New Defects reported by Coverity Scan for libvirt
scan-admin at coverity.com
scan-admin at coverity.com
Sun Jan 24 08:51:27 UTC 2021
Hi,
Please find the latest report on new defect(s) introduced to libvirt found with Coverity Scan.
214 new defect(s) introduced to libvirt found with Coverity Scan.
21 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 214 defect(s)
** CID 309378: Insecure data handling (TAINTED_STRING)
________________________________________________________________________________________________________
*** CID 309378: Insecure data handling (TAINTED_STRING)
/tests/virnettlssessiontest.c: 489 in main()
483
484 testTLSCleanup(KEYFILE);
485
486 return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
487 }
488
>>> CID 309378: Insecure data handling (TAINTED_STRING)
>>> Passing tainted string "**argv" to "virTestMain", which cannot accept tainted data.
489 VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("virrandom"))
490
491 #else
492
493 int
494 main(void)
** CID 309377: Memory - corruptions (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 309377: Memory - corruptions (USE_AFTER_FREE)
/src/qemu/qemu_migration.c: 3268 in qemuMigrationSrcConfirm()
3262 phase = QEMU_MIGRATION_PHASE_CONFIRM3;
3263
3264 qemuMigrationJobStartPhase(driver, vm, phase);
3265 virCloseCallbacksUnset(driver->closeCallbacks, vm,
3266 qemuMigrationSrcCleanup);
3267
>>> CID 309377: Memory - corruptions (USE_AFTER_FREE)
>>> Calling "qemuMigrationSrcConfirmPhase" frees pointer "driver->config" which has already been freed.
3268 ret = qemuMigrationSrcConfirmPhase(driver, vm,
3269 cookiein, cookieinlen,
3270 flags, cancelled);
3271
3272 qemuMigrationJobFinish(driver, vm);
3273 if (!virDomainObjIsActive(vm)) {
** CID 309376: (USE_AFTER_FREE)
/src/util/virresctrl.c: 1944 in virResctrlAllocGetUnused()
/src/util/virresctrl.c: 1944 in virResctrlAllocGetUnused()
________________________________________________________________________________________________________
*** CID 309376: (USE_AFTER_FREE)
/src/util/virresctrl.c: 1944 in virResctrlAllocGetUnused()
1938 alloc = NULL;
1939 }
1940 if (rv < 0)
1941 goto error;
1942
1943 cleanup:
>>> CID 309376: (USE_AFTER_FREE)
>>> Passing freed pointer "alloc" as an argument to "virObjectUnref".
1944 virObjectUnref(alloc);
1945 return ret;
1946
1947 error:
1948 virObjectUnref(ret);
1949 ret = NULL;
/src/util/virresctrl.c: 1944 in virResctrlAllocGetUnused()
1938 alloc = NULL;
1939 }
1940 if (rv < 0)
1941 goto error;
1942
1943 cleanup:
>>> CID 309376: (USE_AFTER_FREE)
>>> Calling "virObjectUnref" frees pointer "alloc" which has already been freed.
1944 virObjectUnref(alloc);
1945 return ret;
1946
1947 error:
1948 virObjectUnref(ret);
1949 ret = NULL;
** CID 309375: Insecure data handling (TAINTED_SCALAR)
/src/util/virfile.c: 2326 in virFileOpenForked()
________________________________________________________________________________________________________
*** CID 309375: Insecure data handling (TAINTED_SCALAR)
/src/util/virfile.c: 2326 in virFileOpenForked()
2320 /* parent */
2321
2322 VIR_FORCE_CLOSE(pair[1]);
2323
2324 do {
2325 fd = virSocketRecvFD(pair[0], 0);
>>> CID 309375: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "fd" as a loop boundary.
2326 } while (fd < 0 && errno == EINTR);
2327 VIR_FORCE_CLOSE(pair[0]); /* NB: this preserves errno */
2328 if (fd < 0)
2329 recvfd_errno = errno;
2330
2331 if (virProcessWait(pid, &status, 0) < 0) {
** CID 309374: Resource leaks (RESOURCE_LEAK)
/src/qemu/qemu_domain.c: 7962 in qemuDomainUpdateDeviceList()
________________________________________________________________________________________________________
*** CID 309374: Resource leaks (RESOURCE_LEAK)
/src/qemu/qemu_domain.c: 7962 in qemuDomainUpdateDeviceList()
7956 int rc;
7957
7958 if (qemuDomainObjEnterMonitorAsync(driver, vm, asyncJob) < 0)
7959 return -1;
7960 rc = qemuMonitorGetDeviceAliases(priv->mon, &aliases);
7961 if (qemuDomainObjExitMonitor(driver, vm) < 0)
>>> CID 309374: Resource leaks (RESOURCE_LEAK)
>>> Variable "aliases" going out of scope leaks the storage it points to.
