test #1

avagin · 2015-09-25T15:48:07Z

No description provided.

test

CID 152114 (#1 of 1): Double close (USE_AFTER_FREE) 27. double_close: Calling try_clean_remaps(int) closes handle mnt_ns_fd which has already been closed.

CID 152112 (#1 of 1): Missing break in switch (MISSING_BREAK) unterminated_case: The case for value 4 is not terminated by a 'break' statement.

CID 152110 (#1 of 1): Logically dead code (DEADCODE) dead_error_line: Execution cannot reach this statement: goto out;.

CID 152109 (#1 of 1): Logical vs. bitwise operator (CONSTANT_EXPRESSION_RESULT)

CID 152112 (#1 of 1): Missing break in switch (MISSING_BREAK) unterminated_case: The case for value 4 is not terminated by a 'break' statement. Signed-off-by: Andrew Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

CID undefined (#1 of 1): Resource leak (RESOURCE_LEAK) 10. leaked_storage: Variable rm going out of scope leaks the storage it points to.

CID 84652 (#1 of 1): Resource leak (RESOURCE_LEAK) 6. leaked_handle: Handle variable newfd going out of scope leaks the handle.

CID undefined (#1 of 1): Resource leak (RESOURCE_LEAK) 10. leaked_storage: Variable rm going out of scope leaks the storage it points to.

CID 84652 (#1 of 1): Resource leak (RESOURCE_LEAK) 6. leaked_handle: Handle variable newfd going out of scope leaks the handle.

CID undefined (#1 of 1): Resource leak (RESOURCE_LEAK) 10. leaked_storage: Variable rm going out of scope leaks the storage it points to. Signed-off-by: Andrew Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

CID 84652 (#1 of 1): Resource leak (RESOURCE_LEAK) 6. leaked_handle: Handle variable newfd going out of scope leaks the handle. Signed-off-by: Andrew Vagin <avagin@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

CID 154850 (#1 of 1): Resource leak (RESOURCE_LEAK) 9. leaked_handle: Handle variable cwd_fd going out of scope leaks the handle. Reported-by: coverity

CID 154852 (#1 of 3): Resource leak (RESOURCE_LEAK) 32. leaked_storage: Variable info going out of scope leaks the storage it points to. Reported-by: coverity

CID 154853 (#1 of 1): Uninitialized scalar variable (UNINIT) 7. uninit_use_in_call: Using uninitialized value c when calling write. Reported-by: coverity

CID 154850 (#1 of 1): Resource leak (RESOURCE_LEAK) 9. leaked_handle: Handle variable cwd_fd going out of scope leaks the handle. Reported-by: coverity

CID 154852 (#1 of 3): Resource leak (RESOURCE_LEAK) 32. leaked_storage: Variable info going out of scope leaks the storage it points to. Reported-by: coverity

CID 154853 (#1 of 1): Uninitialized scalar variable (UNINIT) 7. uninit_use_in_call: Using uninitialized value c when calling write. Reported-by: coverity

CID 154852 (#1 of 3): Resource leak (RESOURCE_LEAK) 32. leaked_storage: Variable info going out of scope leaks the storage it points to. Reported-by: coverity Signed-off-by: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

CID 154850 (#1 of 1): Resource leak (RESOURCE_LEAK) 9. leaked_handle: Handle variable cwd_fd going out of scope leaks the handle. Reported-by: coverity Signed-off-by: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

CID 154853 (#1 of 1): Uninitialized scalar variable (UNINIT) 7. uninit_use_in_call: Using uninitialized value c when calling write. Reported-by: coverity Signed-off-by: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

It's used to restore bind-mounts. For example, we cat the common part of bind-mounts: Core was generated by `criu restore -vvvv --file-locks --tcp-established --evasive-devices --manage-cg'. Program terminated with signal 11, Segmentation fault. 741 BUG_ON(target_root[tok] == '\0'); (gdb) bt #0 0x000000000045eef2 in cut_root_for_bind (target_root=0x1e00f20 "/", source_root=0x1e04910 "/vzt/del/vzctl-rm-me.X99UVU8/.criu.cgyard.D5Dfcv/zdtmtst/") at mount.c:741 #1 0x000000000045f594 in do_bind_mount (mi=mi@entry=0x1e00dd0) at mount.c:2035 #2 0x000000000045fd02 in do_mount_one (mi=0x1e00dd0) at mount.c:2191 #3 0x000000000046241f in mnt_tree_for_each (fn=0x45fc80 <do_mount_one>, start=0x1e044d0) at mount.c:1759 #4 populate_mnt_ns () at mount.c:2729 #5 prepare_mnt_ns () at mount.c:2843 #6 0x000000000045a3c3 in prepare_namespace (item=0x7fe10b9ce050, clone_flags=2080505856) at namespaces.c:1311 #7 0x000000000043383e in restore_task_with_children (_arg=0x7ffd0f7faae0) at cr-restore.c:1535 #8 0x00007fe10acb41ad in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 https://jira.sw.ru/browse/PSBM-41932 Reported-by: Virtuozzo QA Team

