[Qemu-devel] [PATCH] qom: suppress conscan warning of returning null point

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] qom: suppress conscan warning of returning null point
@ 2014-09-20  0:11 Amos Kong
  2014-09-20  2:41 ` Gonglei (Arei)
  2014-09-20  6:24 ` Paolo Bonzini
  0 siblings, 2 replies; 4+ messages in thread
From: Amos Kong @ 2014-09-20  0:11 UTC (permalink / raw)
  To: qemu-trivial; +Cc: jen, afaerber, aliguori, qemu-devel

Conscan complains about g_malloc0() and malloc() return null.

  Error: NULL_RETURNS (CWE-476):
  qemu-kvm/qom/object.c:239: returned_null: Function "g_malloc0(gsize)" returns null.
  qemu-kvm/qom/object.c:239: var_assigned: Assigning: "ti->class" = null return value from "g_malloc0(gsize)".
  qemu-kvm/qom/object.c:249: dereference: Dereferencing a null pointer "ti->class".

But if the passed size parameter is >= 1, then we can always get an
effective pointer, the warning disappears.

Signed-off-by: Amos Kong <akong@redhat.com>
---
 qom/object.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/qom/object.c b/qom/object.c
index da0919a..0fbf2df 100644
--- a/qom/object.c
+++ b/qom/object.c
@@ -252,6 +252,7 @@ static void type_initialize(TypeImpl *ti)
     ti->class_size = type_class_get_size(ti);
     ti->instance_size = type_object_get_size(ti);
 
+    g_assert(ti->class_size != 0);
     ti->class = g_malloc0(ti->class_size);
 
     parent = type_get_parent(ti);
@@ -424,6 +425,7 @@ Object *object_new_with_type(Type type)
     g_assert(type != NULL);
     type_initialize(type);
 
+    g_assert(type->instance_size != 0);
     obj = g_malloc(type->instance_size);
     object_initialize_with_type(obj, type->instance_size, type);
     obj->free = g_free;
-- 
1.9.3

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] qom: suppress conscan warning of returning null point
  2014-09-20  0:11 [Qemu-devel] [PATCH] qom: suppress conscan warning of returning null point Amos Kong
@ 2014-09-20  2:41 ` Gonglei (Arei)
  2014-09-20  6:24 ` Paolo Bonzini
  1 sibling, 0 replies; 4+ messages in thread
From: Gonglei (Arei) @ 2014-09-20  2:41 UTC (permalink / raw)
  To: Amos Kong, qemu-trivial@nongnu.org
  Cc: qemu-devel@nongnu.org, afaerber@suse.de, jen@redhat.com,
	aliguori@amazon.com

> Subject: [Qemu-devel] [PATCH] qom: suppress conscan warning of returning null
> point
> 
> Conscan complains about g_malloc0() and malloc() return null.
> 
>   Error: NULL_RETURNS (CWE-476):
>   qemu-kvm/qom/object.c:239: returned_null: Function "g_malloc0(gsize)"
> returns null.
>   qemu-kvm/qom/object.c:239: var_assigned: Assigning: "ti->class" = null
> return value from "g_malloc0(gsize)".
>   qemu-kvm/qom/object.c:249: dereference: Dereferencing a null pointer
> "ti->class".
> 
> But if the passed size parameter is >= 1, then we can always get an
> effective pointer, the warning disappears.
> 
> Signed-off-by: Amos Kong <akong@redhat.com>
> ---
>  qom/object.c | 2 ++
>  1 file changed, 2 insertions(+)
> 