7962 return -1;
7963 if (rc < 0)
7964 return -1;
7965
7966 g_strfreev(priv->qemuDevices);
7967 priv->qemuDevices = aliases;
** CID 309373: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 309373: Null pointer dereferences (FORWARD_NULL)
/src/qemu/qemu_agent.c: 2294 in qemuAgentGetInterfaces()
2288 if (!(cmd = qemuAgentMakeCommand("guest-network-get-interfaces", NULL)))
2289 return -1;
2290
2291 if (qemuAgentCommand(agent, cmd, &reply, agent->timeout) < 0)
2292 return -1;
2293
>>> CID 309373: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "reply" to "virJSONValueObjectGetArray", which dereferences it.
2294 if (!(ret_array = virJSONValueObjectGetArray(reply, "return"))) {
2295 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
2296 _("qemu agent didn't return an array of interfaces"));
2297 return -1;
2298 }
2299
** CID 309372: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 309372: Null pointer dereferences (FORWARD_NULL)
/src/qemu/qemu_agent.c: 1290 in qemuAgentFSFreeze()
1284 if (!cmd)
1285 goto cleanup;
1286
1287 if (qemuAgentCommand(agent, cmd, &reply, agent->timeout) < 0)
1288 goto cleanup;
1289
>>> CID 309372: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "reply" to "virJSONValueObjectGetNumberInt", which dereferences it.
1290 if (virJSONValueObjectGetNumberInt(reply, "return", &ret) < 0) {
1291 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
1292 _("malformed return value"));
1293 }
1294
1295 cleanup:
** CID 309371: (USE_AFTER_FREE)
/src/qemu/qemu_domain.c: 5749 in qemuDomainObjExitMonitorInternal()
/src/qemu/qemu_domain.c: 5752 in qemuDomainObjExitMonitorInternal()
________________________________________________________________________________________________________
*** CID 309371: (USE_AFTER_FREE)
/src/qemu/qemu_domain.c: 5749 in qemuDomainObjExitMonitorInternal()
5743
5744 qemuMonitorWatchDispose();
5745 virObjectUnref(priv->mon);
5746
5747 hasRefs = !qemuMonitorWasDisposed();
5748 if (hasRefs)
>>> CID 309371: (USE_AFTER_FREE)
>>> Calling "virObjectUnlock" dereferences freed pointer "priv->mon". (The dereference is assumed on the basis of the "nonnull" parameter attribute.)
5749 virObjectUnlock(priv->mon);
5750
5751 virObjectLock(obj);
5752 VIR_DEBUG("Exited monitor (mon=%p vm=%p name=%s)",
5753 priv->mon, obj, obj->def->name);
5754
/src/qemu/qemu_domain.c: 5752 in qemuDomainObjExitMonitorInternal()
5746
5747 hasRefs = !qemuMonitorWasDisposed();
5748 if (hasRefs)
5749 virObjectUnlock(priv->mon);
5750
5751 virObjectLock(obj);
>>> CID 309371: (USE_AFTER_FREE)
>>> Passing freed pointer "priv->mon" as an argument to "virLogMessage".
5752 VIR_DEBUG("Exited monitor (mon=%p vm=%p name=%s)",
5753 priv->mon, obj, obj->def->name);
5754
5755 priv->monStart = 0;
5756 if (!hasRefs)
5757 priv->mon = NULL;
** CID 309370: (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 309370: (USE_AFTER_FREE)
/src/qemu/qemu_hotplug.c: 646 in qemuDomainChangeEjectableMedia()
640 goto cleanup;
641
642 if (qemuHotplugAttachManagedPR(driver, vm, newsrc, QEMU_ASYNC_JOB_NONE) < 0)
643 goto cleanup;
644
645 if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKDEV))
>>> CID 309370: (USE_AFTER_FREE)
>>> Calling "qemuDomainChangeMediaBlockdev" dereferences freed pointer "driver->config".