CID 157804 (#1 of 1): Missing varargs init or cleanup (VARARGS) 16. missing_va_end: va_end was not called for tmp. Reported-by: Mr Coverity

CID 157801 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS) 19. negative_returns: fd is passed to a parameter that cannot be negative.

CID 157800 (#1 of 1): Missing break in switch (MISSING_BREAK) unterminated_case: The case for value 1071 is not terminated by a 'break' statement.

CID 192963 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) dup(sk) is passed to a parameter that cannot be negative. Signed-off-by: Adrian Reber <areber@redhat.com>

CID 192961 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS) sockfd is passed to a parameter that cannot be negative. Signed-off-by: Adrian Reber <areber@redhat.com>

CID 178391 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS) sk is passed to a parameter that cannot be negative. Signed-off-by: Adrian Reber <areber@redhat.com>

CID 92720 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS) pfd is passed to a parameter that cannot be negative. CID 92747 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS) pfd is passed to a parameter that cannot be negative. Signed-off-by: Adrian Reber <areber@redhat.com>

CID 73378 (#1 of 1): Argument cannot be negative (NEGATIVE_RETURNS) sk is passed to a parameter that cannot be negative. Signed-off-by: Adrian Reber <areber@redhat.com>

CID 192968 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) dup(fd) is passed to a parameter that cannot be negative. [show details] Signed-off-by: Adrian Reber <areber@redhat.com>

CID 181217 (#1 of 1): Explicit null dereferenced (FORWARD_NULL) Passing null pointer mntns to mntns_get_root_fd, which dereferences it. Signed-off-by: Adrian Reber <areber@redhat.com>

CID 73358 (#1 of 1): Improper use of negative value (NEGATIVE_RETURNS) sk is passed to a parameter that cannot be negative. Signed-off-by: Adrian Reber <areber@redhat.com>

CID 302713 (#1 of 1): Missing varargs init or cleanup (VARARGS) va_end was not called for argptr. Signed-off-by: Adrian Reber <areber@redhat.com>

@adrianreber

coverity CID 389202: 54int ext_mount_add(char *key, char *val) 55{ 56 char *e_str; 57 1. alloc_fn: Storage is returned from allocation function malloc. 2. var_assign: Assigning: ___p = storage returned from malloc(strlen(key) + strlen(val) + 8UL). 3. Condition !___p, taking false branch. 4. leaked_storage: Variable ___p going out of scope leaks the storage it points to. 5. var_assign: Assigning: e_str = ({...; ___p;}). 58 e_str = xmalloc(strlen(key) + strlen(val) + 8); 6. Condition !e_str, taking false branch. 59 if (!e_str) 60 return -1; ... 7. noescape: Resource e_str is not freed or pointed-to in sprintf. 73 sprintf(e_str, "mnt[%s]:%s", key, val); 8. noescape: Resource e_str is not freed or pointed-to in add_external. [show details] CID 389202 (#1 of 1): Resource leak (RESOURCE_LEAK)9. leaked_storage: Variable e_str going out of scope leaks the storage it points to. 74 return add_external(e_str); 75} We need to free e_str after add_external used it. v2: use cleanup_free attribute (@adrianreber) Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>

