qcow2: Silence covscan for g_realloc() result

Message ID	1403027874-27274-1-git-send-email-mreitz@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Max Reitz <mreitz@redhat.com> To: qemu-devel@nongnu.org Date: Tue, 17 Jun 2014 19:57:54 +0200 Message-Id: <1403027874-27274-1-git-send-email-mreitz@redhat.com> Cc: Kevin Wolf <kwolf@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>, Max Reitz <mreitz@redhat.com> Subject: [Qemu-devel] [PATCH] qcow2: Silence covscan for g_realloc() result Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1403027874-27274-1-git-send-email-mreitz@redhat.com

State

New

Headers

From: Max Reitz <mreitz@redhat.com>
To: qemu-devel@nongnu.org
Date: Tue, 17 Jun 2014 19:57:54 +0200
Message-Id: <1403027874-27274-1-git-send-email-mreitz@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>,
	Max Reitz <mreitz@redhat.com>
Subject: [Qemu-devel] [PATCH] qcow2: Silence covscan for g_realloc() result
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Max Reitz June 17, 2014, 5:57 p.m. UTC

g_realloc() returns NULL iff zero bytes are requested. Covscan therefore
reports a possible NULL pointer dereference, however, this is not
applicable here, as nb_clusters is guaranteed to be non-zero.

In order to (hopefully) silence covscan, assert that the result of
g_realloc() is truly non-NULL.

Signed-off-by: Max Reitz <mreitz@redhat.com>
---
See https://bugzilla.redhat.com/show_bug.cgi?id=1102409 for covscan's
output.
---
 block/qcow2-refcount.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Paolo Bonzini June 17, 2014, 6:39 p.m. UTC | #1

Il 17/06/2014 19:57, Max Reitz ha scritto:
> g_realloc() returns NULL iff zero bytes are requested. Covscan therefore
> reports a possible NULL pointer dereference, however, this is not
> applicable here, as nb_clusters is guaranteed to be non-zero.
>
> In order to (hopefully) silence covscan, assert that the result of
> g_realloc() is truly non-NULL.
>
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> ---
> See https://bugzilla.redhat.com/show_bug.cgi?id=1102409 for covscan's
> output.
> ---
>  block/qcow2-refcount.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
> index 9507aef..4b81077 100644
> --- a/block/qcow2-refcount.c
> +++ b/block/qcow2-refcount.c
> @@ -1579,6 +1579,7 @@ int qcow2_check_refcounts(BlockDriverState *bs, BdrvCheckResult *res,
>                          nb_clusters = (new_offset >> s->cluster_bits) + 1;
>                          refcount_table = g_realloc(refcount_table,
>                                  nb_clusters * sizeof(uint16_t));
> +                        assert(refcount_table);
>                          memset(&refcount_table[old_nb_clusters], 0, (nb_clusters
>                                  - old_nb_clusters) * sizeof(uint16_t));
>                      }
> --

Please use a model like scripts/coverity-model.c to silence this and 
other errors.

Paolo

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 9507aef..4b81077 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -1579,6 +1579,7 @@  int qcow2_check_refcounts(BlockDriverState *bs, BdrvCheckResult *res,
                         nb_clusters = (new_offset >> s->cluster_bits) + 1;
                         refcount_table = g_realloc(refcount_table,
                                 nb_clusters * sizeof(uint16_t));
+                        assert(refcount_table);
                         memset(&refcount_table[old_nb_clusters], 0, (nb_clusters
                                 - old_nb_clusters) * sizeof(uint16_t));
                     }

qcow2: Silence covscan for g_realloc() result

Commit Message

Comments

Patch