646 rc = qemuDomainChangeMediaBlockdev(driver, vm, disk, oldsrc, newsrc, force);
647 else
648 rc = qemuDomainChangeMediaLegacy(driver, vm, disk, newsrc, force);
649
650 virDomainAuditDisk(vm, oldsrc, newsrc, "update", rc >= 0);
651
/src/qemu/qemu_hotplug.c: 648 in qemuDomainChangeEjectableMedia()
642 if (qemuHotplugAttachManagedPR(driver, vm, newsrc, QEMU_ASYNC_JOB_NONE) < 0)
643 goto cleanup;
644
645 if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKDEV))
646 rc = qemuDomainChangeMediaBlockdev(driver, vm, disk, oldsrc, newsrc, force);
647 else
>>> CID 309370: (USE_AFTER_FREE)
>>> Calling "qemuDomainChangeMediaLegacy" dereferences freed pointer "driver->config".
648 rc = qemuDomainChangeMediaLegacy(driver, vm, disk, newsrc, force);
649
650 virDomainAuditDisk(vm, oldsrc, newsrc, "update", rc >= 0);
651
652 if (rc < 0)
653 goto cleanup;
/src/qemu/qemu_hotplug.c: 646 in qemuDomainChangeEjectableMedia()
640 goto cleanup;
641
642 if (qemuHotplugAttachManagedPR(driver, vm, newsrc, QEMU_ASYNC_JOB_NONE) < 0)
643 goto cleanup;
644
645 if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKDEV))
>>> CID 309370: (USE_AFTER_FREE)
>>> Calling "qemuDomainChangeMediaBlockdev" dereferences freed pointer "driver->config".
646 rc = qemuDomainChangeMediaBlockdev(driver, vm, disk, oldsrc, newsrc, force);
647 else
648 rc = qemuDomainChangeMediaLegacy(driver, vm, disk, newsrc, force);
649
650 virDomainAuditDisk(vm, oldsrc, newsrc, "update", rc >= 0);
651
/src/qemu/qemu_hotplug.c: 648 in qemuDomainChangeEjectableMedia()
642 if (qemuHotplugAttachManagedPR(driver, vm, newsrc, QEMU_ASYNC_JOB_NONE) < 0)
643 goto cleanup;
644
645 if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKDEV))
646 rc = qemuDomainChangeMediaBlockdev(driver, vm, disk, oldsrc, newsrc, force);
647 else
>>> CID 309370: (USE_AFTER_FREE)
>>> Calling "qemuDomainChangeMediaLegacy" dereferences freed pointer "driver->config".
648 rc = qemuDomainChangeMediaLegacy(driver, vm, disk, newsrc, force);
649
650 virDomainAuditDisk(vm, oldsrc, newsrc, "update", rc >= 0);
651
652 if (rc < 0)
653 goto cleanup;
/src/qemu/qemu_hotplug.c: 678 in qemuDomainChangeEjectableMedia()
672
673 ignore_value(qemuDomainStorageSourceChainAccessRevoke(driver, vm, newsrc));
674 }
675
676 /* remove PR manager object if unneeded */
677 if (managedpr)
>>> CID 309370: (USE_AFTER_FREE)
>>> Calling "qemuHotplugRemoveManagedPR" dereferences freed pointer "driver->config".
678 ignore_value(qemuHotplugRemoveManagedPR(driver, vm, QEMU_ASYNC_JOB_NONE));
679
680 /* revert old image do the disk definition */
681 if (oldsrc)
682 disk->src = oldsrc;
683
/src/qemu/qemu_hotplug.c: 678 in qemuDomainChangeEjectableMedia()
672
673 ignore_value(qemuDomainStorageSourceChainAccessRevoke(driver, vm, newsrc));
674 }
675
676 /* remove PR manager object if unneeded */
677 if (managedpr)
>>> CID 309370: (USE_AFTER_FREE)
>>> Calling "qemuHotplugRemoveManagedPR" dereferences freed pointer "driver->config".
678 ignore_value(qemuHotplugRemoveManagedPR(driver, vm, QEMU_ASYNC_JOB_NONE));
679
680 /* revert old image do the disk definition */
681 if (oldsrc)
682 disk->src = oldsrc;
683
/src/qemu/qemu_hotplug.c: 639 in qemuDomainChangeEjectableMedia()
633 if (qemuDomainDetermineDiskChain(driver, vm, disk, NULL, true) < 0)
634 goto cleanup;
635
636 if (qemuDomainPrepareDiskSource(disk, priv, cfg) < 0)
637 goto cleanup;
638
>>> CID 309370: (USE_AFTER_FREE)
>>> Calling "qemuDomainStorageSourceChainAccessAllow" frees pointer "driver->config" which has already been freed.
