Message ID | 1411171901-13792-1-git-send-email-akong@redhat.com |
---|---|
State | New |
Headers | show |
> Subject: [Qemu-devel] [PATCH] qom: suppress conscan warning of returning null > point > > Conscan complains about g_malloc0() and malloc() return null. > > Error: NULL_RETURNS (CWE-476): > qemu-kvm/qom/object.c:239: returned_null: Function "g_malloc0(gsize)" > returns null. > qemu-kvm/qom/object.c:239: var_assigned: Assigning: "ti->class" = null > return value from "g_malloc0(gsize)". > qemu-kvm/qom/object.c:249: dereference: Dereferencing a null pointer > "ti->class". > > But if the passed size parameter is >= 1, then we can always get an > effective pointer, the warning disappears. > > Signed-off-by: Amos Kong <akong@redhat.com> > --- > qom/object.c | 2 ++ > 1 file changed, 2 insertions(+) > Reviewed-by: Gonglei <arei.gonglei@huawei.com> Best regards, -Gonglei
Il 20/09/2014 02:11, Amos Kong ha scritto: > Conscan complains about g_malloc0() and malloc() return null. > > Error: NULL_RETURNS (CWE-476): > qemu-kvm/qom/object.c:239: returned_null: Function "g_malloc0(gsize)" returns null. > qemu-kvm/qom/object.c:239: var_assigned: Assigning: "ti->class" = null return value from "g_malloc0(gsize)". > qemu-kvm/qom/object.c:249: dereference: Dereferencing a null pointer "ti->class". > > But if the passed size parameter is >= 1, then we can always get an > effective pointer, the warning disappears. The model should handle it: void * g_malloc0(size_t n_bytes) { void *mem; __coverity_negative_sink__(n_bytes); mem = calloc(1, n_bytes == 0 ? 1 : n_bytes); if (!mem) __coverity_panic__(); return mem; } So this patch means your coverity runs are misconfigured. Paolo
Paolo Bonzini <pbonzini@redhat.com> writes: > Il 20/09/2014 02:11, Amos Kong ha scritto: >> Conscan complains about g_malloc0() and malloc() return null. s/Conscan/Coverity/, both here and in subject. >> >> Error: NULL_RETURNS (CWE-476): >> qemu-kvm/qom/object.c:239: returned_null: Function >> "g_malloc0(gsize)" returns null. >> qemu-kvm/qom/object.c:239: var_assigned: Assigning: "ti->class" = >> null return value from "g_malloc0(gsize)". >> qemu-kvm/qom/object.c:249: dereference: Dereferencing a null >> pointer "ti->class". >> >> But if the passed size parameter is >= 1, then we can always get an >> effective pointer, the warning disappears. > > The model should handle it: > > void * > g_malloc0(size_t n_bytes) > { > void *mem; > __coverity_negative_sink__(n_bytes); > mem = calloc(1, n_bytes == 0 ? 1 : n_bytes); > if (!mem) __coverity_panic__(); > return mem; > } > > So this patch means your coverity runs are misconfigured. Yes. I'm not sure we want the assertions anyway. I use the following options with cov-analyze: -co BAD_FREE:allow_first_field:true -co DEADCODE:no_dead_default:true --security --concurrency --user-model-file scripts/coverity-model.xmldb --derived-model-file ~/work/glib/glib-2.38.2.xmldb where glib-2.38.2.xmldb is produced by "cov-collect-models --dir cov -of glib-2.32.4.xmldb" after a full Coverity scan of glib.
diff --git a/qom/object.c b/qom/object.c index da0919a..0fbf2df 100644 --- a/qom/object.c +++ b/qom/object.c @@ -252,6 +252,7 @@ static void type_initialize(TypeImpl *ti) ti->class_size = type_class_get_size(ti); ti->instance_size = type_object_get_size(ti); + g_assert(ti->class_size != 0); ti->class = g_malloc0(ti->class_size); parent = type_get_parent(ti); @@ -424,6 +425,7 @@ Object *object_new_with_type(Type type) g_assert(type != NULL); type_initialize(type); + g_assert(type->instance_size != 0); obj = g_malloc(type->instance_size); object_initialize_with_type(obj, type->instance_size, type); obj->free = g_free;
Conscan complains about g_malloc0() and malloc() return null. Error: NULL_RETURNS (CWE-476): qemu-kvm/qom/object.c:239: returned_null: Function "g_malloc0(gsize)" returns null. qemu-kvm/qom/object.c:239: var_assigned: Assigning: "ti->class" = null return value from "g_malloc0(gsize)". qemu-kvm/qom/object.c:249: dereference: Dereferencing a null pointer "ti->class". But if the passed size parameter is >= 1, then we can always get an effective pointer, the warning disappears. Signed-off-by: Amos Kong <akong@redhat.com> --- qom/object.c | 2 ++ 1 file changed, 2 insertions(+)