[libvirt] [PATCH 3/8] virstoragefile: Resolve Coverity DEADCODE

John Ferlan jferlan at redhat.com
Mon Sep 15 13:23:56 UTC 2014 


On 09/15/2014 04:42 AM, Peter Krempa wrote:
> On 09/13/14 15:27, John Ferlan wrote:
>> Coverity complains that the condition "size + 1 == 0" cannot happen.
>> It's already been determined that offset+size is not larger than
>> buf_size (and buf_size is smaller than UINT_MAX); and also that
> 
> buff_size smaller than UINT_MAX isn't guaranteed in this function.
> Although it will probably never happen the size is declared as size_t
> and thus equal size to unsigned long long on 64 bit machines.
> 
>> offset+size didn't overflow.
>>
>> So just remove the check
>>
>> Signed-off-by: John Ferlan <jferlan at redhat.com>
>> ---
>>  src/util/virstoragefile.c | 2 --
>>  1 file changed, 2 deletions(-)
>>
>> diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c
>> index 5db9184..1a02b18 100644
>> --- a/src/util/virstoragefile.c
>> +++ b/src/util/virstoragefile.c
>> @@ -393,8 +393,6 @@ qcowXGetBackingStore(char **res,
>>      }
>>      if (offset + size > buf_size || offset + size < offset)
> 
> If size is UINT_MAX, then when you add it to offset, which is a small
> number, then you get something between UINT_MAX and ULLONG_MAX which is
> still in range of buf_size as it's a size_t.
> 
>>          return BACKING_STORE_INVALID;
>> -    if (size + 1 == 0)
>> -        return BACKING_STORE_INVALID;
> 
> So you may have this condition theoretically true, while the check above
> doesn't catch it.
> 

My previous change was :

+    if (size == UINT_MAX)
         return BACKING_STORE_INVALID;

But it was pointed out by eblake:

"
Is this dead code?  After all, we just checked that offset+size is not
larger than buf_size (and buf_size is smaller than UINT_MAX); and also
that offset+size didn't overflow.

"

Would it be better to use the original change instead?  Just trying to
get past Coverity issue on this...


BTW: The remainder of this w/r/t matching spec seems to be outside the
scope of the Coverity DEADCODE, but if you have a patch I'm more than
willing to look at it ;-) This code is shared with qcow1GetBackingStore
and it's not like it's a recent change, so I'm hesitant to change it...


John

>>      if (VIR_ALLOC_N(*res, size + 1) < 0)
>>          return BACKING_STORE_ERROR;
>>      memcpy(*res, buf + offset, size);
>>
> 
> 
> Also I've looked on the specs of the qcow2 header format and it seems
> that we don't do exactly the right thing here. To determine that the
> qcow2 image doesn't have a backing store we sholuld use the offset
> rather than size:
> 
>   8 - 15:   backing_file_offset
>         Offset into the image file at which the backing file name
>         is stored (NB: The string is not null terminated). 0 if the
>         image doesn't have a backing file.
> 
>   16 - 19:   backing_file_size
>         Length of the backing file name in bytes. Must not be
>         longer than 1023 bytes. Undefined if the image doesn't have
>         a backing file.
> 
> Also we probably should make sure that the backing file size is less
> than 1024 bytes.
> 
> While I agree that the check is dead code, as we call this function with
> buf_size with a reasonably low value, we probably should improve the
> backing file detection code to match the specs.
> 
> Peter
>

More information about the libvir-list mailing list