639 if (qemuDomainStorageSourceChainAccessAllow(driver, vm, newsrc) < 0)
640 goto cleanup;
641
642 if (qemuHotplugAttachManagedPR(driver, vm, newsrc, QEMU_ASYNC_JOB_NONE) < 0)
643 goto cleanup;
644
/src/qemu/qemu_hotplug.c: 673 in qemuDomainChangeEjectableMedia()
667 cleanup:
668 /* undo changes to the new disk */
669 if (ret < 0) {
670 if (sharedAdded)
671 ignore_value(qemuRemoveSharedDisk(driver, disk, vm->def->name));
672
>>> CID 309370: (USE_AFTER_FREE)
>>> Calling "qemuDomainStorageSourceChainAccessRevoke" frees pointer "driver->config" which has already been freed.
673 ignore_value(qemuDomainStorageSourceChainAccessRevoke(driver, vm, newsrc));
674 }
675
676 /* remove PR manager object if unneeded */
677 if (managedpr)
678 ignore_value(qemuHotplugRemoveManagedPR(driver, vm, QEMU_ASYNC_JOB_NONE));
/src/qemu/qemu_hotplug.c: 673 in qemuDomainChangeEjectableMedia()
667 cleanup:
668 /* undo changes to the new disk */
669 if (ret < 0) {
670 if (sharedAdded)
671 ignore_value(qemuRemoveSharedDisk(driver, disk, vm->def->name));
672
>>> CID 309370: (USE_AFTER_FREE)
>>> Calling "qemuDomainStorageSourceChainAccessRevoke" frees pointer "driver->config" which has already been freed.
673 ignore_value(qemuDomainStorageSourceChainAccessRevoke(driver, vm, newsrc));
674 }
675
676 /* remove PR manager object if unneeded */
677 if (managedpr)
678 ignore_value(qemuHotplugRemoveManagedPR(driver, vm, QEMU_ASYNC_JOB_NONE));
** CID 309369: Insecure data handling (TAINTED_STRING)
________________________________________________________________________________________________________
*** CID 309369: Insecure data handling (TAINTED_STRING)
/tests/esxutilstest.c: 264 in main()
258 DO_TEST(EscapeDatastoreItem);
259 DO_TEST(ConvertWindows1252ToUTF8);
260
261 return result == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
262 }
263
>>> CID 309369: Insecure data handling (TAINTED_STRING)
>>> Passing tainted string "**argv" to "virTestMain", which cannot accept tainted data.
264 VIR_TEST_MAIN(mymain)
265
266 #else
267
268 int main(void)
269 {
270 return EXIT_AM_SKIP;
271 }
272
** CID 309368: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 309368: Null pointer dereferences (FORWARD_NULL)
/src/qemu/qemu_agent.c: 1746 in qemuAgentGetTime()
1740 if (!cmd)
1741 return ret;
1742
1743 if (qemuAgentCommand(agent, cmd, &reply, agent->timeout) < 0)
1744 goto cleanup;
1745
>>> CID 309368: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "reply" to "virJSONValueObjectGetNumberUlong", which dereferences it.
1746 if (virJSONValueObjectGetNumberUlong(reply, "return", &json_time) < 0) {
1747 virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
1748 _("malformed return value"));
1749 goto cleanup;
1750 }
1751
** CID 309367: Memory - corruptions (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 309367: Memory - corruptions (USE_AFTER_FREE)
/src/storage/storage_driver.c: 917 in storagePoolUndefine()
911 VIR_INFO("Undefining storage pool '%s'", def->name);
912 virStoragePoolObjRemove(driver->pools, obj);
913 ret = 0;
914
915 cleanup:
916 virObjectEventStateQueue(driver->storageEventState, event);
>>> CID 309367: Memory - corruptions (USE_AFTER_FREE)
>>> Calling "virStoragePoolObjEndAPI" frees pointer "obj" which has already been freed.
917 virStoragePoolObjEndAPI(&obj);
918 return ret;
919 }
920
921 static int
922 storagePoolCreate(virStoragePoolPtr pool,
** CID 309366: Insecure data handling (TAINTED_STRING)
________________________________________________________________________________________________________
*** CID 309366: Insecure data handling (TAINTED_STRING)
/tests/metadatatest.c: 318 in main()
312 virDomainFree(test.dom);
313 virConnectClose(test.conn);
314
315 return ret;
316 }
317
>>> CID 309366: Insecure data handling (TAINTED_STRING)
>>> Passing tainted string "**argv" to "virTestMain", which cannot accept tainted data.