Reviewed-by: Gonglei <arei.gonglei@huawei.com>

Best regards,
-Gonglei

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] qom: suppress conscan warning of returning null point
  2014-09-20  0:11 [Qemu-devel] [PATCH] qom: suppress conscan warning of returning null point Amos Kong
  2014-09-20  2:41 ` Gonglei (Arei)
@ 2014-09-20  6:24 ` Paolo Bonzini
  2014-09-22  6:35   ` Markus Armbruster
  1 sibling, 1 reply; 4+ messages in thread
From: Paolo Bonzini @ 2014-09-20  6:24 UTC (permalink / raw)
  To: Amos Kong, qemu-trivial; +Cc: qemu-devel, afaerber, jen, aliguori

Il 20/09/2014 02:11, Amos Kong ha scritto:
> Conscan complains about g_malloc0() and malloc() return null.
> 
>   Error: NULL_RETURNS (CWE-476):
>   qemu-kvm/qom/object.c:239: returned_null: Function "g_malloc0(gsize)" returns null.
>   qemu-kvm/qom/object.c:239: var_assigned: Assigning: "ti->class" = null return value from "g_malloc0(gsize)".
>   qemu-kvm/qom/object.c:249: dereference: Dereferencing a null pointer "ti->class".
> 
> But if the passed size parameter is >= 1, then we can always get an
> effective pointer, the warning disappears.

The model should handle it:

void *
g_malloc0(size_t n_bytes)
{
    void *mem;
    __coverity_negative_sink__(n_bytes);
    mem = calloc(1, n_bytes == 0 ? 1 : n_bytes);
    if (!mem) __coverity_panic__();
    return mem;
}

So this patch means your coverity runs are misconfigured.

Paolo

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Qemu-devel] [PATCH] qom: suppress conscan warning of returning null point
  2014-09-20  6:24 ` Paolo Bonzini
@ 2014-09-22  6:35   ` Markus Armbruster
  0 siblings, 0 replies; 4+ messages in thread
From: Markus Armbruster @ 2014-09-22  6:35 UTC (permalink / raw)
  To: Paolo Bonzini
  Cc: jen, qemu-trivial, qemu-devel, aliguori, Amos Kong, afaerber

Paolo Bonzini <pbonzini@redhat.com> writes:

> Il 20/09/2014 02:11, Amos Kong ha scritto:
>> Conscan complains about g_malloc0() and malloc() return null.

s/Conscan/Coverity/, both here and in subject.

>> 
>>   Error: NULL_RETURNS (CWE-476):
>>   qemu-kvm/qom/object.c:239: returned_null: Function
>> "g_malloc0(gsize)" returns null.
>>   qemu-kvm/qom/object.c:239: var_assigned: Assigning: "ti->class" =
>> null return value from "g_malloc0(gsize)".
>>   qemu-kvm/qom/object.c:249: dereference: Dereferencing a null
>> pointer "ti->class".
>> 
>> But if the passed size parameter is >= 1, then we can always get an
>> effective pointer, the warning disappears.
>
> The model should handle it:
>
> void *
> g_malloc0(size_t n_bytes)
> {
>     void *mem;
>     __coverity_negative_sink__(n_bytes);
>     mem = calloc(1, n_bytes == 0 ? 1 : n_bytes);
>     if (!mem) __coverity_panic__();
>     return mem;
> }
>
> So this patch means your coverity runs are misconfigured.

Yes.  I'm not sure we want the assertions anyway.

I use the following options with cov-analyze:

    -co BAD_FREE:allow_first_field:true
    -co DEADCODE:no_dead_default:true
    --security
    --concurrency
    --user-model-file scripts/coverity-model.xmldb
    --derived-model-file ~/work/glib/glib-2.38.2.xmldb

where glib-2.38.2.xmldb is produced by "cov-collect-models --dir cov -of
glib-2.32.4.xmldb" after a full Coverity scan of glib.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2014-09-22  6:35 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-09-20  0:11 [Qemu-devel] [PATCH] qom: suppress conscan warning of returning null point Amos Kong
2014-09-20  2:41 ` Gonglei (Arei)
2014-09-20  6:24 ` Paolo Bonzini
2014-09-22  6:35   ` Markus Armbruster

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).