@adrianreber

coverity CID 389194: 1238static int dump_one_task(struct pstree_item *item, InventoryEntry *parent_ie) 1239{ ... 1245 struct cr_imgset *cr_imgset = NULL; ... 11. alloc_fn: Storage is returned from allocation function cr_task_imgset_open. [show details] 12. var_assign: Assigning: cr_imgset = storage returned from cr_task_imgset_open(vpid(item), 577). 1355 cr_imgset = cr_task_imgset_open(vpid(item), O_DUMP); 13. Condition !cr_imgset, taking false branch. 1356 if (!cr_imgset) 1357 goto err_cure; 1358 ... 25. Condition opts.lazy_pages, taking false branch. 1427 if (opts.lazy_pages) 1428 ret = compel_cure_remote(parasite_ctl); 1429 else 1430 ret = compel_cure(parasite_ctl); 26. Condition ret, taking true branch. 1431 if (ret) { 1432 pr_err("Can't cure (pid: %d) from parasite\n", pid); 27. Jumping to label err. 1433 goto err; 1434 } ... 1448 close_cr_imgset(&cr_imgset); 1449 exit_code = 0; 1450err: 1451 close_pid_proc(); 1452 free_mappings(&vmas); 1453 xfree(dfds); CID 389194 (#1 of 1): Resource leak (RESOURCE_LEAK)28. leaked_storage: Variable cr_imgset going out of scope leaks the storage it points to. 1454 return exit_code; 1455 1456err_cure: 1457 close_cr_imgset(&cr_imgset); 1458err_cure_imgset: 1459 ret = compel_cure(parasite_ctl); 1460 if (ret) 1461 pr_err("Can't cure (pid: %d) from parasite\n", pid); 1462 goto err; 1463} On compel_cure() error path we do not do close_cr_imgset() thich leads to leaked cr_imgset, let's move corresponding close_cr_imgset below err label. Also now we can merge remove close_cr_imgset() in err_cure label as it goes to err label later anyway. Separate err_cure_imgset label is not needed as close_cr_imgset() is ready for cr_imgset == NULL. v2: remove excess close_cr_imgset() in label err_cure (@adrianreber) Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>

coverity CID 389205: 452int dump_tun_link(NetDeviceEntry *nde, struct cr_imgset *fds, struct nlattr **info) 453{ ... 458 struct tun_link *tl; ... 2. alloc_fn: Storage is returned from allocation function get_tun_link_fd. [show details] 3. var_assign: Assigning: tl = storage returned from get_tun_link_fd(nde->name, nde->peer_nsid, tle.flags). 475 tl = get_tun_link_fd(nde->name, nde->peer_nsid, tle.flags); 4. Condition !tl, taking false branch. 476 if (!tl) 477 return ret; 478 479 tle.vnethdr = tl->dmp.vnethdr; 480 tle.sndbuf = tl->dmp.sndbuf; 481 482 nde->tun = &tle; CID 389205 (#1 of 1): Resource leak (RESOURCE_LEAK)5. leaked_storage: Variable tl going out of scope leaks the storage it points to. 483 return write_netdev_img(nde, fds, info); 484} Function get_tun_link_fd() can both return tun_link entry from tun_links list and a newly allocated one. So we should not free entry if it is from list and should free it when it is a new one to fix leak. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>

coverity CID 389193: CID 389193 (#1 of 1): Printf format string issue (PW.BAD_PRINTF_FORMAT_STRING) 1. bad_printf_format_string: invalid format string conversion 598 pr_warn("Can't stat socket %#x(%s), skipping: %m (err %d)\n", id, rpath, errno); Specifier "%#x" is wrong for id as it is of type uint32_t, let's change it to "%#" PRIx32 "" to fix the problem. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>

coverity CID 389192: 550static int parse_join_ns(const char *ptr) 551{ ... 553 char *ns; 554 1. alloc_fn: Storage is returned from allocation function strdup. 2. var_assign: Assigning: ___p = storage returned from strdup(ptr). 3. Condition !___p, taking false branch. 4. leaked_storage: Variable ___p going out of scope leaks the storage it points to. 5. var_assign: Assigning: ns = ({...; ___p;}). 555 ns = xstrdup(ptr); 6. Condition ns == NULL, taking false branch. 556 if (ns == NULL) 557 return -1; 558 7. noescape: Resource ns is not freed or pointed-to in strchr. 559 aux = strchr(ns, ':'); 8. Condition aux == NULL, taking true branch. 560 if (aux == NULL) CID 389192 (#1 of 1): Resource leak (RESOURCE_LEAK)9. leaked_storage: Variable ns going out of scope leaks the storage it points to. 561 return -1; We should free ns string after we finish it's use in parse_join_ns, easiest way to do it is to use cleanup_free attribute. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>