** CID 309365: Insecure data handling (TAINTED_STRING)
________________________________________________________________________________________________________
*** CID 309365: Insecure data handling (TAINTED_STRING)
/tests/domaincapstest.c: 482 in main()
476 #endif /* WITH_BHYVE */
477
478 return ret;
479 }
480
481 #if WITH_QEMU
>>> CID 309365: Insecure data handling (TAINTED_STRING)
>>> Passing tainted string "**argv" to "virTestMain", which cannot accept tainted data.
482 VIR_TEST_MAIN_PRELOAD(mymain,
483 VIR_TEST_MOCK("domaincaps"),
484 VIR_TEST_MOCK("qemucpu"))
485 #else
486 VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("domaincaps"))
** CID 309264: (USE_AFTER_FREE)
/build/src/remote/remote_client_bodies.h: 4098 in remoteDomainOpenChannel()
/build/src/remote/remote_client_bodies.h: 4098 in remoteDomainOpenChannel()
________________________________________________________________________________________________________
*** CID 309264: (USE_AFTER_FREE)
/build/src/remote/remote_client_bodies.h: 4098 in remoteDomainOpenChannel()
4092 args.flags = flags;
4093
4094 if (call(dom->conn, priv, 0, REMOTE_PROC_DOMAIN_OPEN_CHANNEL,
4095 (xdrproc_t)xdr_remote_domain_open_channel_args, (char *)&args,
4096 (xdrproc_t)xdr_void, (char *)NULL) == -1) {
4097 virNetClientRemoveStream(priv->client, netst);
>>> CID 309264: (USE_AFTER_FREE)
>>> Passing freed pointer "netst" as an argument to "virObjectUnref".
4098 virObjectUnref(netst);
4099 st->driver = NULL;
4100 st->privateData = NULL;
4101 goto done;
4102 }
4103
/build/src/remote/remote_client_bodies.h: 4098 in remoteDomainOpenChannel()
4092 args.flags = flags;
4093
4094 if (call(dom->conn, priv, 0, REMOTE_PROC_DOMAIN_OPEN_CHANNEL,
4095 (xdrproc_t)xdr_remote_domain_open_channel_args, (char *)&args,
4096 (xdrproc_t)xdr_void, (char *)NULL) == -1) {
4097 virNetClientRemoveStream(priv->client, netst);
>>> CID 309264: (USE_AFTER_FREE)
>>> Calling "virObjectUnref" frees pointer "netst" which has already been freed.
4098 virObjectUnref(netst);
4099 st->driver = NULL;
4100 st->privateData = NULL;
4101 goto done;
4102 }
4103
** CID 309263: (TAINTED_SCALAR)
/src/util/virpci.c: 556 in virPCIDeviceFindCapabilityOffset()
/src/util/virpci.c: 556 in virPCIDeviceFindCapabilityOffset()
________________________________________________________________________________________________________
*** CID 309263: (TAINTED_SCALAR)
/src/util/virpci.c: 556 in virPCIDeviceFindCapabilityOffset()
550 * be in the config space header and 0xff is returned
551 * by the kernel if we don't have access to this region
552 *
553 * Note: we're not handling loops or extended
554 * capabilities here.
555 */
>>> CID 309263: (TAINTED_SCALAR)
>>> Using tainted variable "pos" as a loop boundary.
556 while (pos >= PCI_CONF_HEADER_LEN && pos != 0xff) {
557 uint8_t capid = virPCIDeviceRead8(dev, cfgfd, pos);
558 if (errno != 0)
559 goto error;
560
561 if (capid == capability) {
/src/util/virpci.c: 556 in virPCIDeviceFindCapabilityOffset()
550 * be in the config space header and 0xff is returned
551 * by the kernel if we don't have access to this region
552 *
553 * Note: we're not handling loops or extended
554 * capabilities here.
555 */
>>> CID 309263: (TAINTED_SCALAR)
>>> Using tainted variable "pos" as a loop boundary.
