Message ID | 1403027874-27274-1-git-send-email-mreitz@redhat.com |
---|---|
State | New |
Headers | show |
Il 17/06/2014 19:57, Max Reitz ha scritto: > g_realloc() returns NULL iff zero bytes are requested. Covscan therefore > reports a possible NULL pointer dereference, however, this is not > applicable here, as nb_clusters is guaranteed to be non-zero. > > In order to (hopefully) silence covscan, assert that the result of > g_realloc() is truly non-NULL. > > Signed-off-by: Max Reitz <mreitz@redhat.com> > --- > See https://bugzilla.redhat.com/show_bug.cgi?id=1102409 for covscan's > output. > --- > block/qcow2-refcount.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c > index 9507aef..4b81077 100644 > --- a/block/qcow2-refcount.c > +++ b/block/qcow2-refcount.c > @@ -1579,6 +1579,7 @@ int qcow2_check_refcounts(BlockDriverState *bs, BdrvCheckResult *res, > nb_clusters = (new_offset >> s->cluster_bits) + 1; > refcount_table = g_realloc(refcount_table, > nb_clusters * sizeof(uint16_t)); > + assert(refcount_table); > memset(&refcount_table[old_nb_clusters], 0, (nb_clusters > - old_nb_clusters) * sizeof(uint16_t)); > } > -- Please use a model like scripts/coverity-model.c to silence this and other errors. Paolo
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 9507aef..4b81077 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -1579,6 +1579,7 @@ int qcow2_check_refcounts(BlockDriverState *bs, BdrvCheckResult *res, nb_clusters = (new_offset >> s->cluster_bits) + 1; refcount_table = g_realloc(refcount_table, nb_clusters * sizeof(uint16_t)); + assert(refcount_table); memset(&refcount_table[old_nb_clusters], 0, (nb_clusters - old_nb_clusters) * sizeof(uint16_t)); }
g_realloc() returns NULL iff zero bytes are requested. Covscan therefore reports a possible NULL pointer dereference, however, this is not applicable here, as nb_clusters is guaranteed to be non-zero. In order to (hopefully) silence covscan, assert that the result of g_realloc() is truly non-NULL. Signed-off-by: Max Reitz <mreitz@redhat.com> --- See https://bugzilla.redhat.com/show_bug.cgi?id=1102409 for covscan's output. --- block/qcow2-refcount.c | 1 + 1 file changed, 1 insertion(+)