coverity CID 389187: 3193int veth_pair_add(char *in, char *out) 3194{ 3195 char *e_str; 3196 1. alloc_fn: Storage is returned from allocation function malloc. 2. var_assign: Assigning: ___p = storage returned from malloc(200UL). 3. Condition !___p, taking false branch. 4. leaked_storage: Variable ___p going out of scope leaks the storage it points to. 5. var_assign: Assigning: e_str = ({...; ___p;}). 3197 e_str = xmalloc(200); /* For 3 IFNAMSIZ + 8 service characters */ 6. Condition !e_str, taking false branch. 3198 if (!e_str) 3199 return -1; 7. noescape: Resource e_str is not freed or pointed-to in snprintf. 3200 snprintf(e_str, 200, "veth[%s]:%s", in, out); 8. noescape: Resource e_str is not freed or pointed-to in add_external. [show details] CID 389187 (#1 of 1): Resource leak (RESOURCE_LEAK)9. leaked_storage: Variable e_str going out of scope leaks the storage it points to. 3201 return add_external(e_str); 3202} We should free e_str string after we finish it's use in veth_pair_add, easiest way to do it is to use cleanup_free attribute. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>

coverity CID 389190: 1538int inherit_fd_add(int fd, char *key) 1539{ 1540 struct inherit_fd *inh; ... 2. alloc_fn: Storage is returned from allocation function malloc. 3. var_assign: Assigning: ___p = storage returned from malloc(32UL). 4. Condition !___p, taking false branch. 5. leaked_storage: Variable ___p going out of scope leaks the storage it points to. 6. var_assign: Assigning: inh = ({...; ___p;}). 1548 inh = xmalloc(sizeof *inh); 7. Condition inh == NULL, taking false branch. 1549 if (inh == NULL) 1550 return -1; 1551 ... 9. Condition !___p, taking true branch. 1555 inh->inh_id = xstrdup(key); 10. Condition inh->inh_id == NULL, taking true branch. 1556 if (inh->inh_id == NULL) CID 389190 (#1 of 1): Resource leak (RESOURCE_LEAK)11. leaked_storage: Variable inh going out of scope leaks the storage it points to. 1557 return -1; We should free inh on inh_id allocation error path in inherit_fd_add. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>

coverity CID 389191: int unix_sk_id_add(unsigned int ino) 2327{ 2328 char *e_str; 2329 1. alloc_fn: Storage is returned from allocation function malloc. 2. var_assign: Assigning: ___p = storage returned from malloc(20UL). 3. Condition !___p, taking false branch. 4. leaked_storage: Variable ___p going out of scope leaks the storage it points to. 5. var_assign: Assigning: e_str = ({...; ___p;}). 2330 e_str = xmalloc(20); 6. Condition !e_str, taking false branch. 2331 if (!e_str) 2332 return -1; 7. noescape: Resource e_str is not freed or pointed-to in snprintf. 2333 snprintf(e_str, 20, "unix[%u]", ino); 8. noescape: Resource e_str is not freed or pointed-to in add_external. [show details] CID 389191 (#1 of 1): Resource leak (RESOURCE_LEAK)9. leaked_storage: Variable e_str going out of scope leaks the storage it points to. 2334 return add_external(e_str); 2335} We should free e_str string after we finish it's use in unix_sk_id_add, easiest way to do it is to use cleanup_free attribute. Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>

coverity CID 389197: CID 389197 (#1 of 1): Invalid printf format string (PRINTF_ARGS) format_error: Length modifier L not applicable to conversion specifier in %Lu. [show details] 284 pr_err("Incompatible uffd API: expected %Lu, got %Lu\n", UFFD_API, uffdio_api.api); Looking on C11 standard it seems that "%Lu" is undefined, we better not use this, see: "L Specifies that a following a, A, e, E, f, F, g, or G conversion specifier applies to a long double argument." http://port70.net/~nsz/c/c11/n1570.html#7.21.6.1p7 Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>

@adrianreber

coverity CID 389202: 54int ext_mount_add(char *key, char *val) 55{ 56 char *e_str; 57 1. alloc_fn: Storage is returned from allocation function malloc. 2. var_assign: Assigning: ___p = storage returned from malloc(strlen(key) + strlen(val) + 8UL). 3. Condition !___p, taking false branch. 4. leaked_storage: Variable ___p going out of scope leaks the storage it points to. 5. var_assign: Assigning: e_str = ({...; ___p;}). 58 e_str = xmalloc(strlen(key) + strlen(val) + 8); 6. Condition !e_str, taking false branch. 59 if (!e_str) 60 return -1; ... 7. noescape: Resource e_str is not freed or pointed-to in sprintf. 73 sprintf(e_str, "mnt[%s]:%s", key, val); 8. noescape: Resource e_str is not freed or pointed-to in add_external. [show details] CID 389202 (#1 of 1): Resource leak (RESOURCE_LEAK)9. leaked_storage: Variable e_str going out of scope leaks the storage it points to. 74 return add_external(e_str); 75} We need to free e_str after add_external used it. v2: use cleanup_free attribute (@adrianreber) Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>

@adrianreber