556 while (pos >= PCI_CONF_HEADER_LEN && pos != 0xff) {
557 uint8_t capid = virPCIDeviceRead8(dev, cfgfd, pos);
558 if (errno != 0)
559 goto error;
560
561 if (capid == capability) {
** CID 309262: Insecure data handling (TAINTED_STRING)
________________________________________________________________________________________________________
*** CID 309262: Insecure data handling (TAINTED_STRING)
/tests/virhostcputest.c: 326 in main()
320 DO_TEST_CPU_STATS("24cpu", 24, false);
321 DO_TEST_CPU_STATS("24cpu", 25, true);
322
323 return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
324 }
325
>>> CID 309262: Insecure data handling (TAINTED_STRING)
>>> Passing tainted string "**argv" to "virTestMain", which cannot accept tainted data.
326 VIR_TEST_MAIN_PRELOAD(mymain, VIR_TEST_MOCK("virhostcpu"))
327
** CID 309261: Insecure data handling (TAINTED_STRING)
________________________________________________________________________________________________________
*** CID 309261: Insecure data handling (TAINTED_STRING)
/tests/qemuvhostusertest.c: 129 in main()
123 virFileWrapperClearPrefixes();
124
125 return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
126 }
127
128
>>> CID 309261: Insecure data handling (TAINTED_STRING)
>>> Passing tainted string "**argv" to "virTestMain", which cannot accept tainted data.
** CID 309260: (USE_AFTER_FREE)
/src/remote/remote_driver.c: 1325 in doRemoteClose()
/src/remote/remote_driver.c: 1325 in doRemoteClose()
________________________________________________________________________________________________________
*** CID 309260: (USE_AFTER_FREE)
/src/remote/remote_driver.c: 1325 in doRemoteClose()
1319
1320 virNetClientSetCloseCallback(priv->client,
1321 NULL,
1322 priv->closeCallback, virObjectFreeCallback);
1323
1324 virNetClientClose(priv->client);
>>> CID 309260: (USE_AFTER_FREE)
>>> Passing freed pointer "priv->client" as an argument to "virObjectUnref".
1325 virObjectUnref(priv->client);
1326 priv->client = NULL;
1327 virObjectUnref(priv->closeCallback);
1328 priv->closeCallback = NULL;
1329 virObjectUnref(priv->remoteProgram);
1330 virObjectUnref(priv->lxcProgram);
/src/remote/remote_driver.c: 1325 in doRemoteClose()
1319
1320 virNetClientSetCloseCallback(priv->client,
1321 NULL,
1322 priv->closeCallback, virObjectFreeCallback);
1323
1324 virNetClientClose(priv->client);
>>> CID 309260: (USE_AFTER_FREE)
>>> Calling "virObjectUnref" frees pointer "priv->client" which has already been freed.
1325 virObjectUnref(priv->client);
1326 priv->client = NULL;
1327 virObjectUnref(priv->closeCallback);
1328 priv->closeCallback = NULL;
1329 virObjectUnref(priv->remoteProgram);
1330 virObjectUnref(priv->lxcProgram);
** CID 309259: Memory - corruptions (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 309259: Memory - corruptions (USE_AFTER_FREE)
/src/test/test_driver.c: 5513 in testNetworkDestroy()
5507 virNetworkObjRemoveInactive(privconn->networks, obj);
5508
5509 ret = 0;
5510
5511 cleanup:
5512 virObjectEventStateQueue(privconn->eventState, event);
>>> CID 309259: Memory - corruptions (USE_AFTER_FREE)
>>> Calling "virNetworkObjEndAPI" frees pointer "obj" which has already been freed.
5513 virNetworkObjEndAPI(&obj);
5514 return ret;
5515 }
5516
5517
5518 static char *
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yqXyKjvBooc6PgQklkMPQjdETL0zD-2BwwS2MT3CUz0PGk4uLnDSo8-2B2mZ3lSeSytwjA-3DdGVs_CkO38-2FnXVYPAlDbR1ZxdHNqvqoSWeUuqu9763V-2FVMwzIjlNYW-2FUa-2FHGZ-2BA0Tr5KLB-2B0K-2F7ZuPs44oyYQe8-2FP4o5eYXUe7L4cSnQuATPQ6p50cbg3I4fMMgZxxFzeuWTik3V5RMiXWZ4gTmTzs3xM5Zdp5Fata4RbhaQSa0pJsoy-2Fj-2Fz1YWTKIOWMgX8iS-2FDKjP3CXgSYVH0EO9P-2FEl7MvyWGeEKijUeSM9FdDBNAbtc-3D
More information about the Libvirt-ci
mailing list