real" reason Coverity complains is because sock_path is eventually
>dereferenced elsewhere without first checking if it's NULL, but Coverity
>believes this code is check for it being NULL. It's a double edged sword.
>
Well, then that sa_assert() would make sense being there (where the
dereference happens) or having a check only for that in some
meaningful place. But I believe we're trying to solve a completely
different problem. I was just stupid when I wrote the code :)
>Another "option" would be to adjust the code in that place to ensure
>path is valid before dereferencing. Of course, knowing that there is
>another change pending in this area that I reviewed and that it also
>makes the same deref, I think not using sa_assert here would be the gift
>that keeps on giving with respect to Coverity complaints.
>
But having it where you proposed it doesn't really make sense to me
(or is not visible at first).
>So, how about the following instead (for equally challenging ternary
>operations):
>
>$ git diff
>diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
>index 893aacf..5b8f28e 100644
>--- a/daemon/libvirtd.c
>+++ b/daemon/libvirtd.c
>@@ -442,12 +442,13 @@ static void daemonInitialize(void)
> }
>
>
>-static int daemonSetupNetworking(virNetServerPtr srv,
>- struct daemonConfig *config,
>- const char *sock_path,
>- const char *sock_path_ro,
>- bool ipsock,
>- bool privileged)
>+static int ATTRIBUTE_NONNULL(3)
>+daemonSetupNetworking(virNetServerPtr srv,
>+ struct daemonConfig *config,
>+ const char *sock_path,
>+ const char *sock_path_ro,
>+ bool ipsock,
>+ bool privileged)
> {
> virNetServerServicePtr svc = NULL;
> virNetServerServicePtr svcRO = NULL;
>@@ -467,8 +468,7 @@ static int daemonSetupNetworking(virNetServerPtr srv,
> return -1;
> }
>
>- sa_assert(sock_path);
>- if (nfds && nfds > ((int)!!sock_path + (int)!!sock_path_ro)) {
>+ if (nfds && nfds > (sock_path_ro ? 2 : 1)) {
> VIR_ERROR(_("Too many (%u) FDs passed from caller"), nfds);
> return -1;
> }
>
Yes, and you can remove the "nfds &&" I believe (I have no idea why I
used it there). ACK with this squashed in.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140915/0cd331f0/attachment-0001.sig>
More information about the libvir-list
mailing list