From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57323)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1XVE68-0005xG-Lt
	for qemu-devel@nongnu.org; Sat, 20 Sep 2014 02:24:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paolo.bonzini@gmail.com>) id 1XVE5z-0002to-LK
	for qemu-devel@nongnu.org; Sat, 20 Sep 2014 02:24:44 -0400
Sender: Paolo Bonzini <paolo.bonzini@gmail.com>
Message-ID: <541D1D9A.6020100@redhat.com>
Date: Sat, 20 Sep 2014 08:24:26 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
MIME-Version: 1.0
References: <1411171901-13792-1-git-send-email-akong@redhat.com>
In-Reply-To: <1411171901-13792-1-git-send-email-akong@redhat.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] qom: suppress conscan warning of returning
	null point
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Amos Kong <akong@redhat.com>, qemu-trivial@nongnu.org
Cc: qemu-devel@nongnu.org, afaerber@suse.de, jen@redhat.com, aliguori@amazon.com

Il 20/09/2014 02:11, Amos Kong ha scritto:
> Conscan complains about g_malloc0() and malloc() return null.
> 
>   Error: NULL_RETURNS (CWE-476):
>   qemu-kvm/qom/object.c:239: returned_null: Function "g_malloc0(gsize)" returns null.
>   qemu-kvm/qom/object.c:239: var_assigned: Assigning: "ti->class" = null return value from "g_malloc0(gsize)".
>   qemu-kvm/qom/object.c:249: dereference: Dereferencing a null pointer "ti->class".
> 
> But if the passed size parameter is >= 1, then we can always get an
> effective pointer, the warning disappears.

The model should handle it:

void *
g_malloc0(size_t n_bytes)
{
    void *mem;
    __coverity_negative_sink__(n_bytes);
    mem = calloc(1, n_bytes == 0 ? 1 : n_bytes);
    if (!mem) __coverity_panic__();
    return mem;
}

So this patch means your coverity runs are misconfigured.

Paolo